Psychology Research and Behavior Management (May 2022)
The Impact of Challenge Information Security Stress on Information Security Policy Compliance: The Mediating Roles of Emotions
Abstract
Lin Chen,1 Zongxiao Xie,2 Jie Zhen,3 Kunxiang Dong4 1College of Humanities and Law, Shandong University of Science and Technology, Qingdao, 266590, People’s Republic of China; 2China Financial Certification Authority, Beijing, 100054, People’s Republic of China; 3School of Management Science and Engineering, Chongqing Technology and Business University, Chongqing, 400067, People’s Republic of China; 4School of Management Science and Engineering, Shandong University of Finance and Economics, Jinan, 250014, People’s Republic of ChinaCorrespondence: Zongxiao Xie, China Financial Certification Authority, 20-3, South Street of Caishikou, Xicheng District, Beijing, 100054, People’s Republic of China, Tel +86 18901086108, Email [email protected]: Information security policy (ISP) compliance of employees has a profound impact on organization. In the context of information technology innovation and information systems upgrade, employees’ information security behavior is one of the most crucial elements in the information security management of organizations. Based on the two-dimensional model of challenge−hindrance stressor theory and affective events theory, this study explores the mediating effects of emotions on the relationship between challenge information security stress and ISP compliance.Methods: A field quasi-experimental method was used in this study. Materials include the Challenge Information Security Stress Scale, Information System Security Policy Compliance Scale, and Emotions Scale, which were used to form the two-stage questionnaire surveys. Data of 217 employees from three Chinese companies in Shanghai and Beijing that had passed certifications for information security management system (GB/t22080-2008/ISO/IEC 27001:2005) were collected. Bootstrapping method for multiple mediation models and the Process 3.0 plug-in of SPSS 20.0 were used for data analysis.Results: The findings indicate that challenge information security stress has a positive effect on ISP compliance. Challenge information security stress has a positive effect on positive emotions and a negative effect on negative emotions. Positive emotions have mediating effect between challenge information security stress and ISP compliance, but negative emotions have no mediating effect.Conclusion: The research results expand the research scope of challenging stress in the two-dimensional model of challenge−hindrance stressor theory in the context of organizational information security. The findings reveal the mediating effect of positive emotions in challenge information security stress and ISP compliance relationship, which provides empirical support for the application of positive psychology in the field of management.Keywords: challenge information security stress, information security policy compliance, positive emotions, negative emotions