Advanced search
Publication Cover
Journal of Information Privacy and Security Volume 9, 2013 - Issue 4
Journal homepage
159
Views
38
CrossRef citations to date
0
Altmetric
Original Articles

Control-Related Motivations and Information Security Policy Compliance: The Role of Autonomy and Efficacy

Jeffrey D. WallUniversity of North Carolina at Greensboro, [email protected]View further author information
,
Prashant PalviaUniversity of North Carolina at Greensboro, [email protected]View further author information
&
Paul Benjamin LowryCity University of Hong Kong, [email protected]View further author information
Pages 52-79 | Published online: 07 Jul 2014

References

  • Ajzen, I. 1985. “From intentions to actions: A theory of planned behavior,” in Action control: From cognition to behavior, J. Kuhl and J. Beckman (eds.), Springer: Heidelberg.
  • Bandura, A. 1977a. “Self-efficacy: Toward a unifying theory of behavioral change,” Psychological Review (84:2), pp 191–215.
  • Bandura, A. 1977b. Social learning theory, (Prentice Hall: Englewood Cliffs, NJ.
  • Bandura, A. 1986. Social foundations of thought and action: A social cognitive theory, (Prentice Hall: Englewood Cliffs, NJ.
  • Bandura, A. 1997. Self-efficacy: The Exercise of Control, (Freeman: New York, NY.
  • Biddle, S. J. H. 1999. “Motivation and perceptions of control: Tracing its development and plotting its future in exercise and sport psychology,” Journal of Sport & Exercise Psychology (21:1), pp 1–23.
  • Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, W. R. 2009. “If someone is watching, I'll do what I'm asked: manditoriness, control, and information security,” European Journal of Information Systems (18), pp 151–164.
  • Brehm, J. W. 1966. A theory of psychological reactance, (Academic Press: London, England.
  • Brehm, S. S., and Brehm, J. W. 1981. Psychological Reactance: A theory of freedom and control, (Academic Press: London, England.
  • Brown, A. R., Finney, S. J., and France, M. K. 2011. “Using the bifactor model to assess the dimensionality of the Hong Psychological Reactance Scale,” Educational and Psychological Measurement (71:1), pp 170–185.
  • Bulgurcu, B., Cavusoglu, H., and Benbasat, I. 2010. “Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness,” MIS Quarterly (34:3), pp 523–548.
  • Chin, W. W. 1998. “The Partial Least Squares Approach to Structural Equation Modeling,” in Modern Business Research Methods, G. A. Marcoulides (ed.), Lawrence Erlbaum Associates: Mahwah, NJ, pp. 295–336.
  • Choobineh, J., Dhillon, G., Grimaila, M. R., and Rees, J. 2007. “Management of information security: Challenges and research directions,” Communication of the Association for Information Systems (20:1), pp 958–971.
  • Cohen, J. 1988. Statistical power analysis for the behavioral sciences, (Lawrence Erlbaum Associates: Hillsdale, NJ.
  • Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., and Baskerville, R. 2013. “Future directions for behavioral information security research,” Computers & Security (32), pp 90–101.
  • D'Arcy, J., and Herath, T. 2011. “A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings,” European Journal of Information Systems (20), pp 643–658.
  • Deci, E. L., Eghrari, H., Patrick, B. C., and Leone, D. R. 1994. “Facilitating internalization: The self-determination theory perspective,” Journal of Personality (62:1), pp 119–142.
  • Deci, E. L., Koestner, R., and Ryan, R. M. 1999. “A meta-analytic review of experiments examining the effects of extrinsic rewards on intrinsic motivation,” Psychological Bulletin (125:6), pp 627–668.
  • Dhillon, G., and Backhouse, J. 2001. “Current directions in IS security research: Towards socio-organizational perspectives,” Information Systems Journal (11:2), pp 127–153.
  • Dillard, J. P., and Shen, L. 2005. “On the nature of reactance and its role in persuasive health communication,” Communication Monographs (72:2), pp 144–168.
  • Fishbein, M., and Ajzen, I. 1975. Belief, attitude, intention and behavior: An introduction to theory and research, (Addison-Wesley: Reading, MA.
  • Ford, M. T., Cerasoli, C. P., Higgins, J. A., and Decesare, A. L. 2011. “Relationships between psychological, physical, and behavioural health and work performance: A review and meta-analysis,” Work & Stress (25:3), pp 185–204.
  • Fornell, C., and Larcker, D. F. 1981. “Evaluating structural equations models with unobservable variables and measurement error,” Journal of Marketing Research (18:1), pp 39–50.
  • Goodhue, D. L., Lewis, W., and Thompson, R. 2012. “Does PLS have advantages for small sample size or non-normal data?,” MIS Quarterly (36:3), pp 981–1001.
  • Griskevicius, V., Shiota, M. N., and Nowlis, S. M. 2010. “The many shades of rose colored glasses: An evolutionary approach to the influence of different positive emotions,” Journal of Consumer Research (37:2), pp 238–250.
  • Herath, T., and Rao, H. R. 2009a. “Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness,” Decision Support Systems (47:2), pp 154–165.
  • Herath, T., and Rao, H. R. 2009b. “Protection motivation and deterrence: a framework for security policy compliance in organisations,” European Journal of Information Systems (18), pp 106–125.
  • Hodgins, H. S., Koestner, R., and Duncan, N. 1996. “On the compatibility of autonomy and relatedness,” Personality and Social Psychology Bulletin (22), pp 227–237.
  • Hong, S.-M., and Faedda, S. 1996. “Refinement of the Hong Psychological Reactance Scale,” Educational and Psychological Measurement (56:1), pp 173–182.
  • Hosack, B. 2007. “The effect of system feedback and decision context on value-based decision-making behavior,” Decision Support Systems (43:4), pp 1605–1614.
  • Izuma, K., and Adolphs, R. 2011. “The brain's rose-colored glasses,” Nature Neuroscience (14:11), pp 1355–1356.
  • Johnston, A. C., and Warkentin, M. 2010. “Fear appeals and information security behaviors: an empirical study,” MIS Quarterly (34:3), pp 549–566.
  • Ke, W., Tan, C.-H., Sia, C.-L., and Wei, K. K. 2012. “Inducing intrinsic motivation to explore the enterprise system: The supremacy of organizational levers,” Journal of Management Information Systems (29:3), pp 257–289.
  • Ke, W., and Zhang, P. 2010. “The effects of extrinsic motivation and satisfaction in open source software development,” Journal of the Association for Information Systems (11:12), pp 784–808.
  • Koestner, R., Bernieri, F., and Zuckerman, M. 1992. “Self-regulation and between attitudes, traits, and behaviors,” Personality and Social Psychology Bulletin (18:1), pp 52–59.
  • Koestner, R., and Losier, G. F. 1996. “Distinguishing reactive versus reflective autonomy,” Journal of Personality (64:2), pp 465–494.
  • Lee, G., and Lee, W. J. 2009. “Psychological reactance to online recommendation services,” Information & Management (46:8), pp 448–452.
  • Lewinsohn, P. M., Mischel, W., Chaplin, W., and Barton, R. 1980. “Social competence and depression: The role of illusory self-perceptions,” Journal of Abnormal Psychology (89:2), pp 203–212.
  • Liu, D., Li, X., and Santhanam, R. 2013. “Digital games and beyond: What happens when players compete?,” MIS Quarterly (37:1), pp 111–124.
  • Lowry, P. B., Teh, N., Molyneux, B., and Bui, S. N. Year. “Using theories of formal control, mandatoriness, and reactance to explain working professionals' intent to comply with new it security policies,” Dewald Roode Workshop on IS Security Research, IFIP WG 8.11 / 11.13, Waltham, MA, 2010, pp. 278–316.
  • Murray, K. B., and Häubl, G. 2011. “Freedom of choice, ease of use, and the formation of interface preferences,” MIS Quarterly (35:4), pp 955–976.
  • Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., and Vance, A. 2009. “What levels of moral reasoning and values explain adherence to information security rules? An empirical study,” European Journal of Information Systems (18:2), pp 126–139.
  • Olesen, M. H. 2011. “General causality orientations are distinct from but related to dispositional traits,” Personality and Individual Differences (51), pp 40–465.
  • Olesen, M. H., Thomsen, D. K., Schnieber, A., and Tønnesvang, J. 2010. “Distinguishing general causality orientations from personality traits,” Personality and Individual Differences (48), pp 538–543.
  • Pavey, L., and Sparks, P. 2009. “Reactance, autonomy and paths to persuasion: Examining perceptions of threats to freedom and informational value,” Motivation and Emotion (33:3), pp 277–290.
  • Pavlou, P., Liang, H., and Xue, Y. 2007. “Understanding and mitigating uncertainty in online exchange relationships: A principal-agent perspective,” MIS Quarterly (31:1), pp 105–136.
  • Pee, L. G., Woon, I. M. Y., and Kankanhalli, A. 2008. “Explaining non-work-related computing in the workplace: A comparison of alternative models,” Information & Management (45:2), pp 120–130.
  • Posey, C., Bennett, R. J., Roberts, T. L., and Lowry, P. B. 2011. “When computer monitoring backfires: Privacy invasions and organizational injustice as precursors to computer abuse,” Journal of Information Systems Security (7:1), pp 24–47.
  • Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., and Courtney, J. 2013. “Insiders' protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors,” MIS Quarterly).
  • Puhakainen, P., and Siponen, M. 2010. “Improving employees' compliance through information systems security training: an action research study,” MIS Quarterly (34:4), pp 757–778.
  • Rhee, H., Kim, C., and Ryu, Y. 2009. “Self-efficacy in information security: Its influence on end users' information security practice behavior,” Computers & Security (28:8), pp 816–826.
  • Richardson, R. 2009. “14th annual CSI computer crime and security survey,” Computer Security Institute, pp. 1–14.
  • Richardson, R. 2011. “15th Annual 2010/2011 Computer Crime and Security Survey,” Computer Security Institute, pp. 1–44.
  • Ringle, C. M., Wende, S., and Will, A. 2005. SmartPLS, (SmartPLS: Hamburg, Germany.
  • Rogers, R. W. 1975. “Protection motivation theory of fear appeals and attitude change,” The Journal of Psychology (91:1), pp 93–114.
  • Ryan, R. M., and Deci, E. L. 1985. Intrinsic motivation and self-determination in human behavior, (Plenum Press: New York, NY.
  • Ryan, R. M., and Deci, E. L. 2000. “Self-determination theory and the facilitation of intrinsic motivation, social development, and well-being,” American Psychologist (55:1), pp 68–78.
  • Schunk, D. H., and Pajares, F. 2005. “Competence Perceptions and Academic Functioning” in Handbook of Competence and Motivation A. J. Elliot and C. C. Dweck (eds.), Guilford Press: New York, NY, pp. 85–104.
  • Senecal, C., Nouwen, A., and White, D. 2000. “Motivation and dietary self-care in adults with diabetes: Are self-efficacy and autonomous self-regulation complementary or competing constructs?,” Health Psychology (19:5), pp 452–457.
  • Sivo, S. A., Saunders, C., Chang, Q., and Jiang, J. J. 2006. “How low should you go? Low response rates and the validity of inference in IS questionnaire research,” Journal of the Association for Information Systems (7:6), pp 351–414.
  • Spears, J. L., and Barki, H. 2010. “User participation in information systems security risk management,” MIS Quarterly (34:3), pp 503–522.
  • Tenenhaus, M., Vinzi, V. E., Chatelin, Y.-M., and Lauro, C. 2005. “PLS path modeling,” Computational Statistics & Data Analysis (48:1), pp 159–205.
  • Van Eerde, W., and Thierry, H. 1996. “Vroom's expectancy models and work-related criteria: A meta-analysis,” Journal of Applied Psychology (81:5), pp 575–586.
  • Vance, A., Siponen, M., and Pahnila, S. 2012. “Motivating IS security compliance: Insights from habit and protection motivation theory,” Information & Management (49), pp 190–198.
  • Vishwanath, A., Herath, T., Chen, R., Wang, J., and Rao, H. R. 2011. “Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model,” Decision Support Systems (51), pp 576–856.
  • Vroom, V. H. 1964. Work and Motivation, (Wiley: Oxford, UK.
  • Wall, J. D., Iyer, L., Salam, A. F., and Siponen, M. Year. “Conceptualizing employee compliance and noncompliance in information security research: A review and research agenda.,” Dewald Roode Workshop on IS Security Research, IFIP WG 8.11 / 11.13, Niagara Falls, NY, 2013a.
  • Wall, J. D., Palvia, P., and D'Arcy, J. Year. “A review and typology of security-related corruption controls: Setting an agenda for studying the behavioral effects of security countermeasures.,” Dewald Roode Workshop on IS Security Research, IFIP WG 8.11 /11.13, Niagara Falls, NY, 2013b.
  • Warkentin, M., Johnston, A. C., and Shropshire, J. 2011. “The influence of the informal social learning environment on information privacy policy compliance efficacy and intention,” European Journal of Information Systems (20), pp 267–284.
  • Warkentin, M., and Willison, R. 2009. “Behavioral and policy issues in information systems security: the insider threat,” European Journal of Information Systems (18), pp 101–105.
  • Wetzels, M, Odekerken-Schöder, G., and Oppen, C. V. 2009. “Using PLS path modeling for assessing hierarchical construct models: Guidelines and empirical illustration,” MIS Quarterly (33:1), pp 177–195.
  • Willison, R., and Warkentin, M. 2013. “Beyond deterrence: An expanded view of employee computer abuse,” MIS Quarterly (37:1), pp 1–20.
  • Witte, K. 1992. “Putting the fear back into fear appeals: The extended parallel process model,” Communication Monographs (59), pp 329–349.
  • Workman, M., Bommer, W. H., and Straub, D. 2008. “Security lapses and the omission of information security measures: A threat control model and empirical test,” Computers in Human Behavior (24), pp 2799–2816.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.