跨层次视角下信息安全氛围对员工信息安全制度遵守意愿的影响作用

员工安全遵守行为已成为保护企业信息资产安全的重要保障。侧重人因因素,讨论如何通过有效方法来规范和引导员工遵守信息安全制度。基于保护动机理论(protection motivation theory, PMT)和社会认知理论,采用跨层次分析方法,以员工信息安全制度遵守意愿为因变量,信息安全氛围为组织层面变量,感知严重性、感知易感性、反应效能和自我效能为个体层面变量构建研究模型。借鉴成熟量表设计问卷,发放问卷并获取有效数据,应用SPSS 26.0软件对研究模型进行假设验证。实证结果表明：感知严重性、感知易感性、反应效能和自我效能均正向影响员工信息安全制度遵守意愿;信息安全氛围跨层次既能直接影响员工信息安全制度遵守意愿,又可通过个体层面变量对结果变量产生影响作用。为强化企业安全管理提供一定的理论支撑。

A cross-level study of the impact of information security climate on employees willingness to comply with security

Employee security compliance behavior has become a critical safeguard to protect the security of corporate information assets. Focusing on human factors, this paper discusses how to regulate and guide employees’ compliance with information security systems through effective methods. Based on protection motivation theory (PMT) and social cognitive theory, a cross-level analysis method is adopted to construct a research model with employees'' intention to comply with the information security system as the dependent variable, information security climate as the organisational level variable, and perceived severity, perceived vulnerability, response efficacy and self-efficacy as the individual level variables. The questionnaire is designed by drawing on proven scales, distributed and valid data are obtained, and SPSS 26.0 software is applied to test the hypotheses of the research model. The empirical results show that perceived severity, perceived vulnerability, response efficacy and self-efficacy all positively influence employees'' intention to comply with the information security system, while information security climate across hierarchical levels can have both a direct impact on employees'' intention to comply with the information security system and an impact on outcome variables through individual-level variables. The above findings provide some theoretical supports for strengthening enterprise security management.