Abstract

IT security policies play an important role in outlining employees’ secure behavior that supports organizations’ strategic and competitive goals. However, history is full of examples of employees engaging in behaviors contrary to their organization’s security policy often resulting in undesirable outcomes. This research-in-progress presents a dual-processing model explaining and predicting secure behavior while interacting with strategic information systems. The model posits that the number of security layers (technical controls), the manifestation of managerial attitudes of compliance (managerial controls), and training (educational controls) influence secure behavior directly and also indirectly through system satisfaction. We will test our model in an experiment utilizing a realistic corporate environment that captures user’s security-policy compliance. We suspect to find that managerial controls and educational controls will positively influence secure behavior while technical controls will negatively influence secure behavior directly and also indirectly through system satisfaction.

Download

Share

COinS