As information becomes perceived as a core asset of organization, the importance of information management continuously grows, and organizations strictly adapt and apply various information technology and security policies for adaption for managing an ...
As information becomes perceived as a core asset of organization, the importance of information management continuously grows, and organizations strictly adapt and apply various information technology and security policies for adaption for managing and controlling important information (AlHogail, 2015). In fact, the global market for information security system is expected grow from US$75.4 billion in 2015 to US$170 billion by 2020 (Gartner, 2015).
When specialized security system is adapted, although stable information security management and control is possible by strictly acting on the degree of information security required by organization, negative aspect also arises in which employees, who actually use system, receive increased amount of stress (D’Arcy et al. 2014). Information security technology prevents external invasions such as hacking, and requires additional security related process behavior in order to prevent security threat that can occur while performing individual work.
For instance, security department requires security related additional behaviors with individual work such as in advance certification of use with individual hardware (PC, USB, and etc.), installment and operation of strict security program, documentation based on information security policy, continuous backing-up of information, and etc. Since most employees are not experts in the field of information security technology and information management, the higher the degree of technology adapted in organization gets, the more technology related stress on fear and uncertainty on using the technology employees form (Tarafdar et al. 2007).
Brod (1982) called the stress that occurs due to difficulty and fear of using technology, which occurs to employees that use organization’s complex technology, as “technostress”. When the technology used in organization suddenly changes or becomes more complex, employees form fear on using the technology and this is turned into technostress (Ragu Nathan et al., 2008). In the relationship between organization and employees, previous researches on employees’ stress present that stress caused by organization’s environment and conditions is a cause for employees avoiding organization’s goal, and as a result, stress reduces individual and organizational performance. In short, previous researches on technostress present the importance of organization’s strategic behavior for reducing stress since organization’s technology environment forms employees’ stress.
However, in terms of employees who apply the technology and processes based on organization’s security policy at work, a lack of research is observed on employees’ role stress, which is the negative aspect of information security, that can occur due to established information security environmental conditions. In other words, although stress is an antecedent which has negative influence on information security compliance, more in-depth research is required on the areas of the type of stress caused by information security activities and its influence on security compliance, areas in need of efforts by organization in order to reduce role stress, moderation methods based on individual coping style on the negative influence by security related role stress.
The purpose of this research is to present the types of security related role stress which has negative influence on employees’ information security compliance intention, and present the method for decreasing security related role stress in terms of organization and employees. In order to achieve the purpose of the research, we have the following detail research purposes. First, we derive detail types of role stress (role ambiguity and role conflict) related to information security which occurs to employees that act on information security policy via stress related previous researches, and verify that role stress decreases compliance intention. Second, based on the previous research which claims that individual stress can be minimized based on the type of goal setting, we present the hypothesis claiming that policy goal setting will decrease security related role stress, and verify that goal difficulty and goal specificity, which are attributes of security goal setting, decrease role stress. Third, in employees’ caused role stress having negative influence on compliance intention, based on previous research, we assume that it will be regulated based on employees’ coping type, and we present task coping and emotion coping based on stress-coping related previous research, and verify whether individual coping can decrease the reduction of compliance intention by role stress.
This research presents following indications. First, by verifying that organization’s security environment and condition, in employees’ work, causes stress and has negative influence on compliance intention, presents method for information security department to apprehend the possibility of security related role stress when establishing security policy. Second, by verifying that organization’s security policy goal setting decreases employees’ security related role stress, presents method for presenting security goal that can be accepted and understood by employees when planning security policy. Last, by verifying that the influence on compliance intention can be regulated based on employees’ stress coping type, presents organizational supporting directions for employees to establish coping type adequate to security.