| Enterprise’s information protection faced with new challenges influenced by theapplication of information technology especially the network technology. Threating theeconomic benefits of organizations, information security problem has always been a keyfocus of organization. Employees’ violation of information security system, leading thefailure of safety protection measures, has become a major source of information securityproblem. In order to ensure information security inside the organization and regulate theemployees’ behavior of using information system, we need to clearly understand the reasonwhy employees violate the information system policies. Therefore, the main purpose of thisstudy is to identify the affecting factors of employees’ violate behavior in informationsecurity and analyze their effect mechanism.In this paper, by reviewing the previous research on information security violationbehavior, we made a definition of information security violation behavior. It means that theend user of information system (i.e., organize employee) does not comply with the policiesof information security system or procedures to protect information security. Through theresearch of criminology, behavioral science and related theories, we established thetheoretical model of this study based on rational choice theory, combining the techniques ofneutralization theory and environmental factors. We collected data through questionnaire,used SPSS17.0and smartPLS software to analysis them, tested whether the theory modelsupposed was reasonable. After modifying the model according to the results of theempirical analysis, we got the influence factors model of employees’ violation behavior ininformation security. Then, we analyzed the action mechanism of factors based on S-O-Rmodel which is always used to analyze individual behavior. Finally using the fuzzyDEMATEL method, action mechanism between factors was analyzed.By the above analysis, this paper got the following main conclusions: perceivedbenefits, perceptive punishment certainty, techniques of neutralization, and colleaguedeviation behavior will positively affect employee’s violation of information securitypolicies. Under the moderator effect of moral belief and self-control, punishment severityhas significant negative impact on the employee’s violation intention. But only under thefunction of moderator variable, perceptive punishment severity have a significant impact onintentions. This result in some way explains the conflict of deterrence theory research in thefield of information security. Through the analysis of action mechanism among the factors,we found that self-control, moral beliefs, and techniques of neutralization are the three factors that need to pay more attention to. Every factors affect behavior through certainpsychological reaction. The results of this paper not only enriches the research ofinformation security field, but also provides a certain reference for managers to regulate theviolation behavior of employees in information security. |
PDF Full Text Request