EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context

Sumantra Sarkar (), Anthony Vance (), Balasubramaniam Ramesh (), Menelaos Demestihas () and Daniel Thomas Wu ()
Additional contact information
Sumantra Sarkar: School of Management, Binghamton University, State University of New York, Binghamton, New York 13902
Anthony Vance: Fox School of Business, Temple University, Philadelphia, Pennsylvania 19122
Balasubramaniam Ramesh: Robinson College of Business, Georgia State University, Atlanta, Georgia 30303
Menelaos Demestihas: Wellstar Kennestone Hospital, Marietta, Georgia 30060
Daniel Thomas Wu: Emergency Medicine, Emory University Hospital, Emory University School of Medicine, Atlanta, Georgia 30303

Information Systems Research, 2020, vol. 31, issue 4, 1240-1259

Abstract: In recent years, we have witnessed substantial increases in the frequency, scope, and cost of data breaches. Accordingly, information security researchers have sought to understand why employees comply with or violate information security policies (ISPs) designed to prevent security incidents. Research suggests that compliance is not uniform but rather depends on contextual and individual factors, such as national culture. Scholars have long recognized that organizational subculture may be equally influential. A key example is professional subcultures, within which members typically share similar education, training, values, and identity. Research shows that behavior can vary widely across professional subcultures, and thus a single approach to promoting ISP compliance may not be equally effective across these subcultures. However, it is presently unclear how subculture influences ISP compliance. To address this need, we adopt a mixed-methods design to examine differences in ISP violation behavior among different professional subcultures in a healthcare organization. We first conducted an exploratory qualitative study to identify different attitudes toward ISP violations among three prominent professional healthcare groups: physicians, nurses, and support staff. Then, using a combination of qualitative interviews, observational fieldwork, and a quantitative survey, we explored how professional group membership moderates (1) the influence of perceptions of sanctions on intentions to violate the ISP and (2) the effect of intentions to violate on actual ISP violation behaviors. Our findings highlight the substantial effect of professional subculture on ISP violations in organizations and provide insights for researchers and managers that may be used to improve overall ISP compliance.

Keywords: professional subculture; information security policy violations; mixed methods; healthcare (search for similar items in EconPapers)
Date: 2020
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (5)

Downloads: (external link)
https://doi.org/10.1287/isre.2020.0941 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:orisre:v:31:y:2020:i:4:p:1240-1259

Access Statistics for this article

More articles in Information Systems Research from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:inm:orisre:v:31:y:2020:i:4:p:1240-1259