The Impact of Training and Social Norms on Information Security Compliance: A Pilot Study

摘要

Security training has been shown to be an important factor that impacts employees' intentions to comply with organization's security policies. In this study, we define and then study the impact of two sub-constructs of security training, threat appraisal and policy awareness, on intentions to comply with organizational security policies. Injunctive and descriptive norms, which are standards of behavior that recommends and forbids behavior in specific circumstances, have been hypothesized as mediators between training constructs and behavioral intention to comply. We pilot-tested our proposed set of hypotheses with survey data collected from 69 employees in a higher education institute. Results supported our proposed model. Based on the findings, implications for theory and practices are discussed.