A major concern in the context of information systems (IS) is the misuse of information systems security that has been increasing in recent years, and employees have been identified to be the weakest link in organizational information security (D'Arcy, Hovav et al. 2009). To address the issue of information security policy misuse, researchers developed different models to understand individual behaviors, including general deterrence theory, anti-neutralization theory, neutralization theory, protection motivation theory, theory of reasoned action. Information systems misuse is the erroneous use of information systems in the organization when employees do not comply with organizational information security policy (ISP). It includes noting down passwords, not logging off when absent, using information system devices for personal social chats, browsing, opening phishing emails without confirming, and downloading unlicensed software while working. The information system misuse behavior stated above are examples of workplace deviance. Workplace deviance is the intentional behavior that violates significant organizational requirements, resulting in a threat to the security of the organization or associated members or both (Green 2014). The goal of this study is to explore how core self-evaluation and work engagement affect the ISP misuse intention of employees in the context of information security policies. Core self-evaluation (CSE) is the conscious engagement of the self with a particular job-related task. It is a person’s ability to preserve resources from the evacuating effect of the work and to take advantage of the resources effectively (Judge 1997). Prior research suggests that lower CSE results in negative propensities of individuals which might lead to deviance at the workplace and having a higher CSE result in more positive propensities and lesser workplace deviance. Higher CSE individuals are more prone to have positive task outcomes that lower their ISP misuse intention. Conversely, lower CSE individuals tend to have more negative task outcomes, leading to higher ISP misuse intention. Work engagement is defined as the level of dedication that an employee has related to his work (Yoo and Lee 2019). The more dedicated an employee is to his work, the more driven he is to complete the work and meet the deadlines which could lead to a reduction in workplace deviance behavior. Previous studies have found a negative relationship between work engagement and workplace deviance. Higher work engagement of an individual leads to better allocation of time and resources to complete a task based on their availability (Demerouti 2011). Such individuals have a lower tendency to misuse information system policies. Individuals with lower work engagement, do not allocate time and resources effectively to complete a particular task as they might be more inclined to carry out IS misuse activities like chatting, web surfing, and browsing during office hours. This decreases the time to carry out their work task and increases the proclivity to download unlicensed software to speed up their task, which is an intention to misuse ISP.
Bonke, Chaitali and Xiao, Nan, "Effect of Work Engagement and Core Self Evaluation on Information System Misuse Intention" (2022). AMCIS 2022 TREOs. 68.