A conceptual model and empirical assessment of HR security risk management
Information and Computer Security
ISSN: 2056-4961
Article publication date: 11 June 2019
Issue publication date: 19 June 2019
Abstract
Purpose
This study aims to develop a conceptual model and assess the extent to which pre-, during- and post-employment HR security controls are applied in organizations to manage information security risks.
Design/methodology/approach
The conceptual model is developed based on the agency theory and the review of theoretical, empirical and practitioner literature. Following, empirical data are collected through a survey from 134 IT professionals, internal audit personnel and HR managers working within five major industry sectors in a developing country to test the organizational differences in pre-, during- and post-employment HR security measures.
Findings
Using analysis of variance, the findings reveal significant differences among the organizations. Financial institutions perform better in employee background checks, terms and conditions of employment, management responsibilities, security education, training and awareness and disciplinary process. Conversely, healthcare institutions outperform other organizations in post-employment security management. The government public institutions perform the worst among all the organizations.
Originality/value
An integration of a conceptual model with HR security controls is an area that is under-researched and under-reported in information security and human resource management literature. Accordingly, this research on HR security management contributes to reducing such a gap and adds to the existing HR security risk management literature. It, thereby, provides an opportunity for researchers to conduct comparative studies between developed and developing nations or to benchmark a specific organization’s HR security management.
Keywords
Citation
Kumah, P., Yaokumah, W. and Okai, E.S.A. (2019), "A conceptual model and empirical assessment of HR security risk management", Information and Computer Security, Vol. 27 No. 3, pp. 411-433. https://doi.org/10.1108/ICS-05-2018-0057
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited