Skip to main content
SpringerLink
Log in

Cognitive Elaboration on Potential Outcomes and Its Effects on Employees’ Information Security Policy Compliance Intention–Exploring the Key Antecedents

  • Conference paper
E-Life: Web-Enabled Convergence of Commerce, Work, and Social Life (WEB 2011)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 108))

Included in the following conference series:

Abstract

IS security policy is one of the essential tools to ensure the secure use of information systems and technological assets. To enhance the effectiveness of policy implementation, organizations rely on security training, education and awareness (STEA) programs to help employees understand the IS security issues of the organization. However, different levels of STEA informativeness may have conflicting effects on employees’ compliance decisions. In addition, the urgency of a task may also lead employees to abandon the compliance decision occasionally. The existing corporate information security policy (ISP) could also serve as a deterrence message that would influence compliance decisions. An experimental survey was conducted to examine this phenomenon and test the related hypotheses. The results of this study can be used to inform and guide researchers and practitioners as to how to better enforce an IS security policy through better implementation of STEA programs and improved design of ISP in different task scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akers, R.: Rational choice, deterrence, and social learning theory in criminology: the path not taken. The Journal of Criminal Law and Criminology 81(3), 653–676 (1990)

    Article  Google Scholar 

  2. Boss, S.R., Kirsch, L.J.: The last line of defense: motivating employees to follow corporate security guidelines. In: Proceedings of the 28th International Conference on Information Systems, Montreal, December 9-12 (2007)

    Google Scholar 

  3. Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly 34(3), 523–548 (2010)

    Google Scholar 

  4. Cavusoglu, H., Mishra, B., Raghunathan, S.: The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce 9(1), 69–104 (2004)

    Google Scholar 

  5. D’Arcy, J., Hovav, A., Galletta, D.: User awareness of security counter-measures and its impact on information systems misuse: A deterrence approach. Information Systems Research 20(1), 79–98 (2009)

    Article  Google Scholar 

  6. Ernst & Young, Moving beyond compliance: Ernst & Young’s, global information security survey (2008)

    Google Scholar 

  7. Fazio, R.H.: Attitudes as object-evaluation associations: Determinants, consequences, and correlates of attitude accessibility. In: Petty, R.E., Krosnick, J.A. (eds.) Attitude Strength: Antecedents and Consequences, pp. 247–282. Erlbaum, Mahwah (1995)

    Google Scholar 

  8. Gordon, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R.: CSI/FBI computer crime and security survey. Computer Security Institute (2006)

    Google Scholar 

  9. Harrington, S.: The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly 20(3), 257–277 (1996)

    Article  Google Scholar 

  10. Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems 47, 154–165 (2009)

    Article  Google Scholar 

  11. Hui, W., Hu, P.: Examining end-user information security policy compliance: An exploratory study. In: Proceedings of the Workshop on e-Business (WeB), Paris, France, December 13 (2008)

    Google Scholar 

  12. Kuo, F., Hsu, M.: Development and validation of ethical computer self-efficacy measure: The case of softlifting. Journal of Business Ethics 32, 299–315 (2001)

    Article  Google Scholar 

  13. Liska, A.E., Messner, S.F.: Perspectives on Crime and Deviance, 3rd edn. Prentice Hall, Upper Saddle River (1999)

    Google Scholar 

  14. Malaviya, P.: The moderating influence of advertising context on ad repetition effects: The role of amount and type of elaboration. Journal of Consumer Research 34(1), 32–40 (2007)

    Article  Google Scholar 

  15. Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., Vance, A.: What levels of moral reasoning and values explain adherence to information security rules? An empirical study. European Journal of Information Systems 18(2), 126–139 (2009)

    Article  Google Scholar 

  16. Nenkov, G.Y., Inman, J.J., Hulland, J.: Considering the Future: The Conceptualization and Measurement of Elaboration on Potential Outcomes. Journal of Consumer Research 35, 126–141 (2008)

    Article  Google Scholar 

  17. Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards is security policy compliance. In: Proceedings of the 40th Hawaii International Conference on System Sciences, pp. 156–166. IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

  18. Petty, R.E.: Attitude change. In: Tesser, A. (ed.) Advances in Social Psychology, pp. 194–255. McGraw–Hill, New York (1995)

    Google Scholar 

  19. PricewaterhouseCoopers. Employee behavior key to improving information security, new survey finds, June 23 (2008)

    Google Scholar 

  20. Sagar, R.: Who holds the balance? A missing detail in the debate over balancing security and liberty. Polity 41(2), 166–188 (2009)

    Article  Google Scholar 

  21. Shaw, E., Ruby, K., Post, J.: The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin 2-98, 1–10 (1998)

    Google Scholar 

  22. Siponen, M.T., Vance, A.: Neutralization: new insight into the problem of employee information systems security policy violations. MIS Quarterly 34(3), 487–502 (2010)

    Google Scholar 

  23. Siponen, M.T., Pahnila, S., Mahmood, A.: Employees’ adherence to information security policies: An empirical study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, pp. 133–144. Springer, Boston (2007)

    Chapter  Google Scholar 

  24. Smith, S.M., Fabrigar, L.R., Macdougall, B.L., Wiesenthal, N.L.: The role of amount, cognitive elaboration, and structural consistency of attitude-relevant knowledge in the formation of attitude certainty. European Journal of Social Psychology 38(2), 280–295 (2008)

    Article  Google Scholar 

  25. Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. NIST Special Publications 800-30, White Paper, United States Department of Commerce, Gaithersburg, MD (2002)

    Google Scholar 

  26. Straub, D.W.: Effective is security: an empirical study. Information Systems Research 1(3), 255–276 (1990)

    Article  Google Scholar 

  27. Street, M.D., Douglas, S.C., Geiger, S.W., Martinko, M.J.: The impact of cognitive expenditure on the ethical decision-making process: The cognitive elaboration model. Organizational Behavior and Human Decision Processes 86(2), 256–277 (2001)

    Article  Google Scholar 

  28. Tyler, T.R., Blader, S.L.: Can Businesses Effectively Regulate Employee Conduct? The Antecedents of Rule Following in Work Settings. Academy of Management Journal 48(6), 1143–1158 (2005)

    Article  Google Scholar 

  29. Warkentin, M., Willison, R.: Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems 18(2), 101–105 (2009)

    Article  Google Scholar 

  30. Warkentin, M., Davis, K., Bekkering, E.: Introducing the check-off password system (cops): An advancement in user authentication methods and information security. Journal of Organizational and End User Computing 16(3), 41–58 (2004)

    Article  Google Scholar 

  31. Williams, K., Hawkins, R.: Perceptual research on general deterrence: a critical review. Law and Society Review 20(4), 545–572 (1986)

    Article  Google Scholar 

  32. Wyer, R.S.: Language and advertising effectiveness: Mediating influences of comprehension and cognitive elaboration. Psychology & Marketing 19(7-8), 693–712 (2002)

    Article  Google Scholar 

  33. Yue, W., Çakanyildirim, M.: Intrusion prevention in information systems: Reactive and proactive response. Journal of Management Information Systems 24(1), 329–353 (2007)

    Article  Google Scholar 

  34. Yue, W., Çakanyildirim, M., Ryu, Y., Liu, D.: Network externalities, layered protection and it security risk management. Decision Support Systems 44(1), 1–16 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Business, Nanjing University, Nanjing, China

    Xue Yang

  2. College of Business, City University of Hong Kong, Hong Kong

    Wei T. Yue & Choon Lin Sia

Authors
  1. Xue Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei T. Yue
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Choon Lin Sia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The University of Illinois, Urbana-Champaign, IL, USA

    Michael J. Shaw

  2. The University of Maryland, Baltimore County, MD, USA

    Dongsong Zhang

  3. HKSAR, City University of Hong Kong, China

    Wei T. Yue

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yang, X., Yue, W.T., Sia, C.L. (2012). Cognitive Elaboration on Potential Outcomes and Its Effects on Employees’ Information Security Policy Compliance Intention–Exploring the Key Antecedents. In: Shaw, M.J., Zhang, D., Yue, W.T. (eds) E-Life: Web-Enabled Convergence of Commerce, Work, and Social Life. WEB 2011. Lecture Notes in Business Information Processing, vol 108. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29873-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29873-8_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29872-1

  • Online ISBN: 978-3-642-29873-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation