Although prior information security research predominantly focuses on organizational in-role security behaviors (e.g., information security policy (ISP) compliance), the role of extra-role security behaviors – secure actions unspecified in ISPs but beneficial to organizations – has not seen nearly as much attention. At the same time, employees’ awareness manifests itself as prerequisite for security behavior but without research having really understood all of its potential impacts. Therefore this study ex-amines the role of information security awareness (ISA) in enhancing extra-role security behaviors in addition to in-role security behaviors. In particular, we propose that general ISA enhances promotive extra-role security behaviors (i.e., helping and voice) and ISP awareness fosters prohibitive extra-role security behaviors (i.e., stewardship and whistle-blowing). Data was collected from a field study, where employees responded to incoming emails from co-workers and supervisors asking for password sharing, unsafe data sharing via private emails, as well as the use of private cloud services and unau-thorized software. Our findings show that general ISA and ISP awareness are indeed driving both in-role and extra-role security behaviors. We discuss our implications for theory and practice, and con-clude with interesting avenues for further research.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.