Date of Award

Fall 12-2019

Document Type

Dissertation

Degree Name

Doctor of Science in Information Systems

Department

Business and Information Systems

First Advisor

Insu Park

Second Advisor

Casualene Meyer

Third Advisor

Jun Liu

Abstract

Motivated by a need to understand the underlying drivers of employee effective use behaviors as it relates to security awareness in Congolese organizations, this study examined extrinsic motivation, intrinsic motivation, attitude toward security, intention to comply with security, and cultural motivators as critical elements that have an influence on employee effective use of security awareness.

To our knowledge, this study is the first to develop a model to investigate the influence of employees' culture on the effective use of security awareness programs. This study contributes to behavioral aspects of the body of knowledge on information security by presenting empirical support that employees' culture, intrinsic motivation, extrinsic motivation, information quality, and attitude toward security awareness programs are essential factors to consider in order to predict employees' decisions on the effective use of security awareness program.

The results indicate that influencing employees' attitudes toward security is a better predictor of employees' effective use of security awareness programs than their intention to comply. Both intrinsic and extrinsic factors considered in this study are positively associated with the effective use of security awareness programs. The cultural effect has also proven to influence employees' effective use of security awareness programs. Collectivism and uncertainty avoidance are positively associated with the effective use of security awareness programs, while masculinity/femininity and power distance did not.

Furthermore, the study confirms that top management support is a decisive factor in helping increase the effective use of security awareness in the Congolese context. According to the findings, senior management must work on improving employees' intrinsic motivation and attitude concerning security awareness guidelines and must follow through with both reward and punishment. Finally, organizations should create a culture where each employee makes their peers accountable for following the security awareness guidelines.

Share

COinS