Value conflicts and information security – a mixed-methods study in high-risk industry

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Kristina Gyllensten ◽  
Anders Pousette ◽  
Marianne Törner

Purpose The purpose of this study is to investigate the influence of work-related value conflicts on information security in two organisations in nuclear power production and related industry. Design/methodology/approach A mixed-methods design was applied. Individual interviews were conducted with 24 employees of two organisations in Sweden and questionnaire data on information security climate were collected from 667 employees (62%) in the same two organisations. Findings The qualitative part of the study identified five different types of value conflicts influencing information security behaviour. The quantitative part of the study found that value conflicts relating to information security had a negative relationship with rule-compliant behaviour. The opposite was found for participative security behaviour where there was a positive relationship with value conflicts. A high climate of information security was positively related to both rule-compliant and participative information security behaviour. It also moderated the effect of value conflicts on compliant information security behaviour. Originality/value This paper highlights organisational contextual conditions that influence employees’ motivation and ability to manage value conflicts relating to information security in a high-risk industry. It also enables a better understanding of the influence of the information security climate on information security in the presence of value conflicts in this type of industry.

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Kristina Gyllensten ◽  
Marianne Torner

PurposeThe aim of this study was to explore the organizational and social prerequisites for employees' participative and rule-compliant information security behaviour in Swedish nuclear power production and its related industry. These industries are high-risk activities that must be meticulously secured. Protecting the information security in the related organizations is an essential aspect of this.Design/methodology/approachIndividual in-depth interviews were conducted with 24 employees in two organizations within the nuclear power industry in Sweden.FindingsWe found that prerequisites for employees' participative and rule-compliant information security behaviour could be categorized into structural, social and individual aspects. Structural aspects included well-adapted rules, knowledge support and resources. Social aspects included a supportive organizational culture, collaboration and adequate resources, and individual aspects included individual responsibility.Originality/valueThe qualitative approach of the study provided comprehensive descriptions of the identified preconditions. The results may thus enable organizations to better promote conditions important for information security in a high-risk industry.


2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Yusuf Dinc ◽  
Rumeysa Bilgin

Purpose Firms prefer to have more than one bank relationship to secure the flow of funds for their operations, particularly in bank-based economies. On the other hand, banks lean toward expanding their customer base with firms already in the credit market. The purpose of this study is to investigate the effect of the number of bank relationships as a firm-specific determinant of capital structure and to discuss its impact on the banking sector. Design/methodology/approach A two-step system generalized method of the moments estimation method is used in this study. The sample comprises 213 Turkish non-financial, publicly listed firms with a positive shareholder’s value for the 2012–2017 period. Findings The findings show that the number of bank relationships increases the leverage of sample firms while the concentration in the banking sector decreases it. These rather intriguing findings are attributed to an under-the-counter credit policy that causes a high-risk shift and a curse of mainstream banks. Once the mainstream banks allocated credit to the firm, its credibility is consumed by the following banks, which is implied by the significantly negative relationship between bank concentration and firm leverage. This problem is defined as the mainstream bank curse in the study. Originality/value The previous literature focuses on the effects of the number of bank relationships on firm profitability, cost of debt and shareholder wealth. However, its impact on the capital structure has not yet been systematically investigated. To the authors’ knowledge, this is the first study to critically analyze the effect of the number of bank relationships on the capital structure. The findings will be of immense benefit to the banking sector and the regulatory bodies.


2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Bindu Gupta ◽  
Karen Yuan Wang ◽  
Wenjuan Cai

PurposeManaging tacit knowledge effectively and efficiently is a huge challenge for organizations. Based on the social exchange and self-determination theories, this study aims to explore the role of social interactions in motivating employees' willingness to share tacit knowledge (WSTK).Design/methodology/approachThe study used a survey approach and collected data from 228 employees in service and manufacturing organizations.FindingsInteractional justice and respectful engagement are positively related to WSTK. The perceived cost of tacit knowledge sharing (CostTKS) partially mediates the relationship between interactional justice and WSTK. Respectful engagement moderates the negative relationship between interactional justice and the perceived CostTKS.Research limitations/implicationsThe study advances the understanding of the role of social interaction in facilitating employee WSTK by integrating the direct and intermediate relationships involving the effect of supervisor's interactional justice and peers' respectful engagement and employee perceived CostTKS on WSTK.Practical implicationsThe findings have important practical implications for organizations as these suggest how organizations can help tacit knowledge holders experience less negative and more supportive behaviors when they engage in voluntary TKS.Originality/valueThis study examines the effect of both vertical and horizontal work-related interactions on perceived CostTKS and sequentially on WSTK, thereby extending existing literature.


2019 ◽  
Vol 28 (2) ◽  
pp. 383-398 ◽  
Author(s):  
Dirk De Clercq ◽  
Inam Ul Haq ◽  
Muhammad Umer Azeem

Purpose This paper aims to investigate how employees’ perceptions of psychological contract violation or sense of organizational betrayal, might diminish their job satisfaction, as well as how their access to two critical personal resources – emotion regulation skills and work-related self-efficacy – might buffer this negative relationship. Design/methodology/approach Two-wave survey data came from employees of Pakistani-based organizations. Findings Perceived contract violation reduces job satisfaction, but the effect is weaker at higher levels of emotion regulation skills and work-related self-efficacy. Practical implications For organizations, these results show that the frustrations that come with a sense of organizational betrayal can be contained more easily to the extent that their employees can draw from relevant personal resources. Originality/value This investigation provides a more complete understanding of when perceived contract violation will deplete employees’ emotional resources, in the form of feelings of happiness about their job situation. A sense of organizational betrayal is less likely to escalate into reduced job satisfaction when employees can control their negative emotions and feel confident about their work-related competencies.


2014 ◽  
Vol 37 (4) ◽  
pp. 367-384 ◽  
Author(s):  
Lisa M. Russell

Purpose – The purpose of this study is to analyze the relationship between stress and burnout in high-risk occupations and how leadership moderates this relationship. Thus, the primary research question addressed within this study is: What is the relationship between stress and burnout in high-risk occupations as governed by transformational leadership behavior? Design/methodology/approach – An analysis of primary data obtained by survey from 379 police officers from nine southern and southwestern agencies was conducted. Hierarchical regression analysis, multiple moderated hierarchical regression analysis, bivariate correlation analyses and other statistical methods are used. Findings – Results indicate police stress exacerbates perceived burnout. Transformational leadership influences this relationship such that high levels of perceived transformational leadership attenuates the negative relationship between stress and burnout, but less so under highly stressful conditions. Findings have strong implications for leaders in high-risk occupations where bureaucracy, departmental policy, and life and death decision-making intersect. Research limitations/implications – This study can be used as a basis for further inquiry into the effects of transformational leadership on individuals' perceptions of performance, behavioral and psychological criterion variables in high-risk occupations. Practical implications – The assessment of relationships among stress and burnout in high-risk occupational settings potentially allows managers to better understand how to structure supervisor-subordinate relationships in order to minimize the effects of stress on perceived burnout and provides a more realistic view of how individuals in high-risk occupations are influenced by leader behaviors under stressful conditions. Originality/value – This study is thought to be the only one to evaluate the moderated relationships among stress, transformational leadership and burnout in high-risk occupations characterized by increasingly stressful circumstances. More specifically, the notion that individuals in high-risk occupations perceive burnout differently than those in less-risky occupations is not prevalent in the literature.


2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Soohyun Lee ◽  
Zhiqing E. Zhou ◽  
Julan Xie ◽  
Hao Guo

PurposeWork-related use of information and communication technologies (ICTs) after hours can be potentially detrimental to employee well-being. In the current study, we examine whether psychological detachment mediates the link between work-related use of ICTs after hours and fatigue and whether affective commitment exacerbates this mediated relationship.Design/methodology/approachWe collected two waves of data from 295 employees in Vietnam, with 51% being female and an average age of 37.81 years old (SD = 7.93).FindingsWork-related use of ICTs after hours was positively related to employees' fatigue via psychological detachment. The negative relationship between work-related use of ICTs after hours and psychological detachment was stronger for employees with higher affective commitment.Practical implicationsOrganizations are encouraged to set policies and procedures to reduce work-related use of ICTs after hours to protect employee health; when work-related use of ICTs after hours is necessary, organizations should provide employees, especially those with higher affective commitment, with resources and strategies to better detach from this experience.Originality/valueOur findings contribute to the understanding of how work-related use of ICTs after hours might adversely affect employee well-being through psychological detachment and that more committed employees can be more affected in this process.


2018 ◽  
Vol 26 (2) ◽  
pp. 171-193 ◽  
Author(s):  
Miranda Kajtazi ◽  
Hasan Cavusoglu ◽  
Izak Benbasat ◽  
Darek Haftor

PurposeThis study aims to identify antecedents to noncompliance behavior influenced by decision contexts where investments in time, effort and resources are devoted to a task – referred to as a task unlikely to be completed without violating the organization’s information security policy (ISP).Design/methodology/approachAn empirical test of the suggested relationships in the proposed model was conducted through a field study using the survey method for data collection. Pre-tests, pre-study, main study and a follow-up study compose the frame of our methodology where more than 500 respondents are involved across different organizations.FindingsThe results confirm that the antecedents that explain the escalation of commitment behavior in terms of the effect of lost assets, such as time, effort and other resources, give us a new lens to understand noncompliance behavior; employees seem to escalate their commitments to the completion of their tasks at the expense of becoming noncompliant with ISP.Research limitations/implicationsOne of the key areas that requires further attention from this study is to better understand the role of risk perceptions on employee behavior when dealing with value conflicts. Depending on how risk-averse or risk seeking an employee is, the model showed no significant support in either case to influence their noncompliance behavior. The authors therefore argue that employees' noncompliance may be influenced by more powerful beliefs, such as self-justification and sunk costs.Practical implicationsThe results show that when employees are caught in tasks undergoing difficulties, they are more likely to increase noncompliance behavior. By understanding better how project obstacles result in such tasks, security managers can define new mechanisms to counter employees’ shift from compliance to noncompliance.Social implicationsApart from encouraging compliance with enforcement mechanisms (using direct behavioral controls like sanctions or rewards), indirect behavior controls may also encourage compliance. The authors suggest that the ISPs should state that the organization would take positive actions toward task completion and help their employees to resolve their problems quickly.Originality/valueThis study is the first to tackle escalation of commitment theories and use antecedents that explain the effect of lost assets, such as time, effort and other resources can also explain noncompliance with ISP in terms of the value conflicts, where employees would often choose to forego compliance at the expense of finishing their tasks.


2016 ◽  
Vol 34 (3) ◽  
pp. 471-487 ◽  
Author(s):  
Zhengbiao Han ◽  
Shuiqing Huang ◽  
Huan Li ◽  
Ni Ren

Purpose This paper uses the GB/T20984-2007 multiplicative method to assess the information security risk of a typical digital library in compliance with the principle and thought of ISO 27000. The purpose of this paper is to testify the feasibility of this method and provide suggestions for improving information security of the digital library. Design/methodology/approach This paper adopts convenience sampling to select respondents. The assessment of assets is through analyzing digital library-related business and function through a questionnaire which collects data to determine asset types and the importance of asset attributes. The five-point Likert scale questionnaire method is used to identify the threat possibility and its influence on the assets. The 12 respondents include directors and senior network technicians from the editorial department, comic library, children’s library, counseling department and the learning promotion centre. Three different Guttman scale questionnaires, tool testing and on-site inspection are combined to identify and assess vulnerabilities. There were different Guttman scale questionnaires for management personnel, technical personnel and general librarian. In all, 15 management librarians, 7 technical librarians and 72 ordinary librarians answered the vulnerability questionnaire. On-site inspection was conducted on the basis of 11 control domains of ISO 27002. Vulnerabilities were scanned using remote security evaluation system NSFOCUS. The scanning covered ten IP sections and a total of 81 hosts. Findings Overall, 2,792 risk scores were obtained. Among them, 282 items (accounting for 10.1 per cent of the total) reached the high risk level; 2 (0.1 per cent) reached the very high risk level. High-risk items involved 26 threat types (accounting for 44.1 per cent of all threat types) and 13 vulnerability types (accounting for 22.1 per cent of all vulnerability types). The evaluation revealed that this digital library faces seven major hidden dangers in information security. The assessment results were well accepted by staff members of this digital library, which testified to the applicability of this method to a Chinese digital library. Research limitations/implications This paper is only a case study of a typical Chinese digital library using a digital library information security assessment method. More case-based explorations are necessary to prove the feasibility of the assessing strategy proposed in this study. Originality/value Based on the findings of recent literature, the authors found that very few researchers have made efforts to develop methods for calculating the indicators for digital library information security risk assessment. On the basis of ISO 27000 and other related information security standards, this case study proposed an operable method of digital library information security risk assessment and used it to assess a the information security of a typical Chinese digital library. This study can offer insights for formulating a digital library information security risk assessment scale.


2018 ◽  
Vol 26 (2) ◽  
pp. 230-245 ◽  
Author(s):  
Alper Yayla ◽  
Yu Lei

PurposeThe purpose of this paper is to examine challenges multinational companies face during the diffusion of their information security policies. Parent companies use these policies as their discourse for legitimization of their practices in subsidiaries, which leads to value conflicts in subsidiaries. The authors postulate that, when properly crafted, information security policies can also be used to reduce the very conflicts they are creating.Design/methodology/approachThe proposed framework is conceptualized based on the review of literatures on multinational companies, information security policies and value conflict.FindingsThe authors identified three factors that may lead to value conflict in subsidiary companies: cultural distance, institutional distance and stickiness of knowledge. They offer three recommendations based on organizational discourse, ambidexterity and resource allocation to reduce value conflict.Research limitations/implicationsThe authors postulate that information security policies are the sources of value conflict in subsidiary companies. Yet, when crafted properly, these policies can also offer solutions to minimize value conflict.Practical implicationsThe proposed framework can be used to increase policy diffusion success, minimize value conflict and, in turn, decrease information security risk.Originality/valueThe growing literature on information security policy literature is yet to examine the diffusion of policies within multinational companies. The authors argue that information security policies are the source of, and solution to, value conflict in multinational companies.


2018 ◽  
Vol 26 (5) ◽  
pp. 533-550 ◽  
Author(s):  
Teodor Sommestad

PurposeIt is widely acknowledged that norms and culture influence decisions related to information security. The purpose of this paper is to investigate how work-related groups influence information security policy compliance intentions and to what extent this influence is captured by the Theory of Planned Behavior, an established model over individual decision-making.Design/methodology/approachA multilevel model is used to test the influence of work-related groups using a cluster sample of responses from 2,291 employees from 203 worksites, 119 organizations, 6 industries and 38 professions.FindingsThe results suggest that work-related groups influence individuals’ decision-making in the manner in which contemporary theories of information security culture posit. However, the influence is weak to modest and overshadowed by individual perceptions that are straightforward to measure.Research limitations/implicationsThis paper is limited to one national culture and four types of work-related groups. However, the results suggest that the Theory of Planned Behavior captures most of the influence that work-related groups have on decision-making. Future research on security culture and similar phenomena should take this into account.Practical implicationsInformation security perceptions in work-related groups are diverse and information security decisions appear to be based on individual perceptions and priorities rather than groupthink or peer-pressure. Security management interventions may be more effective if they target individuals rather than groups.Originality/valueThis paper tests some of the basic ideas related to information security culture and its influence on individuals’ decision-making.


Sign in / Sign up

Export Citation Format

Share Document