Information systems security behavioral research has primarily focused on individual cognitive processes and their impact on information security policy noncompliance. However, affective processes (operationalized by affective absorption and affective flow) may also significantly contribute to misuse or information security policy noncompliance. Our research study evaluated the impact of affective absorption (i.e., the trait or disposition to allow one’s emotions to drive decision-making) and affective flow (i.e., a state of immersion with one’s emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. Our conceptual model was evaluated using a laboratory research design. We found that individuals who were frustrated by work-related tasks experienced negative affective flow and violated information security policies. Furthermore, perceptions of organizational injustice increased negative affective flow. Our findings underscore the need for understanding affective processes as well as cognitive processes which may lead to a more holistic understanding regarding information security policy compliance.
Ormond, Dustin; Warkentin, Merrill; and Crossler, Robert E.
"Integrating Cognition with an Affective Lens to Better Understand Information Security Policy Compliance,"
Journal of the Association for Information Systems: Vol. 20
, Article 4.
Available at: https://aisel.aisnet.org/jais/vol20/iss12/4