Internet security risks, the leading security threats confronting today’s organizations, often result from employees’ non-compliance with the Internet use policy (IUP). Extant studies on the compliance with security policies have largely ignored the impact of intrinsic motivations on employees’ compliance intention. This paper proposes a theoretical model that integrates an extrinsic sanction-based command-and-control approach with an intrinsic self-regulatory approach to examine employees’ IUP compliance intention. The self-regulatory approach centers on the effect of organizational justice and personal moral beliefs against Internet abuses. The results of this study suggest that the self-regulatory approach is more effective than the sanctionbased command-and-control approach. Organizational justice not only influences IUP compliance intention directly, but also indirectly through fostering favorable personal moral beliefs against Internet abuses.
Li, Han; Sarathy, Rathindra; and Zhang, Jie, "Understanding Compliance with Internet Use Policy: An Integrative Model Based on Command-and- Control and Self-Regulatory Approaches" (2010). ICIS 2010 Proceedings. 181.