ABSTRACT
Even though abundant research has been done on the factors that may impact employee information security policy (ISP) compliance intention, the results are mixed. To more fully capture the dimensions which may influence employee ISP compliance, this paper introduces a framework that is based on the synthesis of the theories of motivation and behavior. The framework was tested with survey data. Key findings of the study are 1) employee ISP compliance intention is influenced by factors involving four distinct dimensions of action: awareness, motivation, capability, and organizational culture; and 2) The factors from the capability and organizational culture dimension may significantly moderate the strength of the relationship between motivation and ISP compliance intention. The implications of the study regarding the theoretical and practical contributions of this study are discussed.
Disclosure statement
No potential conflict of interest was reported by the authors.
Ethics approval
This research involved human research participants that participated in a survey for the data that has been analyzed for this manuscript. The survey was approved by the Office of Research and Sponsored Programs at Western Washington University. The approval number is E×15–066.