A Common Description and Measures for Perceived Behavioral Control in Information Security for Organizations
Abstract
Understanding employee’s security behavior is required before effective security policies and training materials can be developed. The Anti-virus software, secure systems design methods, information management standards, and information systems security policies; which have been developed and implemented by many organizations; have not been successfully adopted. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior based on Attitude, subjective norm, and perceived behavioral control (PBC) constructs, considers intentions as cognitive antecedents of actions or behavior. This study reviews various research on PBC and finds the most common measures for PBC, which can be used in organizations to develop a method to influence employees perceived behavioral control positively with the goal of inducing positive security behavior. Further, a conceptual model for operationalizing the obtained measures for enhancing information security in organizations is presented.