Loading...
Paper Type
ERF
Abstract
Maintaining consistent employee compliance with information security policies (ISPs) has become a major concern for organizations. Existing studies have explored the persistence of compliance based on behavioral outcomes but lacked a comprehensive exploration of employees’ cognitions when making compliance decisions across different security environments. From a human judgment perspective, we draw on the cognitive continuum theory to explore employees' cognitive modes in complying with ISPs and their influences on actual compliance behaviors in different security environments. We plan to use semi-structured interviews to understand employees' cognitive processes and influencing factors in making compliance decisions, which will contribute to understanding the human judgment behind changes in employee compliance with ISPs over time.
Paper Number
1328
Recommended Citation
Zhao, Weijie; Johnston, Allen; and Siponen, Mikko, "Intuition or Analysis? Investigation of Employees’ Cognitive Mode of Information Security Policy Compliance" (2024). AMCIS 2024 Proceedings. 23.
https://aisel.aisnet.org/amcis2024/security/security/23
Intuition or Analysis? Investigation of Employees’ Cognitive Mode of Information Security Policy Compliance
Maintaining consistent employee compliance with information security policies (ISPs) has become a major concern for organizations. Existing studies have explored the persistence of compliance based on behavioral outcomes but lacked a comprehensive exploration of employees’ cognitions when making compliance decisions across different security environments. From a human judgment perspective, we draw on the cognitive continuum theory to explore employees' cognitive modes in complying with ISPs and their influences on actual compliance behaviors in different security environments. We plan to use semi-structured interviews to understand employees' cognitive processes and influencing factors in making compliance decisions, which will contribute to understanding the human judgment behind changes in employee compliance with ISPs over time.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC