Start Date
11-12-2016 12:00 AM
Description
To increase information security awareness among their workforce and to achieve secure information systems (IS), decision-makers employ measures of information security, such as security policies or associated training and educational programs. However, these information security measures might also put stress on employees, so-called security-related stress, for instance, if they are perceived as difficult to understand, as an invasion of privacy, or if they give rise to conflicts of interest. While previous IS security research directly applies the existing concept of technostress to the security context, we develop and validate a more specific and holistic construct of security-related stress manifested in multidimensional stressors of individuals’ work, personal, and social environment. A first empirical test with 165 participants does not only confirm the newly identified sub-dimensions, but also shows mixed effects of the interrelated but distinct sub-dimensions of security-related stress on information security policy compliance intention.
Recommended Citation
Ament, Clara and Haag, Steffi, "How Information Security Requirements Stress Employees" (2016). ICIS 2016 Proceedings. 9.
https://aisel.aisnet.org/icis2016/ISSecurity/Presentations/9
How Information Security Requirements Stress Employees
To increase information security awareness among their workforce and to achieve secure information systems (IS), decision-makers employ measures of information security, such as security policies or associated training and educational programs. However, these information security measures might also put stress on employees, so-called security-related stress, for instance, if they are perceived as difficult to understand, as an invasion of privacy, or if they give rise to conflicts of interest. While previous IS security research directly applies the existing concept of technostress to the security context, we develop and validate a more specific and holistic construct of security-related stress manifested in multidimensional stressors of individuals’ work, personal, and social environment. A first empirical test with 165 participants does not only confirm the newly identified sub-dimensions, but also shows mixed effects of the interrelated but distinct sub-dimensions of security-related stress on information security policy compliance intention.