Abstract
Employees' failures to follow information security policy can be costly to organizations, causing organizations to implement security controls to motivate secure behavior. Information security research has explored many control-related motivations (e.g., self-efficacy, response efficacy, and behavioral control) in the context of ISP compliance; however, the behavioral effects of perceptions of autonomous functioning are not well understood in security contexts. This paper examines employee autonomy as a control-related motivation from the lens of self-determination theory and psychological reactance theory. Self-determination theory is widely used in other disciplines to explain intrinsically driven behavior, but has not been applied to security research. Psychological reactance theory is also widely used, but is only beginning to receive attention in security research. Self-determination and psychological reactance offer complementary yet opposite conceptualizations of trait-based autonomy. This paper posits that perceptions of trait-based autonomy influence self-efficacy and response efficacy. Through a survey of government employees, we provide support for several hypotheses. We also discuss important directions for the use of self-determination theory and psychological reactance theory in future research.
Additional information
Notes on contributors
Jeffrey D. Wall
Jeffrey Wall is a PhD student in the Bryan School of Business & Economics at the University of North Carolina at Greensboro, USA. Jeff received his MPA from Brigham Young University with a minor in Information Systems and a BA in Speech Communication at the University of Utah. His research interests include IT-related deviance at both the individual and organizational levels and in various contexts, such as employee computer abuse, organizational HIPAA violations, information poaching in supply chains, and cybercrime. He has published research in several IS conferences and workshops, including ICIS and AMCIS.
Prashant Palvia
Prashant Palvia is Joe Rosenthal Excellence Professor in the Bryan School of Business & Economics at the University of North Carolina at Greensboro, USA. Dr. Palvia received his Ph.D., MBA and MS from the University of Minnesota and BS from the University of Delhi, India. Professor Palvia is the Editor-in-Chief of the Journal of Global Information Technology Management, and is an associate editor for Information & Management. His research interests include global information technology management, healthcare IT, organizational issues in IS, inter-organizational systems. He has published 100 journal articles in such outlets as the MIS Quarterly, Decision Sciences, Communications of the ACM, Communications of the AIS, Information & Management, Decision Support Systems, and ACM Transactions on Database Systems, and 194 conference articles. Prof. Palvia has co-edited four books on Global Information Technology Management and is the general chair of the annual Global Information Technology Management Association (GITMA) World Conference.
Paul Benjamin Lowry
Dr. Paul Benjamin Lowry is an Associate Professor of IS at the City University of Hong Kong. He received his Ph.D. in MIS from the University of Arizona. He has published articles in MISQ, JMIS, JAIS, IJHCS, JASIST, ISJ, EJIS, CACM, Information Sciences, DSS, IEEETSMC, IEEETPC, SGR, Expert Systems with Applications, Computers & Security, and others. He serves as an AE at MISQ (regular guest), EJIS, I&M, ECRA, CAIS, AIS-THCI, and ISEJ. He has also served as an ICIS track co-chair. His research interests include behavioral information security (e.g., protection motivation, accountability, whistle-blowing, compliance, deception, privacy), human-computer interaction (e.g., trust, culture, intrinsic motivations), e-commerce, and scientometrics of IS research.