DOI
https://doi.org/10.25772/BTYA-VK54
Defense Date
2015
Document Type
Dissertation
Degree Name
Doctor of Philosophy
Department
Information Systems
First Advisor
Gurpreet Dhillon
Second Advisor
Richard Redmond
Third Advisor
Manoj Thomas
Fourth Advisor
Sven Kepes
Fifth Advisor
Victoria Yoon
Abstract
Incidents of computer abuse, proprietary information leaks and other security lapses have been on the increase. Most often, such security lapses are attributed to internal employees in organizations subverting established organizational IS security policy. As employee compliance with IS security policy is the key to escalating IS security breaches, understanding employee motivation for following IS security policy is critical. In addition to several types of extrinsic motives noted in prior studies, including sanctions, rewards, and social pressures, this study adds that an important contributing intrinsic factor is empowerment. Per Thomas and Velthouse’s (1990) intrinsic motivation model, empowerment is the positive feelings derived from IS security task assessments. Through survey data collected from 289 participants, the study assesses how dimensions of psychological empowerment (i.e., competence, meaning, impact, and choice) as derived from IS security task may impact the IS security performance of the participants, measured by their compliance with IS security policy. The study demonstrates that the competence and meaning dimensions of psychological empowerment have a positive impact on participants’ IS security policy compliance intention, while impact has a marginal negative influence on compliance. Furthermore, dimensions of psychological empowerment can be predicted by structural empowerment facets, particularly IS security education, training, and awareness (SETA), access to IS security strategy and goals, and participation in IS security decision-making. In addition, the competence and meaning dimensions of psychological empowerment may act as mediators for the relations between structural empowerment and participants’ IS security policy compliance. Theoretical contributions, managerial implications, and directions for future research of this study will be discussed.
Rights
© The Author
Is Part Of
VCU University Archives
Is Part Of
VCU Theses and Dissertations
Date of Submission
5-5-2015