Research on information security policy compliance provides insights on the factors that facilitate security related human behaviour. Since humans provide the end of every technological use chain, this research provides an important building block of every organizational security architecture. Research on this topic can be divided into research on policy compliant behaviour (positive policy compliance) and research on policy deviant behaviour (negative policy compliance). However, a previous metastudy that was the first to test available measurement instruments of positive policy compliance for response biases remained inconclusive on the truthfulness of self-reported policy compliance. This contribution provides a new measurement instrument that builds upon the scenario-based questioning approach found in most negative policy compliance research, while enabling scenario-independent measurement of positive policy compliance and provided response consistency. The instrument was validated by conducting a pre-test (n = 8) in a research department and yields a promising internal validity with Cronbach alphas of .911 for the policy compliance instrument and .961 for the policy knowledge consistency instrument. The instrument is being applied in a larger survey that aims at determining the reliability of measured policy compliance of the instruments currently used in positive policy compliance research.
Kurowski, Sebastian, "Measuring compliance with specific policy contents - the SRPC- and SRPCC-Scales for a more detailed measurement of positive policy compliance" (2018). Research-in-Progress Papers. 54.