Start Date
12-17-2013
Description
Many tools and safe computing practices are available to information system users to help them avoid the negative outcomes due to information security threats. Yet many users do not use these tools and practices. We seek to understand the factors influencing organizational users’ adoption of preventive information security behaviors. These behaviors are similar to those which individuals practice to prevent negative health outcomes. A new model incorporating the primary antecedents of users’ intentions related to preventive security, the Preventive Adoption Model (PAM), is presented and tested. PAM is derived from health behavior theories (health belief model, protection motivation theory, and theory of planned behavior) and integrates key constructs specific to the information security context. Results of the study suggest that users’ beliefs regarding the threats and their avoidability, the proposed preventive actions, and their individual capabilities have an impact on their intentions to perform the prescribed behaviors.
Recommended Citation
Wynn, Donald; Williams, Clay; Karahanna, Elena; and Madupalli, Ramana, "Preventive Adoption of Information Security Behaviors" (2013). ICIS 2013 Proceedings. 5.
https://aisel.aisnet.org/icis2013/proceedings/SecurityOfIS/5
Preventive Adoption of Information Security Behaviors
Many tools and safe computing practices are available to information system users to help them avoid the negative outcomes due to information security threats. Yet many users do not use these tools and practices. We seek to understand the factors influencing organizational users’ adoption of preventive information security behaviors. These behaviors are similar to those which individuals practice to prevent negative health outcomes. A new model incorporating the primary antecedents of users’ intentions related to preventive security, the Preventive Adoption Model (PAM), is presented and tested. PAM is derived from health behavior theories (health belief model, protection motivation theory, and theory of planned behavior) and integrates key constructs specific to the information security context. Results of the study suggest that users’ beliefs regarding the threats and their avoidability, the proposed preventive actions, and their individual capabilities have an impact on their intentions to perform the prescribed behaviors.