A Study on Corporate Security Awareness and Compliance Behavior Intent.

摘要

Understanding the drivers to encourage employees' security compliance behavior is increasingly important in today's highly networked environment to protect computer and information assets of the company. The traditional approach for corporations to implement technology-based controls, to prevent security breaches is no longer sufficient. Companies must rely on their staff to make sensible decisions while executing security tasks. Effective information security protection requires the proper balance among technology, policies, processes, and people to mitigate the risks.;This research investigated the effect of awareness exposure on antecedences to compliance behavior intent in the corporate environment. A four-month security awareness campaign was implemented as a part of the action research and empirical data was collected to measure the effectiveness of the campaign based on a research model of security compliance behavior intent. The analysis of the data indicated that the campaign was effective in improving four research constructs, compliance knowledge of security policies, perceived vulnerability in security, attitudes towards security compliance, and self-efficacy of security policy. The data indicated that one type of campaign event, informal Q & A, was the most effective because it provided the opportunity to directly interacting with the employees to address their questions and concerns. The path analysis of the research model indicated that attitudes towards security compliance is the most significant construct in the model to influence employees' intent to comply and perceived vulnerability is the most significant impact on the attitude.;This research also demonstrated awareness exposure had moderate effects on security compliance and could be used to positively influence attitudes towards security compliance and intent to comply with security policy. These insights help substantiate organizational investment for future security awareness programs and enable corporations to effectively protect company information assets by utilizing employees who are highly knowledgeable in security policies and highly motivated to perform security procedures.