Defense Date

Spring 4-19-2019

Degree Type

Dissertation

Degree Name

Information Systems

Department

Business Administration

Committee Chair/First Advisor

Saurabh Gupta

Committee Member

Humayun Zafar

Reader

Merrill Warkentin

Abstract

Organizations implement a variety of knowledge mechanisms such as information security education, training, and awareness (SETA) programs and information security policies to influence employees’ secure behavior. However, skills gained through these knowledge mechanisms have not always translated to secure behavior. Protection motivation theory (PMT) is a widely used and accepted theory in information security behavioral research. Nevertheless, information security research has not examined the impact of knowledge mechanisms on PMT psychological processes. This study explains the key psychological processes that influence employees’ secure behavior and seeks to understand how organizational knowledge mechanisms influence these key psychological processes that form threats perceptions.

Drawing on the knowledge management literature, the impact of knowledge mechanisms on users’ threat perceptions was conceptualized and examined across three knowledge dimensions: breadth, depth, and finesse. The research also applied construal level theory (CLT) to provide a means to measure the psychological constructs of PMT from an individual’s perspective. The research conceptualizes the PMT psychological process based on the threat un-desirability and coping feasibility. The four dimensions of

the psychological distance from CLT (temporal, social, spatial, and hypothetical) formed the threat un-desirability while response efficacy and difficulty formed the coping feasibility construct.

This study empirically tested the model using a multi-method approach. The first method used an experiment with 262 students to validate the CLT driven constructs and its impact on protection motivation. The second study tested the overall model, including knowledge mechanisms dimensions, across a sample of 219 industry professionals. The theoretical model was tested using a structural equation modeling (SEM) approach. Results show support that the psychological distance from the threat allows employees to perceive the personal impact of the threat. Results also support that the key psychological constructs, threat un-desirability and coping feasibility, influence employees behavioral choices.

This research offers noteworthy contributions to the literature. It provides a greater understanding of the role of knowledge dimensions to motivate compliance. The research also presented an improved model that preserves the original intent of PMT in the context information security. Finally, the research presented a generalizable and practical business approach to a traditionally technical topic.

Keywords: Information security, secure behavior, compliance, construal level theory, knowledge dimensions, protection motivation, security policies, security education and training awareness, SETA programs, information security threats.

Share

COinS