A conceptual model and empirical assessment of HR security risk management

Abstract

This study develops a conceptual model and assesses the extent to which pre-employment, during employment, and post-employment HR security controls are applied in organizations to manage information security risks. The conceptual model is developed based on the Agency Theory and the review of theoretical, empirical and practitioner literature. Following, an empirical data is collected through a survey from one hundred and thirty-four IT professionals, internal audit personnel, and HR managers working within five major industry sectors in a developing country to test the organizational differences in pre-employment, during employment, and post-employment HR security measures. Using analysis of variance, the findings reveal significant differences among the organizations. Financial institutions perform better in employee background checks, terms and conditions of employment, management responsibilities, security education, training and awareness, and disciplinary process. Conversely, healthcare institutions outperform other organizations in post-employment security management. The government public institutions perform the worst among all the organizations. An integration of a conceptual model with HR security controls is an area that is under-researched and under-reported in information security and human resource management literature. Accordingly, this research on HR security management contributes to reducing such a gap and adds to the existing HR security risk management literature. It thereby provides an opportunity for researchers to conduct comparative studies between developed and developing nations or to benchmark a specific organization’s HR security management.