Continuous Adoption of Information Security Merrill Warkentin Dss

• Access throughyour institution

Continuance of protective security behavior: A longitudinal study

Highlights

•

Investigated actual behavior in context of information security threats

•

Collected actual data over 9-week period (longitudinal data)

•

Findings include PMT factors and "perceived extraneous circumstances" as behavioral antecedents.

Abstract

Previous research has established continuance models that explain and predict an individual's behaviors when engaged with hedonic or functional systems, or with other environments that provide productivity-enhancing outcomes. However, within the context of information security, these models are not applicable and fail to accurately assess the circumstances in which an individual engages in protective security behaviors beyond an initial adoption. This research addresses this gap and establishes a model for explaining an individual's continued engagement in protective security behaviors, which is a significant problem in securing enterprise information resources. Within this model, protection motivation theory (PMT) is considered an underlying theoretical motivation for continuance intention using constructs such as perceived threat severity, perceived threat susceptibility, self-efficacy, and response efficacy as direct antecedents of behavioral intents and indirect predictors of continuance behavior. Furthermore, the introduction of perceived extraneous circumstances is used to reconcile the "acceptance–discontinuance anomaly." A novel research methodology for measuring actual security behavior continuance was developed for this investigation. Experimental results indicate support for all of the proposed relationships, with the exception of response efficacy—continuance intent. Nearly half of the variance in the dependent variable, continuance behavior, was explained by the model. This is the first comprehensive empirical investigation of protective security behavior continuance intention. The findings have practical implications for security administrators and security technology solution providers, and they have theoretical ramifications in the area of behavioral information security and protection motivation theory.

Keywords

Continuance

Behavior

Security

Adoption

Information assurance

Perceived extraneous circumstances

Cited by (0)

Merrill Warkentin is a Professor of MIS and the Drew Allen Endowed Fellow in the College of Business at Mississippi State University. His research, primarily on the impacts of organizational, contextual, situational, and dispositional influences on individual computer user behaviors in the context of information security and privacy, has appeared in MIS Quarterly, Decision Sciences, Journal of the Association for Information Systems, European Journal of Information Systems, Decision Support Systems, Information Systems Journal, Information & Management, Computers & Security, Communications of the ACM, Communications of the AIS, Journal of Information Systems, and others, and he is the author or editor of seven books on technology. He has authored or co-authored over 250 published manuscripts, including over 70 peer-reviewed journal articles. He serves or has recently served as Associate Editor of MIS Quarterly, Information Systems Research, Decision Sciences, European Journal of Information Systems, Information & Management, and other journals, and is currently a Senior Editor of AIS Transactions on Replication Research. Dr. Warkentin was the Chair of the IFIP Working Group on Information Systems Security Research (WG8.11/11.13), the Vice President of the Decision Sciences Institute (DSI), and a national Distinguished Lecturer for the Association for Computing Machinery (ACM). His work has been funded by NATO, NSF, NSA, DoD, Homeland Security, IBM, UN, and others. He has chaired several national and international conferences, has been Track Chair at ICIS, AMCIS, ECIS, and DSI, and was the Program Co-Chair of the AIS Americas Conference on Information Systems (AMCIS) in 2016. Dr. Warkentin has served as a visiting professor or invited speaker at numerous universities in North America, Europe, and Asia.

Allen C. Johnston is an Associate Professor and the Director of the MS in Management Information Systems program and Co-Director of the MS in Computer Forensics and Security Management in the Collat School of Business at the University of Alabama at Birmingham (UAB). He is also a Co-Director of the MS in Computer Forensics and Security Management program at UAB. The primary focus of his research is in the areas of innovation, behavioral information security, privacy, data loss prevention, and collective security and his research can be found in such outlets as MIS Quarterly, Journal of the AIS, European Journal of Information Systems, Information Systems Journal, Communications of the ACM, Journal of Organizational and End User Computing, Information Technology and People, and The DATABASE for Advances in Information Systems. He currently serves as AE for European Journal of Information Systems, Decision Sciences Journal, and the Journal of Information Privacy and Security, as well as serving on the Editorial Review Board for The DATABASE for Advances in Information Systems. He is a founding member and current Vice Chair of the IFIP Working Group on Information Systems Security Research (WG8.11/11.13) and serves on the administrative board for the UAB Comprehensive Neuroscience Center. Dr. Johnston has also served as a visiting professor or invited speaker at several universities and companies in the U.S. and abroad.

Jordan Shropshire is an Associate Professor of CIS at the University of South Alabama. His research centers on the technical and strategic aspects of information security. His research is funded by organizations such as the National Science Foundation and the National Security Agency. Dr. Shropshire has published articles in journals such as European Journal of Information Systems, Computers & Security, and Journal of Computer Information Systems. He has served as reviewer and ad hoc associate editor for journals such as MIS Quarterly, European Journal of Information Systems, Decision Support Systems, and Information Systems Research. He has completed external reviews for the National Science Foundation. He has presented research and provides reviews for conferences such as Americas Conference on Information Systems (AMCIS), International Conference on Information Systems (ICIS), and Hawaii International Conference on Systems Science (HICSS). Dr. Shropshire completed his PhD in Management Information Systems from Mississippi State University and his Bachelors of Science in Business Administration at the University of Florida.

William D. Barnett is an Associate Professor of CIS in the College of Business & Social Sciences at the University of Louisiana Monroe. He serves as the Faculty Chair of CIS and the Program Coordinator for the School of Accounting, Finance, and Information Services and holds the Kitty DeGree Professorship in Computer Information Systems. His research interests include virtual worlds and IT security and he has published research in various journals, including the International Journal of Quality & Reliability Management and the Flexible Services and Manufacturing Journal.

View full text

© 2016 Elsevier B.V. All rights reserved.

normanmosearold.blogspot.com

Source: https://www.sciencedirect.com/science/article/abs/pii/S0167923616301622