Believe It or Not

Hung-Pin Shih, Kee-hung Lai, Xitong Guo, T. Cheng, Xitong Guo

OAI: oai:igi-global.com:294329 • DOI: 10.4018/JGIM.294329

Most theories of information security policy (ISP), except a few focused on the insider-centric view, are grounded in the control-centric perspective, and most ISP compliance models stem from Western countries. Regulatory focus theory (RFT) proposes two modes of motivational regulation, promotion and prevention focused that are supposed to motivate employee compliance in a trade-off. Culture is crucial to the study of ISP that puts control over human connections. Chinese guanxi, a specific dimension of Chinese culture, is better understood underlying the trust-distrust frame. To bridge the theoretical gap between the control-centric and the insider-centric perspectives, we develop an ISP behavioral model by taking an integrated approach from RFT and the trust-distrust frame. We employed scenario-based events about information security misconduct in the workplace to examine employees’ compliance intention and non-violation choice of ISP upon counterfactual thinking. Our empirical results improve the theoretical and practical implications of security practices.

Global Information Technology Computer Science and Information Technology IT Research and Theory