Assessing the impact of security culture and the employee-organization relationship on IS security compliance

IS security advocates recommend strategies that shape user behavior as part of an overall information security management program. A major challenge for organizations is encouraging employees to comply with IS security policies. This paper examines the influence of security-related and employee organization relationship factors on users’ IS security compliance decisions. Specifically, we predict that security culture, job satisfaction, and perceived organizational support have a positive effect on users’ IS security compliance intentions. Our results support the notion that security culture and job satisfaction lead to increased compliant security behavior. However, we did not find evidence that perceived organizational support increases compliant behavior intentions. Our results do suggest that security culture is a multidimensional construct consisting of top management commitment to security, security communication, and computer monitoring. The findings have implications for information security research and practice.