Article Preview
TopIntroduction
Most studies in information systems field have primarily focused on technical issues concerning the design and implementation of security subsystems (Choo, 2011). Some of the study in this area includes computer security behaviors including information security system management (Stanton 2005; Haufe et al., 2016). However, the respondents in these studies are typically IT administrators or top-level managers form IT governance (Dhillon & Torkzadeh, 2006; Dzombeta et al., 2014) rather than representatives from the end-user community. The fact that the respondents in prior studies were largely those responsible for setting up and running technical security initiatives raises the question of whether or not their views are likely to be representative of the organization as a whole (Finch et al. 2003). Recently, there has been some research on end-user policy compliance. In an empirical vein, D’Arcy and Hovav (2004) followed deterrence theory and developed a theoretical model that examines the effect of deterrent security countermeasures on the perceived certainty and severity of sanctions, which in turn, leads to IS misuse intentions. However, Willison and Warkentin (2016) finds that deterrence measures reduce computer abuse in organizations.
Social exchange theory (Blau, 1964; Homans, 1961) explained the motivation behind the attitudes and behaviors exchanged between individuals. Eisenberger et al. (1986) expanded this work by proposing and establishing that the theory of social exchange also explains aspects of the relationship between the organization and its employees. They noted that employees form general perceptions about the intentions and attitudes of the organization toward them from the policies and procedures enacted by individuals and agents of the organization, attributing human-like attributes to their employer on the basis of the treatment they receive. At this time, the positive and beneficial actions directed at employees by the organization and/or its representatives contribute to the establishment of high-quality exchange relationships that create obligations for employees to reciprocate in positive, beneficial ways (Grusky, 1996; Molm, 2000; 2003; Alge, Wiethoff, & Klein, 2003; Uhl-Bien & Maslyn, 2003; Tsui & Wang, 2002; Wang, Tsui, Zhang, & Ma, 2003).
Given the regulatory requirements imposed on organizations within numerous industries, research in the area of employee compliance with organizational security and privacy regulations remains necessary and highly desirable. Recent studies in this area, while continuing to develop our understanding of compliance motivation and behavioral factors leading to non-compliance, they have yet to consider the influence of social exchange relationships (Blau, 1964; Homans, 1961) in which employees operate and within which employees are expected to develop their individual capabilities toward and intentions about compliance.