Privilege or procedure: Evaluating the effect of employee status on intent to comply with socially interactive information security threats and controls

Existing information security literature does not account for an employee's status (hierarchical relationship (rank order) among employees) within the organizational chain of command when theorizing about his/her information security policy compliance behaviors and behavioral intentions. We argue that this is a potentially important theoretical gap specifically concerning socially interactive threats and controls within hierarchical organizations, because an individual's status within these types of social structures impacts his/her capacity to control another person's resources, behaviors, and outcomes. In this paper, we investigate the main and moderating effect of an employee's status within the organizational hierarchy on an individual's perceived behavioral control related to interactive security threats and controls, specifically tailgating (i.e., the act of gaining access to a restricted area by following someone who has legitimate access). In a survey of Department of Defense employees, we find that the effect of status on perceived behavioral control over tailgating behaviors is positive for employees who report average and above average levels of controllability of coworkers but negative for employees who report below average levels of controllability of coworkers. Our paper has both theoretical and practical value for socially interactive security behaviors within hierarchical organizations with respected levels of command and control.