Information systems security misbehavior in the workplace: The effects of job performance expectation and workgroup norm.

摘要

Information systems (IS) security has become a major current issue for organizations. It is generally understood that not only technology but also human factors and control processes have a significant impact on organizational IS security. One of the major human factors issues is end user behavior towards IS security. End users may ignore security measures and by doing so "they inadvertently put the organization's information at risk. This study investigated why end users engage in such "security misbehavior" (SMB). Based on Eagly and Chaiken's composite behavioral model, an SMB model was proposed and tested empirically with data collected from a survey of computer end users in the workplace (N=306). Overall, the theoretical model was successful in capturing the main antecedents of end user SMB intention . Both attitude towards SMB and workgroup norm were found to have significant positive influences on SMB intention. In turn, attitude towards SMB is positively influenced by workgroup norm and job performance expectation. Contrary to the hypotheses of the model, however, user attitude towards the target (attitude towards security policy) and several utilitarian outcome expectations (perceived security risk, perceived accountability, and sanction certainty) did not have significant influences on end user attitudes towards SMB. However, asymmetric effects were discovered among these variables. Furthermore, the influences of self-identity outcome expectation (perceived identity match) on both attitude towards SMB and behavioral intention were not significant. The results also indicated that end user SMB intentions are to some extent dependent on the context. In sum, the findings suggest that job performance expectation and workgroup norm are key determinants and have strong direct and indirect effects on user SMB intention.;