Applying Information-Motivation-Behavioral Skills Model to Improve Information Security Policy Compliance among Employees
Välimäki, Tommi (2019-06-07)
07.06.2019
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Julkaisun pysyvä osoite on:
http://urn.fi/URN:NBN:fi-fe2019062421746
http://urn.fi/URN:NBN:fi-fe2019062421746
Tiivistelmä
Information security policy (ISP) compliance of employees is a big concern for companies because the employees themselves present a major IS threat. Companies mitigate this concern by improving the ISP compliant behavior of their employees. However, to effectively improve the ISP compliant behavior of employees, understanding of how the ISP compliance behavior of employees can be improved is needed.
The main purpose of this thesis is to investigate how the ISP compliance behavior of employees can be improved. In this regard, the Information-Motivation-Behavioral Skills (IMB) Model has been used as the theoretical model, which has never been used in this context before. According to the IMB Model, behavior (ISP Compliance) is affected by behavioral skills (self-efficacy) of the employees, which in turn, is affected by the information (ISP awareness), and motivation (attitude towards ISP and social norms). Additionally, the thesis’s goals were to identify which IMB constructs predict ISP compliant behavior of employees and if there are differences to the ISP compliance levels between companies’ departments.
Data was collected from 137 employees of two Finnish companies working in the building materials manufacturing business, using an online survey in Finnish language. The research model was tested using structural equation modeling in SmartPLS 3.0 environment. The results confirmed the IMB model is appropriate to explain and predict ISP compliant behavior of employees. The findings indicate that employees’ attitude and self-efficacy towards ISP compliance are the strongest predictors of ISP compliant behavior and that ISP compliance awareness is a vital contributor to employees’ self-efficacy towards ISP compliance. Thus, companies can improve ISP compliance by boasting employees’ confidence towards ISP compliance and taking measures to change employees’ attitude towards ISP compliance, and indirectly by increasing the ISP compliance awareness level of the employees.
The main purpose of this thesis is to investigate how the ISP compliance behavior of employees can be improved. In this regard, the Information-Motivation-Behavioral Skills (IMB) Model has been used as the theoretical model, which has never been used in this context before. According to the IMB Model, behavior (ISP Compliance) is affected by behavioral skills (self-efficacy) of the employees, which in turn, is affected by the information (ISP awareness), and motivation (attitude towards ISP and social norms). Additionally, the thesis’s goals were to identify which IMB constructs predict ISP compliant behavior of employees and if there are differences to the ISP compliance levels between companies’ departments.
Data was collected from 137 employees of two Finnish companies working in the building materials manufacturing business, using an online survey in Finnish language. The research model was tested using structural equation modeling in SmartPLS 3.0 environment. The results confirmed the IMB model is appropriate to explain and predict ISP compliant behavior of employees. The findings indicate that employees’ attitude and self-efficacy towards ISP compliance are the strongest predictors of ISP compliant behavior and that ISP compliance awareness is a vital contributor to employees’ self-efficacy towards ISP compliance. Thus, companies can improve ISP compliance by boasting employees’ confidence towards ISP compliance and taking measures to change employees’ attitude towards ISP compliance, and indirectly by increasing the ISP compliance awareness level of the employees.
Samankaltainen aineisto
Näytetään aineisto, joilla on samankaltaisia nimekkeitä, tekijöitä tai asiasanoja.
-
Information integration and its impacts on logistics performance - Using information technology and systems to facilitate information integration
(08.10.2012)Fast changing environment sets pressure on firms to share large amount of information with their customers and suppliers. The terms information integration and information sharing are essential for facilitating a smooth ...avoin -
Studies on Inequalities in Information Society. Proceedings of the Conference, Well-Being in the Information Society
TUCS Lecture Notes : 16 (TUCS Turku Centre for Computer Science, 26.07.2012)
