It is widely agreed that employees’ noncompliance with information security policies (ISP) is still a major problem for organizations. In order to understand the factors that reduce employees’ ISP noncompliance, previous studies have focused on stressful security demands that consequently aggravate noncompliance, and tangible job resources to promote compliance. However, how security demands encourage employees to comply and how intangible resources affect employees’ ISP noncompliance have been largely overlooked. In this study, we posit and argue that challenge security demands and intangible psychological resources can help promote employees’ ISP compliance. Drawing on the Job Demands- Resources Model and the theory of psychological resource, we specifically examine the roles of continuity demand, mandatory demand as challenge security demands, and felt trust, professional development and personal resource as psychological resources in influencing employees’ ISP noncompliance. The proposed model is validated by survey data from 224 employees. The theoretical and practical contributions are also discussed.
Li, Ying; Zhang, Nan; and Pan, Ting, "Understanding the Roles of Challenge Security Demands, Psychological Resources in Information Security Policy Noncompliance" (2018). PACIS 2018 Proceedings. 123.