Intrinsic Motivation and Information Systems Security Policy Compliance in Organizations

Author

Yurita Yakimin Abdul Talib, Virginia Commonwealth UniversityFollow

DOI

https://doi.org/10.25772/BTYA-VK54

Defense Date

2015

Document Type

Dissertation

Degree Name

Doctor of Philosophy

Department

Information Systems

First Advisor

Gurpreet Dhillon

Second Advisor

Richard Redmond

Third Advisor

Manoj Thomas

Fourth Advisor

Sven Kepes

Fifth Advisor

Victoria Yoon

Abstract

Incidents of computer abuse, proprietary information leaks and other security lapses have been on the increase. Most often, such security lapses are attributed to internal employees in organizations subverting established organizational IS security policy. As employee compliance with IS security policy is the key to escalating IS security breaches, understanding employee motivation for following IS security policy is critical. In addition to several types of extrinsic motives noted in prior studies, including sanctions, rewards, and social pressures, this study adds that an important contributing intrinsic factor is empowerment. Per Thomas and Velthouse’s (1990) intrinsic motivation model, empowerment is the positive feelings derived from IS security task assessments. Through survey data collected from 289 participants, the study assesses how dimensions of psychological empowerment (i.e., competence, meaning, impact, and choice) as derived from IS security task may impact the IS security performance of the participants, measured by their compliance with IS security policy. The study demonstrates that the competence and meaning dimensions of psychological empowerment have a positive impact on participants’ IS security policy compliance intention, while impact has a marginal negative influence on compliance. Furthermore, dimensions of psychological empowerment can be predicted by structural empowerment facets, particularly IS security education, training, and awareness (SETA), access to IS security strategy and goals, and participation in IS security decision-making. In addition, the competence and meaning dimensions of psychological empowerment may act as mediators for the relations between structural empowerment and participants’ IS security policy compliance. Theoretical contributions, managerial implications, and directions for future research of this study will be discussed.

Rights

© The Author

Is Part Of

VCU University Archives

Is Part Of

VCU Theses and Dissertations

Date of Submission

5-5-2015