A conceptual model and empirical assessment of HR security risk management

Peace Kumah, Winfred Yaokumah, Eric Saviour Aryee Okai

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)

Abstract

Purpose: This study aims to develop a conceptual model and assess the extent to which pre-, during- and post-employment HR security controls are applied in organizations to manage information security risks. Design/methodology/approach: The conceptual model is developed based on the agency theory and the review of theoretical, empirical and practitioner literature. Following, empirical data are collected through a survey from 134 IT professionals, internal audit personnel and HR managers working within five major industry sectors in a developing country to test the organizational differences in pre-, during- and post-employment HR security measures. Findings: Using analysis of variance, the findings reveal significant differences among the organizations. Financial institutions perform better in employee background checks, terms and conditions of employment, management responsibilities, security education, training and awareness and disciplinary process. Conversely, healthcare institutions outperform other organizations in post-employment security management. The government public institutions perform the worst among all the organizations. Originality/value: An integration of a conceptual model with HR security controls is an area that is under-researched and under-reported in information security and human resource management literature. Accordingly, this research on HR security management contributes to reducing such a gap and adds to the existing HR security risk management literature. It, thereby, provides an opportunity for researchers to conduct comparative studies between developed and developing nations or to benchmark a specific organization’s HR security management.

Original languageEnglish
Pages (from-to)411-433
Number of pages23
JournalInformation and Computer Security
Volume27
Issue number3
DOIs
Publication statusPublished - 19 Jun 2019

Keywords

  • Agency theory
  • Background check
  • Computer training
  • Conditions of employment
  • Disciplinary process
  • HR security risk management
  • Human resource security
  • Information security
  • Management responsibilities
  • Personnel security
  • Security education
  • Training and awareness

Fingerprint

Dive into the research topics of 'A conceptual model and empirical assessment of HR security risk management'. Together they form a unique fingerprint.

Cite this