期刊
JOURNAL OF THE ASSOCIATION FOR INFORMATION SYSTEMS
卷 19, 期 8, 页码 689-715出版社
ASSOC INFORMATION SYSTEMS
DOI: 10.17705/1jais.00506
关键词
Information Security; Neutralization; Training; Compliance; Normative Influence; Informational Influence; Factorial Survey
Organizations use security education, training, and awareness (SETA) programs to counter internal security threats and promote compliance with information security policies. Yet, employees often use neutralization techniques to rationalize noncompliant behavior. We investigated three theory-based communication approaches that can be incorporated into SETA programs to help increase compliance behavior: (1) informational communication designed to explain why policies are important; (2) normative communication designed to explain that other employees would not violate policies; and (3) antineutralization communication designed to inhibit rationalization. We conducted a repeated measures factorial design survey using a survey panel of full-time working adults provided by Qualtrics. Participants received a SETA communication with a combination of one to three persuasion statements (informational influence, normative influence statement, and/or an antineutralization), followed by a scenario description that asked for their intentions to comply with the security policy. We found that both informational (weakly) and antineutralization communication (strongly) decreased violation intentions, but that normative communication had no effect. In scenarios where neutralizations were explicitly suggested to participants, antineutralization communication was the only approach that worked. Our findings suggest that we need more research on SETA techniques that include antineutralization communication to understand how it influences behavior beyond informational and normative communication.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据