IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v12y2020i8p3163-d345457.html
   My bibliography  Save this article

Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

Author

Listed:
  • Amanda M. Y. Chu

    (Department of Social Sciences, The Education University of Hong Kong, Hong Kong, China)

  • Mike K. P. So

    (Department of Information Systems, Business Statistics and Operations Management, The Hong Kong University of Science and Technology, Hong Kong, China)

Abstract

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

Suggested Citation

  • Amanda M. Y. Chu & Mike K. P. So, 2020. "Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective," Sustainability, MDPI, vol. 12(8), pages 1-25, April.
    • Handle: RePEc:gam:jsusta:v:12:y:2020:i:8:p:3163-:d:345457
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/12/8/3163/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/12/8/3163/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Myeonggil Choi, 2016. "Leadership of Information Security Manager on the Effectiveness of Information Systems Security for Secure Sustainable Computing," Sustainability, MDPI, vol. 8(7), pages 1-21, July.
    2. Chia-Lee Yang & Benjamin J. C. Yuan & Chi-Yo Huang, 2015. "Key Determinant Derivations for Information Technology Disaster Recovery Site Selection by the Multi-Criterion Decision Making Method," Sustainability, MDPI, vol. 7(5), pages 1-40, May.
    3. Yoav Vardi & Yoash Wiener, 1996. "Misbehavior in Organizations: A Motivational Framework," Organization Science, INFORMS, vol. 7(2), pages 151-165, April.
    4. Shiann Ming Wu & Dongqiang Guo & Yenchun Jim Wu & Yung Chang Wu, 2018. "Future Development of Taiwan’s Smart Cities from an Information Security Perspective," Sustainability, MDPI, vol. 10(12), pages 1-18, November.
    5. David E. M. Sappington, 1991. "Incentives in Principal-Agent Relationships," Journal of Economic Perspectives, American Economic Association, vol. 5(2), pages 45-66, Spring.
    6. Jarvis, Cheryl Burke & MacKenzie, Scott B & Podsakoff, Philip M, 2003. "A Critical Review of Construct Indicators and Measurement Model Misspecification in Marketing and Consumer Research," Journal of Consumer Research, Journal of Consumer Research Inc., vol. 30(2), pages 199-218, September.
    7. John D’Arcy & Anat Hovav, 2009. "Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures," Journal of Business Ethics, Springer, vol. 89(1), pages 59-71, May.
    8. Amanda Chu & Patrick Chau & Mike So, 2015. "Explaining the Misuse of Information Systems Resources in the Workplace: A Dual-Process Approach," Journal of Business Ethics, Springer, vol. 131(1), pages 209-225, September.
    9. Mihaela Muntean & Laurenţiu Dijmărescu, 2018. "Sustainable Implementation of Access Control," Sustainability, MDPI, vol. 10(6), pages 1-9, May.
    10. Francis Hannafey & Lawrence Vitulano, 2013. "Ethics and Executive Coaching: An Agency Theory Approach," Journal of Business Ethics, Springer, vol. 115(3), pages 599-603, July.
    11. Heath, Joseph, 2009. "The Uses and Abuses of Agency Theory," Business Ethics Quarterly, Cambridge University Press, vol. 19(4), pages 497-528, October.
    12. Myeonggil Choi & Changhan Lee, 2015. "Information Security Management as a Bridge in Cloud Systems from Private to Public Organizations," Sustainability, MDPI, vol. 7(9), pages 1-20, August.
    13. Sea-Jin Chang & Arjen van Witteloostuijn & Lorraine Eden, 2010. "From the Editors: Common method variance in international business research," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 41(2), pages 178-184, February.
    14. Moberg, Dennis J., 1997. "On Employee Vice," Business Ethics Quarterly, Cambridge University Press, vol. 7(4), pages 41-60, October.
    15. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    16. Jensen, Michael C. & Meckling, William H., 1976. "Theory of the firm: Managerial behavior, agency costs and ownership structure," Journal of Financial Economics, Elsevier, vol. 3(4), pages 305-360, October.
    17. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    18. Michael C. Jensen, 1994. "Self‐Interest, Altruism, Incentives, And Agency Theory," Journal of Applied Corporate Finance, Morgan Stanley, vol. 7(2), pages 40-45, June.
    19. Naresh K. Malhotra & Sung S. Kim & Ashutosh Patil, 2006. "Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research," Management Science, INFORMS, vol. 52(12), pages 1865-1883, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Amanda M. Y. Chu & Connie K. W. Liu & Mike K. P. So & Benson S. Y. Lam, 2021. "Factors for Sustainable Online Learning in Higher Education during the COVID-19 Pandemic," Sustainability, MDPI, vol. 13(9), pages 1-16, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yajiong Xue & Huigang Liang & Liansheng Wu, 2011. "Punishment, Justice, and Compliance in Mandatory IT Settings," Information Systems Research, INFORMS, vol. 22(2), pages 400-414, June.
    2. Amanda M. Y. Chu & Mike K. P. So & Ray S. W. Chung, 2018. "Applying the Randomized Response Technique in Business Ethics Research: The Misuse of Information Systems Resources in the Workplace," Journal of Business Ethics, Springer, vol. 151(1), pages 195-212, August.
    3. Claus Dierksmeier, 2020. "From Jensen to Jensen: Mechanistic Management Education or Humanistic Management Learning?," Journal of Business Ethics, Springer, vol. 166(1), pages 73-87, September.
    4. Raymond O. S. Zaal & Ronald J. M. Jeurissen & Edward A. G. Groenland, 2019. "Organizational Architecture, Ethical Culture, and Perceived Unethical Behavior Towards Customers: Evidence from Wholesale Banking," Journal of Business Ethics, Springer, vol. 158(3), pages 825-848, September.
    5. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    6. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    7. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    8. Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
    9. Candace Martinez & J. Bowen, 2013. "The Ethical Challenges of the UN’s Clean Development Mechanism," Journal of Business Ethics, Springer, vol. 117(4), pages 807-821, November.
    10. Ansgar Richter & Susanne Schrader, 2017. "Levels of Employee Share Ownership and the Performance of Listed Companies in Europe," British Journal of Industrial Relations, London School of Economics, vol. 55(2), pages 396-420, June.
    11. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    12. Arnold, Ulli & Neubauer, Joerg & Schoenherr, Tobias, 2012. "Explicating factors for companies’ inclination towards corruption in Operations and supply chain management: An exploratory study in Germany," International Journal of Production Economics, Elsevier, vol. 138(1), pages 136-147.
    13. Gupta, Manjul & George, Joey F. & Xia, Weidong, 2019. "Relationships between IT department culture and agile software development practices: An empirical investigation," International Journal of Information Management, Elsevier, vol. 44(C), pages 13-24.
    14. Morteza Ghobakhloo & Masood Fathi, 2019. "Modeling the Success of Application-Based Mobile Banking," Economies, MDPI, vol. 7(4), pages 1-21, November.
    15. Wang, Sen & Bogle, Tim & van Kooten, G. Cornelis, 2012. "Forestry and the New Institutional Economics," Working Papers 130818, University of Victoria, Resource Economics and Policy.
    16. Mehrdad Vahabi, 1999. "From Walrasian General Equilibrium to Incomplete Contracts: Making Sense of Institutions," Post-Print halshs-03704424, HAL.
    17. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    18. Renneboog, Luc & Vansteenkiste, Cara, 2017. "Leveraged Buyouts : A Survey of the Literature," Discussion Paper 2017-015, Tilburg University, Center for Economic Research.
    19. Hepola, Janne & Leppäniemi, Matti & Karjaluoto, Heikki, 2020. "Is it all about consumer engagement? Explaining continuance intention for utilitarian and hedonic service consumption," Journal of Retailing and Consumer Services, Elsevier, vol. 57(C).
    20. Sumantra Sarkar & Anthony Vance & Balasubramaniam Ramesh & Menelaos Demestihas & Daniel Thomas Wu, 2020. "The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context," Information Systems Research, INFORMS, vol. 31(4), pages 1240-1259, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:12:y:2020:i:8:p:3163-:d:345457. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.