Understanding information security stress: Focusing on the type of information security compliance activity

Chunghun Lee, Choong C. Lee, Suhyun Kim

Research output: Contribution to journalArticle

16 Citations (Scopus)

Abstract

Organizations are intensifying their information security levels, as information security has become an essential element in business management. However, excessive focus on the mere reinforcement of information security has placed employees under stress. Studies have confirmed that the negative effects of stress include reduced employee productivity. Therefore, it is important to manage employee stress while enforcing information security in an organization. Based on person-environment fit theory, this study examines how employees become stressed, the factors behind information security stress (ISS), and the differences between managerial and technical security-oriented organizations. The results show that work overload and invasion of privacy are information security stressors. Furthermore, work overload has a greater effect on ISS in managerial security-oriented organizations, while invasion of privacy exerts a greater influence on ISS in technical security-oriented organizations. In addition, attitude to compliance with the information security policy mitigates work overload and invasion of privacy. These findings can be used as a basic reference for the establishment of employee stress management measures and the evaluation of information security stress levels.

Original languageEnglish
Pages (from-to)60-70
Number of pages11
JournalComputers and Security
Volume59
DOIs
Publication statusPublished - 2016 Jun 1

Fingerprint

Security of data
Personnel
employee
invasion
privacy
Compliance
stress management
business management
security policy
Reinforcement
reinforcement
Productivity
productivity
organization

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law

Cite this

@article{ef4521afb3ac4b7189c97028725db966,
title = "Understanding information security stress: Focusing on the type of information security compliance activity",
abstract = "Organizations are intensifying their information security levels, as information security has become an essential element in business management. However, excessive focus on the mere reinforcement of information security has placed employees under stress. Studies have confirmed that the negative effects of stress include reduced employee productivity. Therefore, it is important to manage employee stress while enforcing information security in an organization. Based on person-environment fit theory, this study examines how employees become stressed, the factors behind information security stress (ISS), and the differences between managerial and technical security-oriented organizations. The results show that work overload and invasion of privacy are information security stressors. Furthermore, work overload has a greater effect on ISS in managerial security-oriented organizations, while invasion of privacy exerts a greater influence on ISS in technical security-oriented organizations. In addition, attitude to compliance with the information security policy mitigates work overload and invasion of privacy. These findings can be used as a basic reference for the establishment of employee stress management measures and the evaluation of information security stress levels.",
author = "Chunghun Lee and Lee, {Choong C.} and Suhyun Kim",
year = "2016",
month = "6",
day = "1",
doi = "10.1016/j.cose.2016.02.004",
language = "English",
volume = "59",
pages = "60--70",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

Understanding information security stress : Focusing on the type of information security compliance activity. / Lee, Chunghun; Lee, Choong C.; Kim, Suhyun.

In: Computers and Security, Vol. 59, 01.06.2016, p. 60-70.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Understanding information security stress

T2 - Focusing on the type of information security compliance activity

AU - Lee, Chunghun

AU - Lee, Choong C.

AU - Kim, Suhyun

PY - 2016/6/1

Y1 - 2016/6/1

N2 - Organizations are intensifying their information security levels, as information security has become an essential element in business management. However, excessive focus on the mere reinforcement of information security has placed employees under stress. Studies have confirmed that the negative effects of stress include reduced employee productivity. Therefore, it is important to manage employee stress while enforcing information security in an organization. Based on person-environment fit theory, this study examines how employees become stressed, the factors behind information security stress (ISS), and the differences between managerial and technical security-oriented organizations. The results show that work overload and invasion of privacy are information security stressors. Furthermore, work overload has a greater effect on ISS in managerial security-oriented organizations, while invasion of privacy exerts a greater influence on ISS in technical security-oriented organizations. In addition, attitude to compliance with the information security policy mitigates work overload and invasion of privacy. These findings can be used as a basic reference for the establishment of employee stress management measures and the evaluation of information security stress levels.

AB - Organizations are intensifying their information security levels, as information security has become an essential element in business management. However, excessive focus on the mere reinforcement of information security has placed employees under stress. Studies have confirmed that the negative effects of stress include reduced employee productivity. Therefore, it is important to manage employee stress while enforcing information security in an organization. Based on person-environment fit theory, this study examines how employees become stressed, the factors behind information security stress (ISS), and the differences between managerial and technical security-oriented organizations. The results show that work overload and invasion of privacy are information security stressors. Furthermore, work overload has a greater effect on ISS in managerial security-oriented organizations, while invasion of privacy exerts a greater influence on ISS in technical security-oriented organizations. In addition, attitude to compliance with the information security policy mitigates work overload and invasion of privacy. These findings can be used as a basic reference for the establishment of employee stress management measures and the evaluation of information security stress levels.

UR - http://www.scopus.com/inward/record.url?scp=84959563723&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84959563723&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2016.02.004

DO - 10.1016/j.cose.2016.02.004

M3 - Article

AN - SCOPUS:84959563723

VL - 59

SP - 60

EP - 70

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -