组织控制对信息安全遵从行为的影响——上下级关系与组织承诺的调节作用

摘要/Abstract

摘要： 随着企业员工误用信息系统与数据泄露事件的不断发生，如何确保员工的信息安全遵从已经成为信息安全管理中新的挑战。基于遵从理论和社会交换理论，本文从上下级关系和组织承诺的视角出发，探究了组织控制对员工信息安全遵从行为的影响机制。本研究采用问卷调研的方法收集了310份有效数据，使用PLS方法对研究模型进行分析检验。结果发现：惩罚期望对员工的信息安全遵从行为有显著的正向作用，然而奖励期望对遵从行为的主效应是不显著的；上下级关系在奖励期望与信息安全遵从行为之间起到正向的调节作用，对与上级关系好的员工而言，奖励期望对遵从行为的激励作用更为显著；组织承诺不仅对信息安全遵从行为有显著的正向作用，还在奖励期望与遵从行为，以及惩罚期望与遵从行为之间有负向的调节作用，奖励与惩罚都对组织承诺水平低的员工更有效果。在中国的组织情境下，本研究深入揭示了组织控制中的奖励与惩罚对员工信息安全遵从行为的影响机理，并为信息安全管理的制度设计与优化提供了决策建议。

关键词: 上下级关系, 信息安全遵从行为, 组织承诺, 奖励期望, 惩罚期望

Abstract: With the frequent occurrence of organizational insiders’ misuse of information systems and data breaches, it has been a new challenge for information security management to ensure employees’ information security compliance. Drawing upon compliance theory and social exchange theory, this paper investigates the impact of organizational control on information security compliance behavior from the perspective of supervisor-subordinate guanxi and organizational commitment. We conduct a survey and 310 valid samples are collected, and the PLS method is applied to test the research model. Results indicate that punishment expectancy positively affects information security compliance behavior, whereas the main effect of reward expectancy on compliance behavior is not significant. Supervisor-subordinate guanxi positively moderates the relationship between reward expectancy and compliance behavior, which means that reward expectancy is a stronger determinant of compliance behavior when employees have high-quality guanxi with their supervisors. Organizational commitment not only has a positive effect on compliance behavior, but also plays a negative moderating role in the relationship between reward expectancy and compliance behavior, as well as the relationship between punishment expectancy and compliance behavior. Both reward and punishment expectancy have more positive impacts on low-commitment employees’ compliance behavior than they do for high-commitment employees. In the organizational context of China, this study reveals the working mechanisms of reward and punishment of organizational control in encouraging employees’ information security compliance behavior and provides suggestions for the system design and optimization of information security management.

Key words: supervisor-subordinate guanxi, information security compliance behavior, organizational commitment, reward expectancy, punishment expectancy

刘晨晖, 王能民. 组织控制对信息安全遵从行为的影响——上下级关系与组织承诺的调节作用[J]. 管理评论, 2022, 34(9): 208-220.

Liu Chenhui, Wang Nengmin. The Impact of Organizational Control on Information Security Compliance Behavior： The Moderating Effects of Supervisor-Subordinate Guanxi and Organizational Commitment[J]. Management Review, 2022, 34(9): 208-220.

参考文献

[1] Soomro Z. A., Shah M. H., Ahmed J. Information Security Management Needs More Holistic Approach: A Literature Review[J]. International Journal of Information Management, 2016,36(2):215-225
[2] 陈昊,李文立. 基于情绪中介的信息安全保护行为研究[J]. 科研管理, 2018,39(6):48-56
[3] Hu Q., Dinev T., Hart P., et al. Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture[J]. Decision Sciences, 2012,43(4):615-660
[4] 李晶,王文韬,谢阳群. 组织信息安全文化的角色与建构研究[J]. 情报杂志, 2015,34(3):162-166
[5] Liang H., Xue Y., Wu L. Ensuring Employees’ IT Compliance: Carrot or Stick?[J]. Information Systems Research, 2013,24(2):279-294
[6] 陈昊,李文立,陈立荣. 组织控制与信息安全制度遵守:面子倾向的调节效应[J]. 管理科学, 2016,29(3):1-12
[7] Chen X., Chen L., Wu D. Factors That Influence Employees’ Security Policy Compliance: An Awareness-Motivation-Capability Perspective[J]. Journal of Computer Information Systems, 2018,58(4):312-324
[8] D'Arcy J., Herath T. A Review and Analysis of Deterrence Theory in the IS Security Literature: Making Sense of the Disparate Findings[J]. European Journal of Information Systems, 2011,20(6):643-658
[9] Etzioni A. A Comparative Analysis of Complex Organizations: On Power, Involvement, and Their Correlates[M]. New York: Free Press, 1975
[10] 吴士健,孙专专,刘新民,等. 家长式领导有助于员工利他行为吗?——基于中国情境的多重中介效应研究[J]. 管理评论, 2020,32(2):205-217
[11] Davison R. M., Díaz Andrade A. Promoting Indigenous Theory[J]. Information Systems Journal, 2018,28(5):759-764
[12] 梁漱溟. 中国文化要义[M]. 上海: 上海人民出版社, 2011
[13] 费孝通. 乡土中国[M]. 北京: 人民出版社, 2008
[14] 王震,许灏颖,宋萌. “说话算话”的领导让下属更效忠:中国传统“报”文化视角下的领导言行一致与下属忠诚[J]. 管理评论, 2018,30(4):106-119
[15] 严进,付琛,郑玫. 组织中上下级值得信任的行为研究[J]. 管理评论, 2011,23(2):99-106
[16] 张文慧,王辉. 中国企业战略型领导的三元模式[J]. 管理世界, 2013,(7):94-112
[17] 李云,李锡元. 上下级“关系”影响中层管理者职业成长的作用机理——组织结构与组织人际氛围的调节作用[J]. 管理评论, 2015,27(6):120-127
[18] 郭晓薇,李成彦. 中国人的上下级关系:整合构念的建立与初步检验[J]. 管理学报, 2015,12(2):167-177
[19] 梁潇杰,于桂兰,付博. 与上级关系好的员工一定会建言吗?基于资源保存理论的双中介模型[J]. 管理评论, 2019,31(4):128-137
[20] Davison R. M., Ou C. X. J., Martinsons M. G. Information Technology to Support Informal Knowledge Sharing[J]. Information Systems Journal, 2013,23(1):89-109
[21] Hui C., Lee C., Rousseau D. M. Employment Relationships in China: Do Workers Relate to the Organization or to People?[J]. Organization Science, 2004,15(2):232-240
[22] 刘顿,古继宝. 领导发展性反馈、员工工作卷入与建言行为:员工情绪智力调节作用[J]. 管理评论, 2018,30(3):128-139
[23] 李凯,孙旭丽,严建援. 移动支付系统使用意愿影响因素分析:基于交换理论的实证研究[J]. 管理评论, 2013,25(3):91-100
[24] Zhang L., Deng Y., Wang Q. An Exploratory Study of Chinese Motives for Building Supervisor-Subordinate Guanxi[J]. Journal of Business Ethics, 2014,124(4):659-675
[25] 刘小平. 组织承诺综合形成模型的验证研究[J]. 科研管理, 2005,(1):87-93
[26] Meyer J. P., Allen N. J. A Three-Component Conceptualization of Organizational Commitment[J]. Human Resource Management Review, 1991,1(1):61-89
[27] Hwang I., Cha O. Examining Technostress Creators and Role Stress as Potential Threats to Employees’ Information Security Compliance[J]. Computers in Human Behavior, 2018,81:282-293
[28] Stanton J. M., Stam K. R., Guzman I., et al. Examining the Linkage between Organizational Commitment and Information Security[C]. IEEE International Conference on Systems, Man and Cybernetics, 2003
[29] Posey C., Roberts T. L., Lowry P. B. The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets[J]. Journal of Management Information Systems, 2015,32(4):73-79
[30] Yazdanmehr A., Wang J. Employees’ Information Security Policy Compliance: A Norm Activation Perspective[J]. Decision Support Systems, 2016,92:36-46
[31] 曾忠平,杨哲,刘春梅. 用户信息安全行为研究述评[J]. 情报杂志, 2014,33(12):184-188
[32] 张志学,张建君,梁钧平. 企业制度和企业文化的功效:组织控制的观点[J]. 经济科学, 2006,(1):117-128
[33] Kirsch L. J., Sambamurthy V., Ko D. G., et al. Controlling Information Systems Development Projects: The View from the Client[J]. Management Science, 2002,48(4):484-498
[34] Chen Y., Ramamurthy K., Wen K. Organizations’ Information Security Policy Compliance: Stick or Carrot Approach?[J]. Journal of Management Information Systems, 2012,29(3):157-188
[35] Bulgurcu B., Cavusoglu H., Benbasat I. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness[J]. MIS Quarterly, 2010,34(3):523-548
[36] Siponen M., Mahmood M. A., Pahnila S. Employees’ Adherence to Information Security Policies: An Exploratory Field Study[J]. Information & Management, 2014,51(2):217-224
[37] Podsakoff P. M., Bommer W. H., Podsakoff N. P., et al. Relationships between Leader Reward and Punishment Behavior and Subordinate Attitudes, Perceptions, and Behaviors: A Meta-analytic Review of Existing and New Research[J]. Organizational Behavior & Human Decision Processes, 2006,99(2):113-142
[38] D'Arcy J., Hovav A., Galletta D. User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach[J]. Information Systems Research, 2009,20(1):79-98
[39] 苏伟琳,林新奇. 上级发展性反馈对员工建言行为影响的双路径分析——基于社会交换理论与社会认知理论的视角[J]. 经济经纬, 2019,36(5):112-119
[40] 郭晓薇. 中国情境中的上下级关系构念研究述评——兼论领导—成员交换理论的本土贴切性[J]. 南开管理评论, 2011,14(2):61-68
[41] Law K. S., Wong C., Wang D., et al. Effect of Supervisor-Subordinate Guanxi on Supervisory Decisions in China: An Empirical Investigation[J]. International Journal of Human Resource Management, 2000,11(4):751-765
[42] Chen Y., Friedman R., Yu E., et al. Supervisor-Subordinate Guanxi: Developing a Three-Dimensional Model and Scale[J]. Management and Organization Review, 2009,5(3):375-399
[43] Miao C., Qian S., Banks G. C., et al. Supervisor-Subordinate Guanxi: A Meta-analytic Review and Future Research Agenda[J]. Human Resource Management Review, 2020,30(2):1-17
[44] 付博,于桂兰,梁潇杰. 上下级关系实践对员工工作绩效的“双刃剑”效应:一项跨层次分析[J]. 科研管理, 2019,40(8):273-283
[45] Wei L. Q., Liu J., Chen Y. Y., et al. Political Skill, Supervisor-Subordinate Guanxi and Career Prospects in Chinese Firms[J]. Journal of Management Studies, 2010,47(3):437-454
[46] Liu X., Wang J. Abusive Supervision and Organizational Citizenship Behaviour: Is Supervisor-Subordinate Guanxi a Mediator?[J]. The International Journal of Human Resource Management, 2013,24(7):1471-1489
[47] 黄杜鹃,叶江峰,张古鹏. 与上司关系融洽有利于中层管理者抑制性建言吗?——一个有调节的中介模型[J]. 科研管理, 2019,40(11):276-284
[48] 于维娜,樊耘,张婕,等. 宽恕视角下辱虐管理对工作绩效的影响——下属传统性和上下级关系的作用[J]. 南开管理评论, 2015,18(6):16-25
[49] Su C., Littlefield J. E. Entering Guanxi: A Business Ethical Dilemma in Mainland China?[J]. Journal of Business Ethics, 2001,33(3):199-210
[50] 戚振江,朱纪平. 组织承诺理论及其研究新进展[J]. 浙江大学学报(人文社会科学版), 2007,37(6):90-98
[51] 刘小平. 员工组织承诺的形成过程:内部机制和外部影响——基于社会交换理论的实证研究[J]. 管理世界, 2011,(11):92-104
[52] Rhoades L., Eisenberger R. Perceived Organizational Support: A Review of the Literature[J]. Journal of Applied Psychology, 2002,87(4):698-714
[53] Herath T., Rao H. R. Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations[J]. European Journal of Information Systems, 2009,18(2):106-125
[54] Sharma S., Warkentin M. Do I Really Belong?: Impact of Employment Status on Information Security Policy Compliance[J]. Computers & Security, 2019,87:1-12
[55] Porter L. W., Mowday R. T., Steers R. M. The Measurement of Organizational Commitment[J]. Journal of Vocational Behavior, 1979,14(2):224-247
[56] Meyer J. P., Becker T. E., Vandenberghe C. Employee Commitment and Motivation: A Conceptual Analysis and Integrative Model[J]. Journal of Applied Psychology, 2004,89(6):991-1007
[57] Li H., Zhang J., Sarathy R. Understanding Compliance with Internet Use Policy from the Perspective of Rational Choice Theory[J]. Decision Support Systems, 2010,48(4):635-645
[58] Chan M., Woon I., Kankanhalli A. Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior[J]. Journal of Information Privacy and Security, 2005,1(3):18-41
[59] Tyler T. R., Blader S. L. Can Businesses Effectively Regulate Employee Conduct? The Antecedents of Rule Following in Work Settings[J]. Academy of Management Journal, 2005,48(6):1143-1158
[60] Gamble J., Huang Q. Organizational Commitment of Chinese Employees in Foreign-Invested Firms[J]. International Journal of Human Resource Management, 2008,19(5):896-915
[61] Hair J. F., Ringle C. M., Sarstedt M. Partial Least Squares: The Better Approach to Structural Equation Modeling?[J]. Long Range Planning, 2012,45(5-6):312-319
[62] Lowry P. B., Gaskin J. Partial Least Squares (PLS) Structural Equation Modeling (SEM) for Building and Testing Behavioral Causal Theory: When to Choose It and How to Use It[J]. IEEE Transactions on Professional Communication, 2014,57(2):123-146
[63] Hair J. F., Risher J. J., Sarstedt M., et al. When to Use and How to Report the Results of PLS-SEM[J]. European Business Review, 2019,31(1):2-24
[64] Cohen J. Statistical Power Analysis for the Behavioral Sciences[M]. Hillsdale: Lawrence Erlbaum Associates, 1988
[65] Saraf N., Liang H., Xue Y., et al. How does Organisational Absorptive Capacity Matter in the Assimilation of Enterprise Information Systems?[J]. Information Systems Journal, 2013,23(3):245-267
[66] Yazdanmehr A., Wang J., Yang Z. Peers Matter: The Moderating Role of Social Influence on Information Security Policy Compliance[J]. Information Systems Journal, 2020,30(5):1-54
[67] Cohen J., Cohen P., West S. G., et al. Applied Multiple Regression/Correlation Analysis for the Behavioral Sciences[M]. Mahwah: Lawrence Erlbaum Associates Publishers, 2003
[68] 郭晓薇,范伟. 基于整合构念的中国情境下员工上下级关系量表开发与检验[J]. 管理学报, 2018,15(1):20-29
[69] 周浩. 家长式领导对下属进谏行为的影响:基于关系的视角[J]. 四川大学学报(哲学社会科学版), 2014,(4):139-148
[70] 崔智淞,王弘钰. 上下级关系对员工建设性越轨行为的激活机制研究:一个被中介的调节模型[J]. 预测, 2019,38(1):8-14