Empirical Analysis of Leadership and Social Learning Effects on Employees' Information Security Behaviour. Masterarbeit



Similar documents
A Process Model for Data Warehouses Integration to Enable Business Intelligence: An Applicability Check for the Airline Sector.

Implementation requirements for knowledge management components into ERP Systems: Comparison of software producers and companies

Affiliate Marketing Technology, Opportunities and Challenges

Thema: Hybrid IT-Project Management: Design, Application and Analysis

Evaluation of Selection Methods for Global Mobility Management Software

Boom and Bust Cycles in Scientific Literature A Toolbased Big-Data Analysis

E-Commerce Opportunities for a Commercial Vehicle Industry System Supplier. Bachelorarbeit

Comparing Social Media Sites: A Facebook Case Study about Employer Branding. Bachelorarbeit

Requirements and Challenges for the Migration from EDIFACT-Invoices to XML-Based Invoices. Master Thesis

Analysis of Business Models for Electric Vehicles Usage

Cost-Benefit Analysis of Videoconferencing and Telepresence Systems in Virtual Project Environments: a Holistic Approach. D i p l o m a r b e i t

Smartphone Integration in the Car IT: User Acceptance of Phone-Centric Car Connectivity Solutions

Quantifying the Influence of Volatile Renewable Electricity Generation on EEX Spotmarket Prices using Artificial Neural Networks.

Effort Estimation of Software Development Projects with Neural Networks

Employee Compliance with Information Systems Security Policy in Retail Industry. Case: Store Level Employees

How Direct and Vicarious Experience Promotes Security Hygiene

Employees Information Security Awareness and Behavior: A Literature Review

Information Security Awareness: Its Antecedents and Mediating Effects on Security Compliant Behavior

Studies on Employees Information Security Awareness

Customer Intimacy Analytics

Targeted Advertising and Consumer Privacy Concerns Experimental Studies in an Internet Context

THE IMPACT OF SECURITY PRACTICES ON REGULATORY COMPLIANCE AND SECURITY PERFORMANCE 1

TOWARDS A NEEDS ASSESSMENT PROCESS MODEL FOR SECURITY, EDUCATION, TRAINING AND AWARENESS PROGRAMS: AN ACTION DESIGN RESEARCH STUDY

Cyber security in the workplace: Understanding and promoting behaviour change

THE ROLE OF SMALL MANUFACTURING ENTERPRISES IN SUSTAINABLE REGIONAL DEVELOPMENT

Self-Efficacy in the Workplace: Implications for Motivation and Performance

Regulations of Access and Admission to the Postgraduate Master's Degree Programme "Water Resources and Environmental Management

Registration must be carried out by a top executive or a number of executives having the power to commit the whole company in the EU.

Three Contributions to Experimental Economics

What is the psychological contract and does it matter?

An Enterprise Modeling Framework for Banks using. Algebraic Graph Transformation

JOB DESCRIPTION. Regional Human Resources Manager (RHRM) Department/Region/Section: Human Resources Based at North Region, Leeds RHQ

The Role of Situational Factors and Personality on Cybersecurity Policy Violation

Research Article An Integrative Behavioral Model of Information Security Policy Compliance

Multi-Channel Distribution Strategies in the Financial Services Industry

Meta-knowledge - a success factor for computer-supported organizational learning in companies

Contents. Before you begin. How to work through this learner guide Assessment. Introduction: Developing and managing performance management processes

Identify questions to answer and problems to resolve 2.1; 3.1

Guidelines for the practical study semester Faculty of Mechatronics and Electrical Engineering

Influencing employees compliance behavior towards Information Security Policy

Financial Services Core Competences

Measures for improving information security management in organisations: the impact of training and awareness programmes

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

Manager, Procurement and Contracts

CAM Diploma (Level 4)

Executive Communication: 3-day course

Pathways out of Insolvency

JE PANEL/BENCHMARKING REF NO: 867/4 EVALUATION DATE:

UNDERSTANDING EXPLORATORY USE

NATIONAL TRANSFER OF INFORMATION. Process and guidance for medical students, graduates, and Foundation Programme applicants

13. Identifying stakeholders and their 1relevance

Regina Egetenmeyer, Susanne Lattke

The psychological contract

All-Wales Ward Sister-Charge Nurse Development Programme

Disciplinary Policy and Procedure

AGE DISCRIMINATION. Summary of the law on

POSITION DESCRIPTION. Enrolled Nurse Adult Rehabilitation & Health of Older Persons

Leadership Styles and Information Security Compliance Behavior: The Mediator Effect of Information Security Awareness

Understanding and Measuring Information Security Culture in Developing Countries: Case of Saudi Arabia

Characterization of Microemulsions using Small Angle Scattering Techniques

Bachelor of International Sales and Marketing Management Professionsbachelor i international handel og markedsføring

White Paper. Beyond Reputation Measurement: Using Reputation to Create Value. Kevin Money and Carola Hillenbrand

Professional Diploma in Marketing

The Role of Management Control to Australian SME s Sales Effectiveness

EFFECT OF ROLE-PLAY AS A FORMATIVE ASSESSMENT TECHNIQUE ON JOB PERFORMANCE

on the transfer of personal data from the European Union

POSITION DESCRIPTION. Web Content Manager

UNIVERSITY OF LINCOLN JOB DESCRIPTION. JOB NUMBER CSS016 GRADE 8 DATE May 2015 CONTEXT

Quality Policy. JRI Orthopaedics Limited

Boston University Security Camp

Conceptualising and Modelling Virtual Experience for the Online Retailer: The 3D Technology

Mercury Solutions India in association with Edexcel UK, offering. 2 years HND Diploma in Business through Online Mode.

Head of Delivery Operations (Head of Academy)

ITEC Level 3. Unit Client Care and Communication in Beauty Related Industries. Recommended minimum guided learning hours 28

Transcription:

Empirical Analysis of Leadership and Social Learning Effects on Employees' Information Security Behaviour Masterarbeit zur Erlangung des akademischen Grades Master of Science (M.Sc.) im Studiengang Wirtschaftswissenschaft der Wirtschaftswissenschaftlichen Fakultät der Leibniz Universität Hannover vorgelegt von Name: Vogel Vorname: Vanessa Geb. am: 03.08.1989 in: Langenhagen Prüfer: Prof. Dr. Michael H. Breitner Hannover, den 19. September 2014

Table of Contents List of Figures... III List of Tables... III List of Abbreviations... IV 1. Introduction...1 2. State of the Art...3 2.1 Literature Analysis... 3 2.2 Transformational Leadership... 11 2.3 Social Learning Theory... 16 2.4 Combining Transformational Leadership and Social Learning Theory... 21 3. Research Model and Hypothesis Generation... 23 4. Research Design... 31 4.1 Data Collection... 31 4.2 Data Analysis... 35 5. Results... 48 5.1 Results from the Exploratory Factor Analysis... 48 5.2 Results from the Structural Equation Modeling... 50 6. Discussion and Implications for Research and Practice... 54 7. Limitations... 59 8. Conclusion and Outlook... 61 List of References... V Appendix... XVII Declaration of own Work... XLII Page II of XLII

1. Introduction 1. Introduction Information security represents a topic with increasing interest (Boss, Kirsch, Angermeier, Shingle and Boss, 2009, p. 151). Especially the variety of laws and regulations require the save handling of information and data and force an increased attention towards information security (Warketin, Johnston and Shropshire, 2011, p. 267). Information security regulations are a burden to employees and employer (Warketin et al., 2011, p. 267). Breaching information protection can cause serious consequences for organisations. Its reputation can suffer and information security breaches can cause enormous costs (Warketin et al., 2011, p. 268; Bulgurcu, Cavusoglu and Benbasat, 2010, p. 524; D Arcy, Hovav and Galetta, 2009, p. 79). Information security is part of the key priorities of the top management. Their interest consists in reducing the risk towards information security (Bulgurcu et al., 2010, p. 524). In order to reduce the risk of information security breaches, organisations tend to use technological solutions and neglect the human risk factor. The mere use of technological solutions is not enough to sufficiently achieve information security because employees represent the major security risk (Bulgurcu et al., 2010, p. 524; Siponen and Vance, 2010, p. 487; Vroom and von Solms, 2004, p. 193). For that reason, it is interesting and important at the same time to examine human behaviour to find out which factors can work affecting in this respect. Normally, organisations provide information security policies which contain essential behavioural rules in order to obtain a save handling of information (D Arcy et al., 2009; Bulgurcu et al., 2010, p. 524). Problems arise when employees are unaware of such information security policies or uncertain in handling the measures included in the policies (Karjalainen and Siponen, 2011, p. 519). The socio-organisational resource which contains the compliance of information security policies by employees is subject to growing interest in practice and research (Bulgurcu et al., 2010, p. 524). For the research, theories from different research fields are used to investigate employees information security behaviour (Bulgurcu et al., 2010, p. 524; Lebek, Uffen, Neumann, Hohler and Breitner, 2013, p. 3). The foundations for this study represent the theory of transformational leadership introduced by Bass (1985) and the social learning theory introduced by Bandura (1977). In prior research, transformational leadership was identified as positively influencing employees behaviour in order to enhance their performance level beyond expectations (e.g. Cavazotte, Moreno and Bernardo, 2013). Furthermore, assump- Page 1 of 62

1. Introduction tions about external cues of the informal social learning environment were confirmed in prior research regarding their positive influence on security behavioural intentions (Warketin et al., 2011). Based on that, the aim of this study is to identify possible factors that can be used to positively influence employees self-efficacy in order to increase their behavioural intentions towards information security compliance and participation. For this study, as possible factors, the dimensions of transformational leadership and the external cues, present within the informal social learning environment of employees, are used. The informal social learning environment represents the counterpart to the formal learning which entails Security Education, Training and Awareness (SETA) programmes (Warketin et al., 2011, p. 268). In the context of this study, information security behavioural intentions are divided into security compliance and participation intention, adapted from the research field of workplace safety. Security compliance intention describes the observance of only the minimum of information security requirements at the organisation to maintain information security. Security participation intention, however, refers to behaviour that goes beyond meeting the information security requirements (Innes, Turner, Barling and Stride, 2010, p. 279; Clark and Ward, 2006, p. 1176; Neal and Griffin, 2006, p. 947). For the following research question, a research model was developed and empirically analysed: RQ: How do transformational leadership and an informal social learning environment influence employees security behaviour? The study is structured as follows: In Chapter 2, the present state of research is shown. Furthermore, the underlying theories (transformational leadership and social learning theory) are represented and the justification for a joint analysis of both theories is given. Chapter 3 entails the research model and hypothesis generation. Following that, the research design is represented in Chapter 4, including the data collection process and the data analysis. In Chapter 5, the results of this study are represented. The results are separated into results from the exploratory factor analysis and results from the structural equation modeling. Afterwards, the results are discussed in Chapter 6. Chapter 7 shows the limitations of this study and in Chapter 8 the conclusion is drawn and an outlook for future research is given. Page 2 of 62

8. Conclusion and Outlook 8. Conclusion and Outlook The results of this study contribute to the knowledge in the field of employees information security behaviour. In a first attempt in research, the dimensions of transformational leadership and social learning theory were jointly examined in order to analyse their impact on employees self-efficacy. Self-efficacy in this regard describes employees beliefs in their ability to comply with information security policies. By using self-efficacy as a mediating variable, the indirect impact of transformational leadership and social learning theory on security compliance and participation intention were examined. In particular, leadership receives increasing attention in information security context where technical solutions alone are not sufficient. The obligations to ensure information security, imposed by laws and regulations, bring companies to take all measures necessary to enhance employees information security performance. The human factor bears great risk in this regard. Therefore, it is important to investigate possible influential factors that can enhance employees compliance behaviour. The study could not prove a relation between the dimensions of transformational leadership and self-efficacy and thus no indirect influence on security compliance and participation intention. The influence of the external cues of the informal social learning environment on self-efficacy was mainly proven. Since the positive influence of self-efficacy on security compliance and participation intention was confirmed, the indirect influence of the external cues on employees behavioural intentions was confirmed as well. In this respect, several managerial implications were derived in order to enhance employees security performance. Security Education, Training and Awareness (SETA) programmes represent an important measure to increase employees awareness of the importance of information security and to train employees in the execution of the security policies. In addition to trainings, the influential factors, present in the informal social learning environment of employees, can be used. It is advisable that all necessary working resources are available to employees which enable or facilitate the compliance with security policies (situational support). Further, experienced employees can serve as object of observation. Inexperienced employees should get the opportunity to observe their colleagues comply with the security policies in order to learn from them (vicarious experience). Although a positive influence of verbal persuasion on selfefficacy was not confirmed, feedback can be supportive to assess employees capabilities and to point out the importance of compliant behaviour. Ultimately, the working environ- Page 61 of 62

8. Conclusion and Outlook ment has to be organised so that it can positively influence employees self-efficacy to enhance their information security performance. In future research it could be interesting to examine this study cross-culturally in order to achieve generalisability of results and to compare across different cultural settings. It would also be interesting to analyse the relation between transformational leadership and selfefficacy more deeply which seems to be a very complex relation. Therefore, further interaction effects could be considered. Additional antecedents that influence employees selfefficacy could be integrated into the model. In this study, only transformational leadership was analysed. For future research, transactional leadership as exogenous variable should be considered as well. Besides, one could consider further mediating variables that link the relation between the exogenous variables such as leadership and elements within the workplace environment and employees behavioural intentions towards information security. In addition, it would be interesting to think of further elements within the working environment. Page 62 of 62

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information