Factors in Information Assurance Professionals' Intentions to Adhere to Information Security Policies

Factors in Information Assurance Professionals' Intentions to Adhere to Information Security Policies

S. Raschid Muller (University of Maryland Global Campus, USA) and Mary L. Lind (Louisana State University Shreveport, USA)
DOI: 10.4018/IJSSSP.2020010102

Abstract

Information security policies (ISPs) serve to clarify and formalize organizational information security practices and reduce data risks, but research shows that ISP noncompliance remains a prominent concern for both scholars and practitioners. This study utilized the unified theory of acceptance and use of technology 2 (UTAUT2) to explore factors that predict information assurance professionals' behavioral intentions to comply with ISPs. The research question addressed: To what extent do performance expectancy, effort expectancy, social influence, facilitating conditions, hedonic motivation, price value, and habit predict information assurance professionals' behavioral intention to comply with information security policies in organizations? A nonexperimental, cross-sectional research design using structural equation modeling (PLS-SEM) addressed the research question with information assurance professionals in government agencies where habit emerged as the important component of ISP compliance with hedonic factors having a negative impact.
Article Preview
Top

Introduction

To counter continually evolving information security threats, organizations develop formal information security policies (ISPs) to reduce data risks and strengthen data security (Yildirim, 2016). If information assurance professionals do not comply with the ISP’s, the firm’s data risks are increased (Aloul, 2012; Pfleeger, Sasse, & Furnham, 2014) where it has been shown that noncompliant information security behavior of employees is a significant information security risk for organizations (Alqahtani, 2017; Kolkowska, Karlsson, & Hedström, 2017). Despite the importance of information security and ISP compliance, previous researchers have primarily focused on compliance among general employees with little attention has been given to the compliance behaviors of information assurance professionals (Kolkowska et al., 2017; Fourtané, 2018) and this study will explore this gap.

The phenomenon of interest in the present study is ISP compliance among information assurance professionals. ISP compliance is important to the success of an organization’s information security program (Alqahtani, 2017; Kolkowska et al., 2017). ISP compliance is especially relevant in the context of information assurance professionals, as these individuals are tasked with “protecting information from theft, destruction, or manipulation” (Sadiku, Alam, & Musa, 2017, p. 1).

Organizations spend millions of dollars on security training and ISP awareness (Mejias & Balthazard, 2015). Despite investments in information security, ISP noncompliance among information assurance professionals constitutes a significant data security risk for organizations (Kolkowska et al., 2017). Research has shown that employees’ failure to comply with an ISP can expose an organization to regulatory fines and loss of reputation due to data breaches (Hina & Dominic, 2018). Lord (2018) specifically noted that when information assurance professionals do not comply with ISPs, they expose organizational data to unnecessary risks. The scholarly literature lacks clarity regarding the factors that significantly influence information assurance professionals’ behavioral intentions to comply with ISPs (Alqahtani, 2017; Kolkowska et al., 2017; Quigley, Burns, & Stallard, 2015).

Review of the Literature

The UTAUT2 model uses seven key factors to explain behavioral intentions to adopt or use technology (Venkatesh et al., 2012) – performance expectancy, effort expectancy, social influence, facilitating conditions, hedonic motivation, price value, and habit. Hedonic motivation is the motivation driving an individual to take action due to the satisfaction inherent in the action (Tomasik, 2017; Huizinga, 1950). Several studies revealed that in the consumer context, hedonic motivation is a significant determinant of technology acceptance and use (Haryoto & Haryoto, 2015; Masa’deh et al., 2016). Price value is the perceived benefit of using technology measured against the cost of the technology (Ul-Ain et al., 2016). Habit is a perceptual construct that reflects the results of prior experiences and habit is a strong predictor of future technology use (De Moura et al., 2017; Slade, Dwivedi, Piercy, & Williams, 2015).

Performance Expectancy

Performance expectancy refers to an individual’s perception that using technology has advantages in certain circumstances as the technology will improve performance (Venkatesh et al., 2012). Research using the UTAUT as a theoretical framework has consistently demonstrated that a statistically significant relationship exists between performance expectancy and users’ behavioral intentions to adopt technology (Oh & Yoon, 2014).

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 12: 2 Issues (2021): Forthcoming, Available for Pre-Order
Volume 11: 2 Issues (2020)
Volume 10: 2 Issues (2019)
Volume 9: 4 Issues (2018)
View Complete Journal Contents Listing