Applying the extended parallel process model to understand households' responses to tornado and earthquake risks in Oklahoma

Oklahoma is a multihazard environment where both natural (e.g., tornadoes) and technological hazards (e.g., induced seismicity) are significant, making Oklahoma a unique setting to better understand how to manage and prepare for multiple hazards. While studies have attempted to understand drivers of hazard adjustments, few have focused on the overall number of adjustments undertaken instead of individual adjustments or adjustments in a multihazard environment. To address these gaps, we employ a survey sample of 866 households in Oklahoma to understand households' danger control responses (protective hazard adjustments) for tornado and earthquake risks in Oklahoma. We apply the extended parallel processing model (EPPM) to categorize respondents according to their relative level of perceived threat and efficacy of protective actions in predicting the number of hazard adjustments they intend to or have adopted in response to tornadoes and induced earthquakes. In line with the EPPM, we found that households have the highest number of danger control responses when their perceived threat and efficacy are both high. Counter to the EPPM literature, we found low threat coupled with high efficacy moved some individuals toward the adoption of danger control responses in response to both tornadoes and earthquakes. When households have high efficacy, threat appraisals matter in tornado danger control responses but not in earthquake danger control responses. This EPPM categorization opens new research approaches for studies of natural and technological hazards. This study also provides information for local officials and emergency managers making mitigation and preparedness investments and policies.

The influence of inputs in the information security policy development: an institutional perspective

Purpose

The purpose of this paper is to investigate what role literature-based inputs have on the information security policy (ISP) development in practice.

Design/methodology/approach

A literature review is carried out to identify commonly used inputs for ISP development in theory firstly. Secondly, through the lens of institutional theory, an interpretive approach is adapted to study the influence of literature-based inputs in the ISP development in practice. Semi-structured interviews with senior experienced information security officers and managers from the public sector in Sweden are carried out for this research.

Findings

According to the literature review, 10 inputs for ISP development have been identified. The results from the interviews indicate that the role inputs have on the ISP development serves as more than a rational tool, where organisational context, institutional pressures and the search for legitimacy play an important role.

Research limitations/implications

From the institutional perspective, this study signifies the influence of inputs on ISP development can be derived from institutionalised rules or practices established by higher authorities; actions and practices that are perceived as successful and often used by other organisations; the beliefs of what is viewed as appropriate to meet the specific pressures from stakeholders.

Practical implications

This research recommends five practical implications for practitioners working with the ISP development. These recommendations aim to create an understanding of how an ISP could be developed, considering more than the rational functionalist perspective.

Originality/value

To the best of the authors’ knowledge, it is the first of its kind in examining the role of literature-based inputs in ISP development in practice through the lens of institutional theory.

Understanding employees’ information security–related stress and policy compliance intention: the roles of information security fatigue and psychological capital

Purpose

This study aims to explore the emotion-based mediator of information security fatigue in the relationship between employees’ information security–related stress (SRS) and information security policy (ISP) compliance intention and the effects of psychological capital (PsyCap) on relieving SRS and promoting compliance.

Design/methodology/approach

The authors tested a series of hypotheses by applying partial least squares–based structural equation modeling to survey data from 488 employees in Chinese enterprises.

Findings

The results suggest that the relationship between SRS and ISP compliance intention is fully mediated by information security fatigue. Employees’ SRS promotes their information security fatigue, which reduces their intention to follow ISPs. In addition, employees with high PsyCap may experience low levels of SRS and information security fatigue, which promotes their willingness to comply with ISPs.

Originality/value

This study extends knowledge by introducing information security fatigue and PsyCap to the field of information security management, and it calls attention to the effects on information security behaviors of employee emotions and positive psychological resources in an organization. The authors reveal the emotion-based mediating effect of information security fatigue and the positive influence of PsyCap in information security management.

Investigation of information security policy violations among oil and gas employees: A security-related stress and avoidance coping perspective

Information security is one of the most crucial considerations in digitising Oil and Gas (O&G) organisations. For ensuring information security policy compliance, O&G organisations enforce heavy security requirements. The purpose of this article is to assess how O&G employees cope with stressful information security tasks and how security-related stress (SRS) is related to information security policy violations among O&G employees in developing countries. Based on the coping theory, this article develops a theoretical framework to examine O&G employees’ intention to violate information security policies. The framework is tested using a survey of 270 managers/executives from 150 Malaysian O&G organisations. The results indicated that O&G employees perceive security requirements as stressful to follow and adopt avoidance coping strategies that lead them to violate organisational information security policies. For practitioners, the study findings demonstrate the prevalence of technostress in O&G organisations and suggest alternative mechanisms to address the stressful effects of information security requirements. This article contributes to the information system security literature by testing procrastination and psychological detachment with SRS in the context of developing countries' O&G organisations’ employees and provides an understanding of how O&G employees adopt avoidance coping.