中文摘要：

员工对于重要数据和计算机设备等信息资产的滥用和误用成为组织信息安全的潜在威胁,越来越多的企业意识到单纯依靠安全技术解决方案难以有效控制这些风险,如何通过有效的机制设计来规范和引导员工的信息安全行为显得尤为重要。从行为学视角,引入面子倾向探讨中国组织员工的信息安全管理问题。面子是中国人相对稳定的人格特质,相当一部分人对面子得失十分看重,正是这种特殊的面子规范构成了企业中面子管理的重要内容。已有研究将面子看作是一种行为约束机制,然而在信息安全行为管理中,面子是否以及如何起作用尚未被探讨。整合威慑理论、奖励机制和面子需求理论,在组织控制机制框架下构建研究模型,揭示基于奖励激励和组织威慑的正式控制机制和基于面子需求的非正式控制机制在引导员工遵守信息安全制度中的关键性作用。研究模型围绕员工遵守信息安全制度的意愿,重点解释奖惩机制的有效性、挣面子和护面子两种面子倾向对遵守意愿的作用以及基于奖惩的正式控制机制与基于面子需求的非正式控制机制之间的交互作用。采用网络问卷调研法,依托专业的数据调研公司,将问卷链接随机推送给在实行了信息安全制度的企业中工作的正式员工。经过3周的数据收集和筛选,最终获取409份有效样本,基于PLS的结构方程和Smart PLS工具对研究模型进行假设验证。研究结果表明,感知到的奖励和感知到的惩罚对员工的信息安全制度遵守行为决策起控制作用,且奖励激励的作用效果要优于组织威慑;面子倾向引导员工遵守信息安全制度,挣面子倾向和护面子倾向对正式控制机制与行为意愿间关系起负向调节作用。研究结果对中国情景下的信息安全行为管理提供了理论支撑和实践指导。

英文摘要：

Intentional insiders＇ misuse and abuse of information systems resources（ i.e.confidential data,computer equipment） represent significant potential threats to organizational information security. Increasingly, corporations realize that technologybased solutions alone cannot reduce these information security risks. Thus it has become important to understand how to discipline and guide employees in their information security behaviors through effective managerial mechanism design. From the behavioral perspective, this study introduces face orientation factors to the literature of Chinese employee＇s information security behavior decision-making. Face （or Mianzi） is one type of relatively stable personality for Chinese people, and a significant number of people have face-saving related considerations. For example, they instinctively fear of face-losing and pleased to have face-gaining. It is this special rule relating to face that drives entrepreneurs to develop face management practices. Prior studies believed that face can be deemed as behavior-restraining mechanism, however, whether and how this mechanism work on information security management have not yet discussed. Drawing upon deterrence theory, reward and face orientation theory, we develop a research model following the organizational control framework, to investigate the key roles of perceived reward and perceived punishment in affecting employee＇s compliance with information security policies through formal or informal control mechanism. This research model deals with three important questions in employee＇s ISPs compliance intention： ①The effectiveness of the reward and punishment mechanism; ②The effect of two kinds of face orientation on compliance intention; and ③The interaction effect between formal （ reward and punishment） and informal mechanisms（face orientations）. Data were collected through a web-based survey. We delegated the processes of survey issuance and data collection to a professional data research firm. The