Advanced search
Publication Cover
Journal of Computer Information Systems Volume 64, 2024 - Issue 4
Submit an article Journal homepage
223
Views
0
CrossRef citations to date
0
Altmetric
Original Articles

Inconsistencies Between Information Security Policy Compliance and Shadow IT Usage

Hsieh-Hong Huanga National Taitung University, Taitung, TaiwanCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-4356-4514View further author information
ORCID Icon &
Jian-Wei Linb Shih Chien University, Taipei, TaiwanView further author information
Pages 554-564 | Published online: 19 Jul 2023

References

  • Parsons K, McCormac A, Butavicius M, Pattinson M, Jerram C. Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput Secur. 2014;42:165–76. doi:10.1016/j.cose.2013.12.003.
  • Haag S, Eckhardt A. Normalizing the shadows - the role of symbolic models for individuals’ shadow IT usage. Paper presented at: the 35th International Conference on Information Systems (ICIS 2014); 2014 Dec 14–17; Auckland, New Zealand.
  • Jarrahi MH, Reynolds R, Eshraghi A. Personal knowledge management and enactment of personal knowledge infrastructures as shadow IT. Inf Learn Sci. 2020;122(1/2):17–44. doi:10.1108/ILS-11-2019-0120.
  • D’Arcy J, Greene G. Security culture and the employment relationship as drivers of employees’ security compliance. Inf Manage Comput Secur. 2014;22(5):474–89. doi:10.1108/IMCS-08-2013-0057.
  • Straub D. Effective is security: an empirical study. Inf Syst Res. 1990;1(3):255–76. doi:10.1287/isre.1.3.255.
  • D’arcy J, Herath T. A review and analysis of deterrence theory in the is security literature: making sense of the disparate findings. Eur J Inf Syst. 2011;20(6):643–58. doi:10.1057/ejis.2011.23.
  • Siponen MT. A conceptual foundation for organizational information security awareness. Inf Manage Comput Secur. 2000;8(1):31–41. doi:10.1108/09685220010371394.
  • Puhakainen P, Siponen M. Improving employees’ compliance through information systems security training: an action research study. MIS Quart. 2010;34(4):757–78. doi:10.2307/25750704.
  • Cram WA, D’Arcy J, Proudfoot JG. Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Quart. 2019;43(2):525–54. doi:10.25300/MISQ/2019/15117.
  • Vance A, Siponen M, Pahnila S. Motivating is security compliance: insights from habit and protection motivation theory. Inf Manage. 2012;49(3–4):190–98. doi:10.1016/j.im.2012.04.002.
  • Bulgurcu B, Cavusoglu H, Benbasat I. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quart. 2010;34(3):523–48. doi:10.2307/25750690.
  • Christian MS, Garza AS, Slaughter JE. Work engagement: a quantitative review a test of its relations with task and contextual performance. Pers Psychol. 2011;64(1):89–136. doi:10.1111/j.1744-6570.2010.01203.x.
  • Hsu J, Shih SP, Hung Y, Lowry PB. The role of extra-role behaviors and social controls in information security policy effectiveness. Inf Syst Res. 2015;26(2):282–300. doi:10.1287/isre.2015.0569.
  • Bandura A. Self-efficacy: toward a unified theory of behavioral change. Psychol Rev. 1977;84(2):191–215. doi:10.1037/0033-295X.84.2.191.
  • Bandura A, Jourden FJ. Self-regulatory mechanisms governing the impact of social comparison on complex decision making. J Pers Soc Psychol. 1991;60(6):941–51. doi:10.1037/0022-3514.60.6.941.
  • Gist ME. Self-efficacy: implications for organizational behavior and human resource management. Acad Manage Rev. 1987;12(3):472–85. doi:10.2307/258514.
  • Wood R, Bandura A. Social cognitive theory of organizational management. Acad Manage Rev. 1989;14(3):361–84. doi:10.2307/258173.
  • Agarwal R, Sambamurthy V, Stair RM. Research report: the evolving relationship between general and specific computer self-efficacy: an empirical assessment. Inf Syst Res. 2000;11(4):418–30. doi:10.1287/isre.11.4.418.11876.
  • Davis FD, Bagozzi RP, Warshaw PR. User acceptance of computer technology: a comparison of two theoretical models. Manage Sci. 1989;35(8):982–1003. doi:10.1287/mnsc.35.8.982.
  • Rhee HS, Kim C, Ryu YU. Self-efficacy in information security: its influence on end users’ information security practice behavior. Comput Secur. 2009;28(8):816–26. doi:10.1016/j.cose.2009.05.008.
  • Silic M. Critical impact of organizational and individual inertia in explaining non-compliant security behavior in the shadow IT context. Comput Secur. 2019;80:108–19. doi:10.1016/j.cose.2018.09.012.
  • Silic M, Barlow JB, Back A. A new perspective on neutralization and deterrence: predicting shadow IT usage. Inf Manage. 2017;54(8):1023–37. doi:10.1016/j.im.2017.02.007.
  • Tambo T, Olsen M, Bækgaard L. Motives for feral systems in Denmark. In: Kerr D, Burgess K Houghton L, editors. Feral information systems development: managerial implications. Hershey (PA): IGI Global; 2014. p. 129–60. doi:10.4018/978-1-4666-5027-5.ch007.
  • Walterbusch M, Fietz A, Teuteberg F. Missing cloud security awareness: investigating risk exposure in shadow IT. J Enterp Inf Manage. 2017;30(4):644–65. doi:10.1108/JEIM-07-2015-0066.
  • Mallmann GL, de Vargas Pinto A, Maçada ACG. Shedding light on shadow IT: definition, related concepts, and consequences. In: Ramos I, Quaresma R, Silva P Oliveira T, editors. Information systems for industry 4.0. lecture notes in information systems and organisation. Vol. 31. Cham (Switzerland): Springer International Publishing; 2019. p. 63–79. doi:10.1007/978-3-030-14850-8_5.
  • Warkentin M, Willison R. Behavioral and policy issues in information systems security: the insider threat. Eur J Inf Syst. 2009;18(2):101–05. doi:10.1057/ejis.2009.12.
  • Chen Y, Zahedi FM. Individual’s internet security perceptions and behaviors: polycontextual contrasts between the United States and China. MIS Quart. 2016;40(1):205–22. doi:10.25300/MISQ/2016/40.1.09.
  • Haag S, Eckhardt A, Schwarz A. The acceptance of justifications among shadow IT users and nonusers - an empirical analysis. Inf Manage. 2019;56(5):731–41. doi:10.1016/j.im.2018.11.006.
  • Amo LC, Zhuo M, Wilde S, Murray D, Cleary K, Amo C, Upadhyaya S, Rao HR. Cybersecurity engagement and self-efficacy scale. 2015 [accessed 2023 Jun 29]. https://sites.google.com/site/amoceses/.
  • Ifinedo P. Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput Secur. 2012;31(1):83–95. doi:10.1016/j.cose.2011.10.007.
  • Brislin RW. Back-translation for cross-cultural research. J Cross-Cult Psychol. 1970;1(3):185–216. doi:10.1177/135910457000100301.
  • Hair JF, Black WC, Babin BJ, Anderson RE. Multivariate data analysis. Boston (MA): Cengage; 2019.
  • Whitman ME. Enemy at the gate: threats to information security. Commun ACM. 2003;46(8):91–95. doi:10.1145/859670.859675.
  • Stanton JM, Stam KR, Mastrangelo PR, Jolton J. An analysis of end user security behaviors. Comput Secur. 2005;24(2):124–33. doi:10.1016/j.cose.2004.07.001.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.