Abstract
To better protect organizations from the threat of insiders, IS security (ISS) research frequently emphasizes IS Security Policy (ISP) behavior. The effectiveness of an assessment model is typically analyzed either using short survey statements (behavior survey) or by using scenario agreement (prospective scenario) to measure current and prospective compliance (or non-compliance) behavior. However, a significant gap is the lack of statistical evidence to demonstrate that these two measures or dependent variables (DV) sufficiently agree with one another. We report on an effort to compare and contrast two assessment models which employed alternate styles of DVs and demonstrate that the primary construct from two different ISS behavioral theories had approximately the same effect size on either of the DVs. Our findings add support for substantial (but not overly correlated) synchronization between the two DV values, since we also observe that the prospective scenario non-compliance measure resulted in lower model fit while the behavior survey compliance measures fit both models with higher accuracy. We discuss our findings and recommend that for many studies there can be value in employing both DVs.
Recommended Citation
Marshall, Byron; Shadbad, Forough Nasirpouri; Curry, Michael; and Biros, David, "Do measures of security compliance intent equal non-compliance scenario agreement?" (2022). WISP 2022 Proceedings. 19.
https://aisel.aisnet.org/wisp2022/19