As the issue of security threat is getting more serious, increasingly complex and strict information security controls are implemented as firms’ effort to better safeguard their information asset. These security countermeasures, on the one hand enable firms to effectively regulate employee’s security behavior and protect firm’s information asset, on the other hand, would unavoidably impose adverse impact on individual’s working process and well-being at work. Starting from this phenomenon, this study aims to explore how security-related controls impact employee’s working as well as how employee copes with security-related negative situation. To fulfill this objective, we conducted a mixed method study with stress coping theory served as theoretical background. The findings of both qualitative and quantitative studies, on the one hand, highlight the incidence of employee’s negative experience arising from security countermeasures in organization, on the other hand, offer empirical evidence of coping process in such situation. The result shows that perceived security restrictiveness, perceived security efficacy, and perceived controllability will influence individual choice of coping strategies, which in turn result in different coping behaviors, which are task adaptation, technology adaptation, and user-driven IT solution. Theoretical and practical implication, limitation, and suggestion for future research are also discussed.

Abbas, S. K., Hassan, H. A., Asif, J., Ahmed, B., Hassan, F., & Haider, S. S. (2018). Integration of TTF, UTAUT, and ITM for mobile banking adoption. International Journal of Advanced Engineering, Management and Science, 4(5).
Albrechtsen, E., & Hovden, J. (2009). The information security digital divide between information security managers and users. Computers & Security, 28(6), 476-490.
Alter, S. (2014). Theory of workarounds. Communication of the Association for Information Systems, 34(0).
Arunothong, W., & Nazareth, D. L. (2017). The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data. Journal of Information Privacy Security, 13(2), 69-83.
Bala, H., & Venkatesh, V. (2015a). Adaptation to information technology: A holistic nomological network from implementation to job outcomes. Management Science, 62(1), 156-179.
Bala, H., & Venkatesh, V. (2015b). Adaptation to information technology: A holistic nomological network from implementation to job outcomes. Management Science, 62(1), 156-179.
Bandura, A. (1982). Self-efficacy mechanism in human agency. American Psychologist, 37(2), 122.
Barki, H., Titah, R., & Boffo, C. (2007). Information system use–related activity: An expanded behavioral conceptualization of individual-level information system use. Information Systems Research, 18(2), 173-192.
Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2018). Don't Even Think About It! The Effects of Antineutralization, Informational, and Normative Communication on Information Security Compliance. Journal of the Association for Information Systems, 19(8), 689-715.
Beaudry, A., & Pinsonneault, A. (2005). Understanding user responses to information technology: A coping model of user adaptation. MIS Quarterly, 29(3).
Boss, S., Galletta, D., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837-864.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.
Burns, A., Posey, C., Roberts, T. L., & Lowry, P. B. (2017). Examining the relationship of organizational insiders' psychological capital with information security threat and coping appraisals. Computers in Human Behavior, 68(0), 190-209.
Burns, A., Roberts, T. L., Posey, C., Bennett, R. J., & Courtney, J. F. (2018). Intentions to Comply Versus Intentions to Protect: A VIE Theory Approach to Understanding the Influence of Insiders’ Awareness of Organizational SETA Efforts. Decision Sciences, 49(6), 1187-1228.
Carpenter, B. N. (1992). Personal coping: Theory, research, and application: ABC-CLIO.
Chatterjee, S., Sarker, S., & Valacich, J. (2015). The behavioral roots of information systems security: Exploring key factors related to unethical IT use. Journal of Management Information Systems, 31(4), 49-87.
Chen, J. V., Tran, A., & Nguyen, T. (2019). Understanding the discontinuance behavior of mobile shoppers as a consequence of technostress: An application of the stress-coping theory. Computers in Human Behavior, 95(0), 83-93.
Chenoweth, T., Gattiker, T., & Corral, K. (2019). Adaptive and Maladaptive Coping with an IT Threat. Information Systems Management, 36(1), 24-39.
D'Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285-318.
D’Arcy, J., & Hovav, A. (2009). Does one size fit all? Examining the differential effects of IS security countermeasures. Journal of Business Ethics, 89(1), 59.
D’arcy, J., & The, P.-L. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management.
DeSanctis, G., & Poole, M. S. (1994). Capturing the complexity in advanced technology use: Adaptive structuration theory. Organization Science, 5(2), 121-147.
Elie-Dit-Cosaque, C. M., & Straub, D. W. (2011). Opening the black box of system usage: User adaptation to disruptive IT. European Journal of Information Systems, 20(5), 589-607.
Folkman, S., & Lazarus, R. S. (1985). If it changes it must be a process: Study of emotion and coping during three stages of a college examination. Journal of Personality Social Psychology, 48(1), 150.
Folkman, S., Lazarus, R. S., Dunkel-Schetter, C., DeLongis, A., & Gruen, R. J. (1986). Dynamics of a stressful encounter: Cognitive appraisal, coping, and encounter outcomes. Journal of Personality Social Psychology, 50(5), 992.
Folkman, S., Lazarus, R. S., Gruen, R. J., & DeLongis, A. (1986). Appraisal, coping, health status, and psychological symptoms. Journal of Personality and Social Psychology, 50(3), 571-579.
Folkman, S., & Moskowitz, J. T. (2000). Positive affect and the other side of coping. American Psychologist, 55(6), 647-654.
Fries, V. C., Wiesche, M., & Krcmar, H. (2016). The Dualism of Workarounds: Effects of Technology and Mental Workload on Improvement and Noncompliant Behavior within Organizations. Paper presented at the Thirty Seventh International Conference on Information System, Dublin.
Galluch, P. S., Grover, V., & Thatcher, J. B. (2015). Interrupting the workplace: Examining stressors in an information technology context. Journal of the Association for Information Systems, 16(1), 1.
Goodhue, D. L., & Thompson, R. L. (1995). Task-technology fit and individual performance. MIS quarterly, 213-236.
Grimes, M., & Marquardson, J. (2019). Quality matters: Evoking subjective norms and coping appraisals by system design to increase security intentions. Decision Support System.
Haag, S., & Eckhardt, A. (2014). Normalizing the shadows – The role of symbolic models for individuals’ shadow IT usage. Paper presented at the Thirty Fifth International Conference on Information Systems, Auckland.
Haag, S., Eckhardt, A., & Schwarz, A. (2018). The Acceptance of Justifications among Shadow IT Users and Nonusers–An Empirical Analysis. Information & Management.
Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., & Tatham, R. L. (1998). Multivariate data analysis (Vol. 5): Prentice hall Upper Saddle River, NJ.
Hair, J. F., Ringle, C. M., & Sarstedt, M. (2011). PLS-SEM: Indeed a silver bullet. Journal of Marketing theory and Practice, 19(2), 139-152.
Hair Jr, J. F., Hult, G. T. M., Ringle, C., & Sarstedt, M. (2016). A primer on partial least squares structural equation modeling (PLS-SEM): Sage publications.
Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106-125.
Hisnanick, J. (1989). In the age of the smart machine: The future of work and power. Employee Responsibilities and Rights Journal, 2(4), 313-314. doi: 10.1007/bf01423360
Hsu, J. S.-C., Shih, S.-P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviors and social controls in information security policy effectiveness. Information Systems Research, 26(2), 282-300.
Hwang, I., & Cha, O. (2018). Examining technostress creators and role stress as potential threats to employees' information security compliance. Computers in Human Behavior, 81(0), 282-293.
Hwang, I., Kim, D., Kim, T., & Kim, S. (2017). Why not comply with information security? An empirical approach for the causes of non-compliance. Online Information Review, 41(1), 2-18.
Ifinedo, P. (2014a). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79.
Ifinedo, P. (2014b). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79.
Johnston, A. C., Di Gangi, P. M., Howard, J., & Worrell, J. (2019). It Takes a Village: Understanding the Collective Security Efficacy of Employee Groups. Journal of the Association for Information Systems, 20(3), 186-212.
Johnston, A. C., Warkentin, M., McBride, M., & Carter, L. (2016). Dispositional and situational factors: Influences on information security policy violations. European Journal of Information Systems, 25(3), 231-251.
Karjalainen, M., Sarker, S., & Siponen, M. (2019). Toward a theory of information systems security behaviors of organizational employees: A dialectical process perspective. Information Systems Research.
Karjalainen, M., & Siponen, M. (2011). Toward a new meta-theory for designing information systems (IS) security training approaches. Journal of the Association for Information Systems, 12(8), 518-555.
Kolkowska, E., Karlsson, F., & Hedström, K. (2017). Towards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method. The Journal of Strategic Information Systems, 26(1), 39-57.
Laumer, S., Maier, C., & Weitzel, T. (2017). Information quality, user satisfaction, and the manifestation of workarounds: A qualitative and quantitative study of enterprise content management system users. European Journal of Information Systems, 26(4), 333-360.
Lazarus, R., & Folkman, S. (1984). Stress, coping and appraisal. New York: Springer Publishing Company.
Lazarus, R. S. (1966). Psychological stress and the coping process. New York: McGraw-Hill.
Lazarus, R. S. (2000a). Toward better research on stress and coping. The American psychologist, 55(6).
Lazarus, R. S. (2000b). Toward better research on stress and coping. American Psychologist, 55(6), 665-673.
Lazarus, R. S., & Folkman, S. (1984). Stress, appraisal, and coping. New York: Springer publishing company.
Lazarus, R. S., & Folkman, S. (1984). Stress, appraisal, and coping. New York: Springer.
Lee, C., Lee, C. C., & Kim, S. (2016). Understanding information security stress: Focusing on the type of information security compliance activity. Computers & Security
59(0), 60-70.
Lee, Z., Wagner, C., & Shin, H. K. (2008). The effect of decision support system expertise on system use behavior and performance. Information & Management, 45(6), 349-358.
Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45(0), 13-24.
Li, Y., Haake, P., & Mueller, B. (2017). Explaining the influence of workarounds on effective use - The case of a supply chain management system. Paper presented at the Proceedings of the 25th European Conference on Information Systems, Guimarães, Portugal.
Liang, H., Peng, Z., Xue, Y., Guo, X., & Wang, N. (2015). Employees’ exploration of complex systems: An integrative view. Journal of Management Information Systems, 32(1), 322-357.
Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33(1), 71-90.
Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11(7), 394-413.
Majchrzak, A., Rice, R. E., Malhotra, A., King, N., & Ba, S. (2000). Technology Adaptation: The Case of a Computer-Supported Inter-Organizational Virtual Team. MIS Quarterly, 24(4), 569-600. doi: 10.2307/3250948
Mallmann, G. L., & Eckhardt, A. (2018). We are social: A social influence perspective to investigate Shadow IT usage. Paper presented at the Twenty-Sixth European Conference on Information Systems, Portsmouth,UK.
Matthews, G., & Campbell, S. E. (1998). Task-induced stress and individual differences in coping. Paper presented at the Proceedings of the Human Factors and Ergonomics Society Annual Meeting.
Matthews, G., Warm, J. S., Reinerman, L. E., Langheim, L. K., & Saxby, D. J. (2010). Task engagement, attention, and executive control Handbook of individual differences in cognition (pp. 205-230): Springer.
Menard, P., Bott, G. J., & Crossler, R. E. (2017). User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems, 34(4), 1203-1230.
Miles, M. B., Huberman, A. M., Huberman, M. A., & Huberman, M. (1994). Qualitative data analysis: An expanded sourcebook. Washington DC: Sage.
Montesdioca, G. P. Z., & Maçada, A. C. G. (2015). Measuring user satisfaction with information security practices. Computers & Security
48(0), 267-280.
Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1).
Nach, H., & Lejeune, A. (2010). Coping with information technology challenges to identity: A theoretical framework. Computers in Human Behavior, 26(4), 618-629.
Pham, H.-C., El-Den, J., & Richardson, J. (2016). Stress-based security compliance model: An exploratory study. Information Computer Security
24(4), 326-347.
Pham, H. C., Linda, B., & Steven, F. (2019). Information security burnout: Identification of sources and mitigating factors from security demands and resources. Journal of Information Security Applications, 46(0), 96-107.
Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The impact of organizational commitment on insiders’ motivation to protect organizational information assets. Journal of Management Information Systems, 32(4), 179-214.
Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., & Courtney, J. F. (2013). Insiders' protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. Mis Quarterly, 37(4), 1189-1210.
Puhakainen, P., & Siponen, M. (2010). Improving employees' compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757-778.
Ringle, C. M., Wende, S., & Will, A. (2005). SmartPLS 2.0 (beta): Hamburg.
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93-114.
Schmitz, K., Teng, J. T., & Webb, K. (2016). Capturing the Complexity of Malleable IT Use: Adaptive Structuration Theory for Individuals. MIS Quarterly, 40(3), 663-686.
Schmitz, K., Webb, K., & Teng, J. T. (2010). Exploring technology and task adaptation among individual users of mobile technology. Paper presented at the International Conference on Information Systems, St. Louis.
Selye, H. (1956). The stress of life. New York: McGraw-Hill Book Company, Inc.
Shaft, T. M., & Vessey, I. (2006). The role of cognitive fit in the relationship between software comprehension and modification. MIS Quarterly, 29-55.
Silic, M., Barlow, J. B., & Back, A. (2017). A new perspective on neutralization and deterrence: Predicting shadow IT usage. Information & Management, 54(0), 1023-1037.
Silver, M. S. (1987). On the restrictiveness of decision support systems. North-Holland: John E. Anderson Graduate School of Management at UCLA.
Silver, M. S. (1988). User perceptions of decision support system restrictiveness: An experiment. Journal of Management Information Systems, 5(1), 51-65.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217-224.
Siponen, M. T., & Oinas-Kukkonen, H. (2007). A review of information security issues and respective research contributions. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 38(1), 60-80.
Somerfield, M. R., & McCrae, R. R. (2000). Stress and coping research: Methodological challenges, theoretical advances, and clinical applications. American Psychologist, 55(6), 620-625.
Stewart, J. M., Chapple, M., & Gibson, D. (2012). CISSP: Certified Information Systems Security Professional Study Guide: John Wiley & Sons.
Tyre, M. J., & Orlikowski, W. J. (1996). The episodic process of learning by using. International Journal of Technology Management, 11(7-8), 790-798.
Vakkari, P. (2003). Task‐based information searching. Annual Review of Information Science Technology, 37(1), 413-464.
Van Niekerk, J., & Von Solms, R. (2010). Information security culture: A management perspective. Computers & Security, 29(4), 476-486.
Vance, A., Lowry, P. B., & Eggett, D. (2013). Using accountability to reduce access policy violations in information systems. Journal of Management Information Systems, 29(4), 263-290.
Vance, A., Lowry, P. B., & Eggett, D. L. (2015). Increasing accountability through the user interface design artifacts: A new approach to addressing the problem of access-policy violations. MIS Quarterly, 39(2), 345-366.
Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: Toward a unified view. MIS Quarterly, 27(3), 425-478.
Wang, J., Li, Y., & Rao, H. R. (2017). Coping responses in phishing detection: An investigation of antecedents and consequences. Information Systems Research, 28(2), 378-396.
Wang, W., & Benbasat, I. (2009). Interactive decision aids for consumer decision making in e-commerce: The influence of perceived strategy restrictiveness. MIS Quarterly, 33(2), 293-320.
Warkentin, M., Johnston, A. C., Shropshire, J., & Barnett, W. D. (2016). Continuance of protective security behavior: A longitudinal study. Decision Support Systems, 92, 25-35.
Wheeler, B. C., & Valacich, J. S. (1996). Facilitation, GSS, and training as sources of process restrictiveness and guidance for structured group decision making: An empirical assessment. Information Systems Research, 7(4), 429-450.
Willison, R., & Warkentin, M. J. M. q. (2013). Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37(1), 1-20.
Yang, X., Liu, N., & Teo, H. H. (2017). How do users cope with trial restrictions? A field experiment on free trial software. International Journal of Information Management, 37(4), 339-349.
Yazdanmehr, A., & Wang, J. (2016). Employees' information security policy compliance: A norm activation perspective. Decision Support Systems, 92, 36-46.
Yeh, Q.-J., & Chang, A. J.-T. (2007). Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), 480-491.
Yoo, C. W., Sanders, G. L., & Cerveny, R. P. (2018). Exploring the influence of flow and psychological ownership on security education, training and awareness effectiveness and security compliance. Decision Support Systems, 108(0), 107-118.
Zeidner, M., & Endler, N. S. (1996). Handbook of coping: Theory, research, applications (Vol. 195): John Wiley & Sons.