Description
While IT security research has explored explanatory models using risk/fear/efficacy drivers, this effort emphasizes assessments of personal security optimism/pessimism as drivers of personal security behavior. Technical solutions can help but many organizational vulnerabilities are exacerbated by non-compliance. Individuals neglect to or choose not to comply with security practices, placing organizations at risk. In this study, we explore a model that identifies likely non-compliers. We assess constructs over time, assess perceptions of the pros and cons of compliance, and deliver small training/motivational content. In our results measuring over time and including pro/con perception increased explanatory power for compliance behavior and prediction algorithms were able to identify non-compliers with a high degree of accuracy. We assert that this approach, which integrates training and assessment over time and uses measures that may be more palatable for real-world settings, is promising for organizations who seek to both understand and improve security behavior.
Recommended Citation
Marshall, Byron; Curry, Michael; Coreia, John; and Crossler, Robert E., "Personal Motivation Measures for Personal IT Security Behavior" (2017). AMCIS 2017 Proceedings. 27.
https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/27
Personal Motivation Measures for Personal IT Security Behavior
While IT security research has explored explanatory models using risk/fear/efficacy drivers, this effort emphasizes assessments of personal security optimism/pessimism as drivers of personal security behavior. Technical solutions can help but many organizational vulnerabilities are exacerbated by non-compliance. Individuals neglect to or choose not to comply with security practices, placing organizations at risk. In this study, we explore a model that identifies likely non-compliers. We assess constructs over time, assess perceptions of the pros and cons of compliance, and deliver small training/motivational content. In our results measuring over time and including pro/con perception increased explanatory power for compliance behavior and prediction algorithms were able to identify non-compliers with a high degree of accuracy. We assert that this approach, which integrates training and assessment over time and uses measures that may be more palatable for real-world settings, is promising for organizations who seek to both understand and improve security behavior.