{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T17:46:17Z","timestamp":1778175977501,"version":"3.51.4"},"reference-count":62,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2019,7,8]],"date-time":"2019-07-08T00:00:00Z","timestamp":1562544000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,7,8]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>This study aims to develop a conceptual model and assess the extent to which pre-, during- and post-employment HR security controls are applied in organizations to manage information security risks.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The conceptual model is developed based on the agency theory and the review of theoretical, empirical and practitioner literature. Following, empirical data are collected through a survey from 134 IT professionals, internal audit personnel and HR managers working within five major industry sectors in a developing country to test the organizational differences in pre-, during- and post-employment HR security measures.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>Using analysis of variance, the findings reveal significant differences among the organizations. Financial institutions perform better in employee background checks, terms and conditions of employment, management responsibilities, security education, training and awareness and disciplinary process. Conversely, healthcare institutions outperform other organizations in post-employment security management. The government public institutions perform the worst among all the organizations.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>An integration of a conceptual model with HR security controls is an area that is under-researched and under-reported in information security and human resource management literature. Accordingly, this research on HR security management contributes to reducing such a gap and adds to the existing HR security risk management literature. It, thereby, provides an opportunity for researchers to conduct comparative studies between developed and developing nations or to benchmark a specific organization\u2019s HR security management.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-05-2018-0057","type":"journal-article","created":{"date-parts":[[2019,6,11]],"date-time":"2019-06-11T09:07:44Z","timestamp":1560244064000},"page":"411-433","source":"Crossref","is-referenced-by-count":9,"title":["A conceptual model and empirical assessment of HR security risk management"],"prefix":"10.1108","volume":"27","author":[{"given":"Peace","family":"Kumah","sequence":"first","affiliation":[]},{"given":"Winfred","family":"Yaokumah","sequence":"additional","affiliation":[]},{"given":"Eric Saviour Aryee","family":"Okai","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020052710224219200_ref001","first-page":"88","article-title":"Fundamental and ethics theories of corporate governance","volume":"4","year":"2009","journal-title":"Middle Eastern Finance and Economics"},{"key":"key2020052710224219200_ref002","first-page":"1","article-title":"Using a genetic algorithm to minimize false alarms in insider threats detection of information misuse in windows environment","volume":"2014","year":"2014","journal-title":"Mathematical Problems in Engineering"},{"issue":"2","key":"key2020052710224219200_ref003","first-page":"303","article-title":"Information structure of the firm","volume":"75","year":"1985","journal-title":"The American Economic Review"},{"key":"key2020052710224219200_ref004","unstructured":"Bank of Ghana (2011), \u201cPreamble for the legal and regulatory framework\u201d, available at: www.bog.gov.gh\/supervision-a-regulation\/regulatory-framework (accessed 6 June 2017)."},{"key":"key2020052710224219200_ref005","unstructured":"Baseline Personnel Security Standard (BPSS) (2019), \u201cComplete background screening\u201d, available at: https:\/\/cbscreening.co.uk\/news\/post\/bpss-baseline-personnel-security-standard\/ (accessed 8 January 2019)."},{"key":"key2020052710224219200_ref006","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20376-8_14","article-title":"The effects of awareness programs on information security in banks: the roles of protection motivation and monitoring","volume-title":"International Conference on Human Aspects of Information Security, Privacy, and Trust","year":"2015"},{"key":"key2020052710224219200_ref007","volume-title":"Pay without Performance","year":"2004"},{"key":"key2020052710224219200_ref008","volume-title":"The Modern Corporation and Private Property","year":"1932"},{"issue":"4","key":"key2020052710224219200_ref009","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1108\/JMH-06-2016-0028","article-title":"Agency theory: background and epistemology","volume":"22","year":"2016","journal-title":"Journal of Management History"},{"key":"key2020052710224219200_ref010","unstructured":"Bishop, M., Gollmann, D., Hunker, J. and Probst, C.W. (2008), \u201cCountering insider threats, in Dagstuhl seminar proceedings, Dagstuhl, Germany, number 08302, 2008\u201d, available at: http:\/\/drops.dagstuhl.de\/opus\/volltexte\/2008\/1793\/pdf\/08302.SWM.1793.pdf (accessed 10 May 2017)."},{"issue":"2","key":"key2020052710224219200_ref011","first-page":"180","article-title":"Access control, identity management, and the insider threat","volume":"10","year":"2016","journal-title":"Journal of Airport Management"},{"key":"key2020052710224219200_ref012","doi-asserted-by":"crossref","first-page":"375","DOI":"10.1016\/j.chb.2015.03.084","article-title":"How to stimulate the continued use of ICT in higher education: integrating information systems continuance theory and agency theory","volume":"50","year":"2015","journal-title":"Computers in Human Behavior"},{"issue":"1","key":"key2020052710224219200_ref013","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1353\/hcr.0.0219","article-title":"GINA and pre-employment criminal background checks","volume":"40","year":"2010","journal-title":"Hastings Center Report"},{"issue":"1","key":"key2020052710224219200_ref014","first-page":"221","article-title":"Off the record: Why the EEOC should change its guidelines regarding employers\u2019 consideration of employees\u2019 criminal records during the hiring process","volume":"36","year":"2010","journal-title":"Journal of Corporation Law"},{"issue":"3","key":"key2020052710224219200_ref015","first-page":"26","article-title":"Hire right the first time","volume":"80","year":"2015","journal-title":"Journal of Property Management"},{"issue":"3","key":"key2020052710224219200_ref016","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1080\/08874417.2015.11645767","article-title":"Impacts of comprehensive information security programs on information security culture","volume":"55","year":"2015","journal-title":"Journal of Computer Information Systems"},{"issue":"2","key":"key2020052710224219200_ref017","first-page":"129","article-title":"Protected classes, credit histories, and criminal background checks: a new twist to old-fashioned disparate impact cases?","volume":"28","year":"2016","journal-title":"Journal of Business and Behavioural Sciences"},{"key":"key2020052710224219200_ref018","unstructured":"Centre for the Protection of National Infrastructure (CPNI) (2017), \u201cPersonnel and people security advice and measures\u201d, available at: www.cpni.gov.uk\/personnel-and-people-security (accessed 12 May 2017)."},{"issue":"3","key":"key2020052710224219200_ref019","doi-asserted-by":"crossref","first-page":"479","DOI":"10.1007\/s10869-013-9318-5","article-title":"The impact of applicant faking on selection measures, hiring decisions, and employee performance","volume":"29","year":"2014","journal-title":"Journal of Business and Psychology"},{"issue":"1","key":"key2020052710224219200_ref020","doi-asserted-by":"crossref","first-page":"57","DOI":"10.5465\/amr.1989.4279003","article-title":"Agency theory: an assessment and review","volume":"14","year":"1989","journal-title":"Academy of Management Review"},{"key":"key2020052710224219200_ref021","unstructured":"Electronic Transactions Act 772 (2008), \u201cElectronic transaction act of Ghana\u201d, available at: https:\/\/nca.org.gh\/assets\/Uploads\/NCA-Electronic-Transactions-Act-773.pdf (accessed 12 May 2017)."},{"issue":"2","key":"key2020052710224219200_ref022","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1086\/467037","article-title":"Separation of ownership and control","volume":"26","year":"1983","journal-title":"Journal of Law and Economics"},{"issue":"1","key":"key2020052710224219200_ref023","first-page":"51","article-title":"New concerns in electronic employee monitoring: have you checked your policies lately?","volume":"18","year":"2015","journal-title":"Journal of Legal, Ethical and Regulatory Issues"},{"issue":"2","key":"key2020052710224219200_ref024","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1002\/ert.21450","article-title":"Background screening in Apac: trends and challenges","volume":"41","year":"2014","journal-title":"Employment Relations Today (Wiley)"},{"issue":"3","key":"key2020052710224219200_ref025","doi-asserted-by":"crossref","first-page":"414","DOI":"10.1007\/s11747-011-0261-6","article-title":"An assessment of the use of partial least squares structural equation modeling in marketing research","volume":"40","year":"2012","journal-title":"Journal of the Academy of Marketing Science"},{"issue":"4","key":"key2020052710224219200_ref026","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1108\/09685221111173076","article-title":"Shaping security behaviour through discipline and agility: implications for information security management","volume":"19","year":"2011","journal-title":"Information Management and Computer Security"},{"issue":"2","key":"key2020052710224219200_ref027","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1016\/0022-0531(79)90073-5","article-title":"Optimal incentive contracts with imperfect information","volume":"20","year":"1979","journal-title":"Journal of Economic Theory"},{"key":"key2020052710224219200_ref028","volume-title":"Culture\u2019s consequences \u2013 Comparing Values, Behaviors, Institutions, and Organizations across Nations","year":"2001"},{"issue":"4","key":"key2020052710224219200_ref029","doi-asserted-by":"crossref","first-page":"615","DOI":"10.1111\/j.1540-5915.2012.00361.x","article-title":"Managing employee compliance with information security policies: the critical role of top management and organizational culture","volume":"43","year":"2012","journal-title":"Decision Sciences"},{"key":"key2020052710224219200_ref030","unstructured":"ISACA (2013), \u201cCOBIT 4.1 PO7 manage IT human resources \u2013 process description\u201d, available at: www.isaca.org\/popup\/Pages\/PO7-Manage-IT-Human-Resources.aspx? (accessed 8 January 2019)."},{"key":"key2020052710224219200_ref031","unstructured":"ISO\/IEC 27002 (2013), \u201cInformation technology security techniques - code of practice for information security controls\u201d, available at: www.iso.org (accessed 5 May 2017)."},{"key":"key2020052710224219200_ref032","unstructured":"ISO\/IEC 17799 (2005), \u201cInformation technology \u2013 code of practice for information security management\u201d, available at: www.iso.org\/standard\/39612.html (accessed 8 January 2019)."},{"issue":"4","key":"key2020052710224219200_ref033","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1016\/0304-405X(76)90026-X","article-title":"Theory of the firm: managerial behavior, agency costs, and ownership structure","volume":"3","year":"1976","journal-title":"Journal of Financial Economics"},{"issue":"3","key":"key2020052710224219200_ref034","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1108\/ICS-02-2016-0013","article-title":"The role of the chief information security officer in the management of IT security","volume":"25","year":"2017","journal-title":"Information and Computer Security"},{"key":"key2020052710224219200_ref035","first-page":"111","article-title":"Self-Fulfilling prophecy? An examination of exposure to agency theory and unethical behavior","volume-title":"Research on Professional Responsibility and Ethics in Accounting","year":"2018"},{"issue":"12","key":"key2020052710224219200_ref036","doi-asserted-by":"crossref","first-page":"1049","DOI":"10.1108\/MRR-04-2013-0085","article-title":"Information security awareness and behavior: a theory-based literature review","volume":"37","year":"2014","journal-title":"Management Research Review"},{"issue":"4","key":"key2020052710224219200_ref037","first-page":"16","article-title":"Criminal background checks can\u2019t remain in the background anymore","volume":"215","year":"2013","journal-title":"Journal of Accountancy"},{"issue":"2","key":"key2020052710224219200_ref038","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1080\/07421222.2016.1205925","article-title":"An empirical validation of malicious insider characteristics","volume":"33","year":"2016","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"key2020052710224219200_ref039","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s12113-002-1015-6","article-title":"Can agency theory justify the regulation of insider trading?","volume":"5","year":"2002","journal-title":"The Quarterly Journal of Austrian Economics"},{"issue":"3","key":"key2020052710224219200_ref040","doi-asserted-by":"crossref","first-page":"583","DOI":"10.2307\/20650310","article-title":"Response to Jones and Karsten, Giddens\u2019 structuration theory and information systems researched","volume":"33","year":"2009","journal-title":"MIS Quarterly"},{"issue":"4","key":"key2020052710224219200_ref041","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/MSP.2008.87","article-title":"Insiders behaving badly","volume":"6","year":"2008","journal-title":"IEEE Security and Privacy Magazine"},{"key":"key2020052710224219200_ref042","unstructured":"Coleman, Q. (2017), \u201cWhat are the different theories of industrial relations?\u201d, available at: https:\/\/bizfluent.com\/facts-6323679-different-theories-industrial-relations-.html (accessed 10 May 2017)."},{"issue":"1","key":"key2020052710224219200_ref043","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1093\/indlaw\/dws005","article-title":"Reserving the right to change terms and conditions: how far can the employer go?","volume":"41","year":"2012","journal-title":"Industrial Law Journal"},{"key":"key2020052710224219200_ref044","unstructured":"Roach, J.C. (2016), \u201cWould standardized job testing assist employers in hiring the right employee?\u201d, Monthly Labor Review, p. 1."},{"issue":"1","key":"key2020052710224219200_ref045","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1177\/001979390906300102","article-title":"Strategic choices in pluralist and unitarist employment relations regimes: a study of Australian telecommunications","volume":"63","year":"2009","journal-title":"ILR Review"},{"issue":"4","key":"key2020052710224219200_ref046","first-page":"60","article-title":"Information security management best practice based on ISO\/IEC 17799","volume":"39","year":"2005","journal-title":"The Information Management Journal"},{"issue":"1","key":"key2020052710224219200_ref047","doi-asserted-by":"crossref","first-page":"86","DOI":"10.5958\/0976-478X.2017.00005.2","article-title":"Role of third party employee verification and background checks in HR management: an overview","volume":"8","year":"2017","journal-title":"Journal of Commerce and Management Thought"},{"issue":"1","key":"key2020052710224219200_ref048","first-page":"43","article-title":"Changes in employee relations: impact of perceived organizational support on the social exchange of the outsourcing industry in Sri Lanka","volume":"9","year":"2013","journal-title":"Skyline Business Journal"},{"issue":"5","key":"key2020052710224219200_ref049","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1108\/JEIM-07-2013-0052","article-title":"Identifying factors of organizational information security management","volume":"27","year":"2014","journal-title":"Journal of Enterprise Information Management"},{"issue":"4","key":"key2020052710224219200_ref050","doi-asserted-by":"crossref","first-page":"445","DOI":"10.1108\/14637150410548100","article-title":"Business analysis metrics for business process redesign","volume":"10","year":"2004","journal-title":"Business Process Management Journal"},{"issue":"1","key":"key2020052710224219200_ref051","first-page":"77","article-title":"General aspects regarding signing an individual work contract","volume":"62","year":"2010","journal-title":"Petroleum \u2013 Gas University of Ploiesti Bulletin, Law and Social Sciences Series"},{"issue":"1","key":"key2020052710224219200_ref052","first-page":"23","article-title":"The regulations of the obligatory provisions of the individual employment contract","volume":"64","year":"2013","journal-title":"Petroleum \u2013 Gas University of Ploiesti Bulletin, Law and Social Sciences Series"},{"issue":"2","key":"key2020052710224219200_ref053","doi-asserted-by":"crossref","first-page":"107","DOI":"10.2308\/jis.2010.24.2.107","article-title":"A review of IT governance: a taxonomy to inform accounting information systems","volume":"24","year":"2010","journal-title":"Journal of Information Systems"},{"issue":"4","key":"key2020052710224219200_ref054","doi-asserted-by":"crossref","first-page":"487","DOI":"10.1108\/ER-10-2016-0189","article-title":"Evaluating the prevalence of employees without written terms of employment in the European union","volume":"39","year":"2017","journal-title":"Employee Relations"},{"key":"key2020052710224219200_ref055","first-page":"159","article-title":"Understanding why in software process modelling, analysis, and design","year":"1994"},{"issue":"4","key":"key2020052710224219200_ref056","first-page":"157","article-title":"Features of the employment contract with the teaching staff of educational organization of higher education","volume":"3","year":"2014","journal-title":"Vestnik Sankt-Peterburgskogo Universiteta"},{"issue":"4","key":"key2020052710224219200_ref057","doi-asserted-by":"crossref","first-page":"549","DOI":"10.1111\/basr.12074","article-title":"Further beyond the basic background check: predicting future unethical behaviour","volume":"120","year":"2015","journal-title":"Business and Society Review"},{"key":"key2020052710224219200_ref058","article-title":"The right to privacy and data protection in Ghana","volume-title":"African Data Privacy Laws. Law, Governance and Technology Series","year":"2016"},{"issue":"5","key":"key2020052710224219200_ref059","doi-asserted-by":"crossref","first-page":"366","DOI":"10.1108\/09685221011095272","article-title":"Information security education in South Africa","volume":"18","year":"2010","journal-title":"Information Management and Computer Security"},{"issue":"146","key":"key2020052710224219200_ref060","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1002\/ir.342","article-title":"Homeland security initiatives and background checks in higher education","volume":"2010","year":"2010","journal-title":"New Directions for Institutional Research"},{"issue":"3","key":"key2020052710224219200_ref061","first-page":"49","article-title":"Information security governance of enterprise information systems: an approach to legislative compliant","volume":"14","year":"2010","journal-title":"International Journal of Management and Information Systems"},{"issue":"3","key":"key2020052710224219200_ref062","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1002\/ert.20352","article-title":"Global business operations require increased efforts in international background screening","volume":"38","year":"2011","journal-title":"Employment Relations Today"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-05-2018-0057\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-05-2018-0057\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:55Z","timestamp":1753406575000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/27\/3\/411-433\/105976"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,7,8]]},"references-count":62,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,7,8]]}},"alternative-id":["10.1108\/ICS-05-2018-0057"],"URL":"https:\/\/doi.org\/10.1108\/ics-05-2018-0057","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2019,7,8]]}}}