组织控制对信息安全遵从行为的影响上下级关系与组织承诺的调节作用

The Impact of Organizational Control on Information Security Compliance Behavior:The Moderating Effects of Supervisor-Subordinate Guanxi and Organizational Commitment

随着企业员工误用信息系统与数据泄露事件的不断发生,如何确保员工的信息安全遵从已经成为信息安全管理中新的挑战。基于遵从理论和社会交换理论,本文从上下级关系和组织承诺的视角出发,探究了组织控制对员工信息安全遵从行为的影响机制。本研究采用问卷调研的方法收集了310份有效数据,使用PLS方法对研究模型进行分析检验。结果发现:惩罚期望对员工的信息安全遵从行为有显著的正向作用,然而奖励期望对遵从行为的主效应是不显著的;上下级关系在奖励期望与信息安全遵从行为之间起到正向的调节作用,对与上级关系好的员工而言,奖励期望对遵从行为的激励作用更为显著;组织承诺不仅对信息安全遵从行为有显著的正向作用,还在奖励期望与遵从行为,以及惩罚期望与遵从行为之间有负向的调节作用,奖励与惩罚都对组织承诺水平低的员工更有效果。在中国的组织情境下,本研究深入揭示了组织控制中的奖励与惩罚对员工信息安全遵从行为的影响机理,并为信息安全管理的制度设计与优化提供了决策建议。

With the frequent occurrence of organizational insiders’misuse of information systems and data breaches,it has been a new challenge for information security management to ensure employees’information security compliance.Drawing upon compliance theory and social exchange theory,this paper investigates the impact of organizational control on information security compliance behavior from the perspective of supervisor-subordinate guanxi and organizational commitment.We conduct a survey and 310 valid samples are collected,and the PLS method is applied to test the research model.Results indicate that punishment expectancy positively affects information security compliance behavior,whereas the main effect of reward expectancy on compliance behavior is not significant.Supervisor-subordinate guanxi positively moderates the relationship between reward expectancy and compliance behavior,which means that reward expectancy is a stronger determinant of compliance behavior when employees have high-quality guanxi with their supervisors.Organizational commitment not only has a positive effect on compliance behavior,but also plays a negative moderating role in the relationship between reward expectancy and compliance behavior,as well as the relationship between punishment expectancy and compliance behavior.Both reward and punishment expectancy have more positive impacts on low-commitment employees’compliance behavior than they do for high-commitment employees.In the organizational context of China,this study reveals the working mechanisms of reward and punishment of organizational control in encouraging employees’information security compliance behavior and provides suggestions for the system design and optimization of information security management.