Sociological aspects of management and behaviour compliance with security policies – the role of employees’ security awareness in purpose industry
Abstract
In the digital age, information security is gaining greater importance, especially in dedicated industry. This study investigates the relationship between leadership styles and employees’ behaviour compliance with security policies. The aim of the study is to analyze the indirect effect of transformational leadership on employee compliance with security policies, through the benefits of employees’ security countermeasure awareness. The HBM model, adapted to dedicated industry, was used. The study involved 300 respondents from four companies. Dependencies between leaders’ motivation and employees’ awareness of security countermeasure effectiveness were identified. The results indicate key points for improvement, emphasizing continuous education and motivation of leaders in building a security culture, which is essential for success in international trade in precision mechanics.
References
Aarons, G. A. (2006). Transformational and transactional leadership: Association with attitudes toward evidence-based practice. Psychiatric services, 57 (8). Available at: Transformational and Transactional Leadership: Association With Attitudes Toward Evidence-Based Practice | Psychiatric Services (psychiatryonline.org)
Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., Baskerville, R. L. (2020). How inte-gration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71 (8), 939–953. https://doi.org/10.1002/asi.24311
Anuar, H., Shah, S. A., Gafor, H., Mahmood, M. I., Ghazi, H. F. (2020). Usage of health belief model (HBM) in health behavior: A systematic review. Malaysian journal of medicine and health sciences, 16 (11), 2636–9346. Available at: 2021010809001826_2020_0366_.pdf (upm.edu.my)
Bhatti, O. K., Irfan, M., Öztürk, A. O. (2023). Influence of responsible leadership on inclusive organizations: A mixed-method study. International Journal of Organizational Leadership. Available at: https://acikerisim.medipol.edu.tr/xmlui/handle/20.500.12511/11006
Bolden, R., Gosling, J., Hawkins, B. (2023). Exploring leadership: Individual, organizational, and societal perspectives. Oxford University Press
Bulgurcu, H., Cavusoglu, H., Benbasat, I. (2009). Effects of individual and organization based beliefs and the moderating role of work experience on insiders’ good security behaviors, presented at 2009 International Conference on Computational Science and Engineering CSE ’09.
Cook, K. S., Cheshire, C. & Gerbasi, A. (2018). “Power, dependence, and social exchange theory”. Contemporary social psychological theories, 166–193. Available at: https://ieeexplore.ieee.org/abstract/document/5283116
Bass, B. M. (1960). Leadership, Psychology and Organizational Behavior. New York: Harper
Burns, J. M. G. (1978). Leadership. New York: Harper & Row
Da Veiga, A., Astakhova, L. V., Botha A., Herselman, M. (2020). Defining organizational information security culture – Perspectives from academia and industry. Computers and Security, 92, 191713. https://doi.org/10.1016/j.cose.2020.101713
Diesch, R., Plaff, M., Krcmar, H. (2020). “A comprehensive model of information secu-rity factor for decision-makers”. Computers and Security, 92, 101747. https://doi.org/10.1016/j.cose.2020.101747
Hagen, J. M., Albrechtsen, E., Hovden, J. (2008). Implementation and effectiveness of or-ganizational information security measures. Information Management & Computer Security, 16 (4), 377–397. https://doi.org/10.1108/09685220810908796
Hirschi, T. (2015). Social control theory: A control theory of delinquency. In: Criminology theory 289–305.
Hoffmeister, K., Gibbons, A. M., Johnson, S. K., Cigularov, K. P., Chen, P. Y., Rosecrance, J. C. (2014). The differential effects of transformational leadership facets on employee safety. Safety science, 62, 68–78. https://doi.org/10.1016/j.ssci.2013.07.004
Hovav, A., D’Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea. Information
& Management, 49 (2), 99–110. https://doi.org/10.1016/j.im.2011.12.005
Hu, Q., Dinev, T., Hart, P., Cooke, D. (2012). Managing employee compliance with informa-tion security policies: The critical role of top management and organizational culture. Decision Sciences, 43 (4), 615–660. https://doi.org/10.1111/j.1540-5915.2012.00361.x
Hugles-Lartey, J., Li, M., Botchey, F. E., Qin, Z. (2021). Human factor, a critical weak point in the information security of an organizations Internet of things. Heliyon, 7 (3). Available at: Human factor, a critical weak point in the information security of an organization’s Internet of things (cell.com)
Humaidi, N., Balakrishnan, V. (2015). Leadership styles and information security com-pliance behavior: mediator effect of information security awareness. International journal of information and education technology. Available at: Leadership-Styles-and-Information-Security-Compliance-Behavior-The-Mediator-Effect-of-Information-Security-Awareness.pdf (researchgate.net)
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers and Security, 31 (1), 83–95. https://doi.org/10.1016/j.cose.2011.10.007
Jevtić, N., Alhudaidi, I. (2023). The importance of Information Security for Organizations. Serbian Journal of Engineering Management, 8 (2), 48–53. DOI: 10.5937/SJEM2302048J
Jevtić, N., Raut, D. (2024). Analysis of sociological aspects of information security using the HAIS-Q model. Sociološki pregled, 58 (1), 231–252. DOI: 10.5937/socpreg58-47480
Johnson, D. (2024). Leadership Fundamentals for Cybersecurity in Public Policy and Administration: Lessons for the Global South. Taylor & Francis. DOI: 10.4324/9781003496250
Kesić, D. B., Radojević, K. Z., Dželetović, M. U. (2022). The impact of the national security system on the prevention of security threats in the Republic of Serbia: attitudes of secondary school students, Sociološki pregled, 56 (1), 354–382. https://doi.org/10.5937/socpreg56-35763
Lordo, R. F. (2018). The importance of interdisciplinarity. Redefining the health belief model. Senior Theses, 220. Available at: https://scholarcommons.sc.edu/cgi/viewcontent.cgi?article=1221&context=senior_theses;
Luknar, I. (2022). Abuse of information and communication technologies: Concept and organization in the Republic of Serbia. Politika nacionalne bezbednosti, 22 (1), 171–188. 171–188. DOI: 10.22182/pnb.2212022.8. [In Serbian]
MacMillan, J. (2021). Infosec strategies and best practices: Gain proficiency in information security using expert-level strategies and best practices. Packt Publishing Ltd. ISBN 978-1-80056-635-4
Mišić, A. M., Markov, S. (2012). Feminist critical discourse of leadership with emphasis on transformational leadership theory. Sociološki pregled, 46 (3), 341–365. DOI: 10.5937/socpreg1203341M
Morris, M. W., Hong, Y. Y., Chiu, C. Y., Liu, Z. (2015). Normology: Integrating insights about social norms to understand cultural dynamics. Organizational behavior and human decision processes, 129, 1–13. https://doi.org/10.1016/j.obhdp.2015.03.001
Puhakainen, P., Siponen, M. (2010). Improving employees’ compliance through information security training: An action research study. MIS Quarterly, 34 (4), 757–778. https://doi.org/10.2307/25750704
Raheli, H., Zarifian, S., Yazdanpanah, M. (2020). The power of the health belief model (HBM) to predict water demand management: A case study of farmers’ water con-servation in Iran. Journal of Environmental Management, https://doi.org/10.1016/j.jenvman.2020.110388
Von Solms, R., Von Solms, B. (2004). The 10 deadly sins of information security management. Computers & Security, 23 (5), 371–376. https://doi.org/10.1016/j.cose.2004.05.002
Yazdanpanah, M., Komendantova, N., Shirazu, Z. N., Linnerooth-Bayer, J. (2015). Green or in between? Examining youth perceptions of renewable energy in Iran. Energy Research & Social Science, 8, 78–85. https://doi.org/10.1016/j.erss.2015.04.011
Zhu, J., Feng, G., Liang, H., Tsui, K. L. (2023). How do paternalistic leaders motivate employees’ information security compliance? Building a climate and applying sanctions. Journal of the Association for Information Systems, 24 (3), 782–817. DOI: 10.17705/1jais.00794
Copyright (c) 2025 Sociološki pregled
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.