通过培养承诺增强用户的安全参与:心理需求满足的作用

Enhancing users’ security engagement through cultivating commitment: the role of psychological needs fulfilment

European Journal of Information Systems · 2021
被引 24
ABS 4

中文导读

本研究基于自我决定理论,探讨了满足员工自主、胜任和归属需求如何培养其对组织信息安全的内在承诺,进而驱动安全行为意图,对信息安全管理者有参考价值。

Abstract

Employee behaviour is fundamental to corporate information security (InfoSec) capabilities across the phases of prevention, detection, and response. Unfortunately, despite over a decade of research on the topic, the human aspect of security remains the most vulnerable in many companies today, often rooted in employee disinterest. Two traditions within the InfoSec research that may contribute to this disconnect are 1) emphasis on extrinsic manipulation of behaviour versus cultivation of internalised commitment to organisational InfoSec and 2) emphasis on isolated activities over more integrated perspectives of security behaviour. Addressing these gaps, the current study examines end user InfoSec behaviour through a distinct internal motivational lens. Rooted in Self-Determination Theory, a research model is introduced that highlights workplace factors which drive end users’ internalised commitment to organisational InfoSec by fulfiling fundamental psychological needs (autonomy, competence, and relatedness) within this context. Commitment, which captures internally regulated motivation to contribute to organisational InfoSec performance, is then positioned as a driver of intention to engage in various security behaviours. Overall, the results support the study’s hypotheses and underscore the important roles perceived behavioural control, IT competence, and user-IS department relations have on commitment to organisational InfoSec and resultant behavioural outcomes.

信息安全员工行为自我决定理论心理需求组织承诺