Information security policy compliance: Investigating the role of intrinsic motivation towards policy compliance in the organisation

Alzahrani, Ahmed; Johnson, Chris; Altamimi, Saad

doi:10.1109/infoman.2018.8392822

Cited by 20 publications

(14 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Autonomy, or the autonomous motivator, belongs to self-determination theory (SDT) which focuses on human behaviour and the extent to which behaviour is self-motivated and self-determined [14]. This theory was developed initially by researchers Edward L. Deci and Richard M. Ryan over the last 40 years.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…The authors found a significant correlation between these two factors, which means increased perceptions of autonomy increased the perception of efficacy of intention towards ISP compliance. Also, Alzahrani et al [14] developed a model to study the relationship between autonomy (among other intrinsic motivators) and behavioural intention to comply with an ISP. They found that autonomy had a positive effect on employees' behavioural intentions towards compliance with their organisation's ISP.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…As mentioned earlier, autonomy supports the individual's desire to provide ideas and options and to have their viewpoints taken into consideration. It focuses on the desire to protect an individual's scope for action and decision-making [14]. Autonomy is supported during the game as players discuss a problem and reach a consensus for each decision they make without control or pressure from other members within the same group.…”

Section: The Link Between the D-d Game And Autonomy Intrinsic Motivatormentioning

confidence: 99%

See 2 more Smart Citations

Autonomy Motivators, Serious Games, and Intention Toward ISP Compliance

Alzahrani

Johnson

2019

IJSG

Self Cite

View full text Add to dashboard Cite

The growing number of security breaches has become a major concern in organisations. Most often, such security breaches are related to internal employees due to their indirect or direct actions leading to information security policy (ISP) violations. Therefore, understanding employees’ security behaviour and intrinsic motivation towards ISP compliance with respect to autonomy is critical. This study aims to find out whether the autonomy intrinsic motivator can be influenced by the Decisions and Disruptions (D-D) table-top game to enhance security awareness and, in turn, reinforce behavioural intention towards ISP compliance. We developed pre- and post-assessment tests on intrinsic motivation to find out whether there is a significant improvement in test scores after participants experience D-D gameplay. Thirty postgraduate students participated in the study. Overall results confirmed that the autonomy intrinsic motivator is positively influenced by the game and has a positive effect on the behavioural intention to comply with ISPs.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

Section: Theoretical Backgroundmentioning

confidence: 99%

Section: The Link Between the D-d Game And Autonomy Intrinsic Motivatormentioning

confidence: 99%

See 1 more Smart Citation

Autonomy Motivators, Serious Games, and Intention Toward ISP Compliance

Alzahrani

Johnson

2019

IJSG

Self Cite

View full text Add to dashboard Cite

show abstract

“…1) SDT component: Autonomy refers to the desire of people to be able to choose a course of action that matches their inner beliefs [7]. It targets a personal desire for protecting their scope for action and decision-making [8]. A sense of autonomy supports an increase in intrinsic motivation to follow an organisation's rules, regulations and policies.…”

Section: A Theoretical Foundationmentioning

confidence: 99%

“…As shown in Table VII, cyber-attack has the highest priority value of 0.119 over other awareness focus areas toward autonomy. Since autonomy focuses on the desire to protect an individual's scope for action and decision-making [8], [20], it is recommended that the organisation develop suitable awareness programmes that focus on cyber-attacks, threats and social engineering to increase employees' decision-making ability when they face real-world attacks.…”

Section: A Autonomymentioning

confidence: 99%

AHP-based Security Decision Making: How Intention and Intrinsic Motivation Affect Policy Compliance

Alzahrani¹,

Johnson²

2019

IJACSA

Self Cite

View full text Add to dashboard Cite

Analytic hierarchy process is a multiple-criteria tool used in applications related to decision-making. In this paper, analytic hierarchy process is used as guidance in information security policy decision-making by identifying influencing factors and their weights for information security policy compliance. The weights for intrinsic motivators are identified based on self-determination theory as essential criteria, namely, autonomy, competence, relatedness, along with behavioural intention towards compliance; and use four awareness focus areas. A survey of cyber-security decisionmakers at a Fortune 600 organisation provided data. The results suggest that behavioural intention (52% of the weight of influencing factors) is more important than autonomy (21%), competence (21%) or relatedness (6%) in influencing behaviour towards information security policy compliance. Determining weights of intrinsic motivation, intention, and awareness focus areas can help security decision-making and compliance with policy, and support design of effective security awareness programmes. However, these weights may in turn be affected by local organisational and cultural factors.

show abstract