Intentions to Comply Versus Intentions to Protect: A VIE Theory Approach to Understanding the Influence of Insiders’ Awareness of Organizational SETA Efforts
基于期望理论(VIE),研究了内部人员对组织安全培训(SETA)的认知如何影响其遵守信息安全政策与保护信息资产的意图,发现两者动机不同且模型解释力高。
ABSTRACT In contemporary organizations, the protection of an organization's information assets is reliant on the behavior of those entrusted with access to organizational information and information systems (IS). Because of this reliance, organizations increasingly prioritize the training and education of employees through security education, training, and awareness (SETA) initiatives. Through expectancy theory and its central components of valence, instrumentality, and expectancy (VIE), we investigate the role of insiders’ awareness of organizational SETA efforts on two similar, yet distinct, security‐related intentions: intention to comply with information security policies (ISPs) and intention to protect the organization's information assets from their threats. Not only do we show how distinct these two concepts are from a quantitative standpoint, we also demonstrate differences between insiders’ compliance and protection intentions, as well as their motivational antecedents. Moreover, we demonstrate how our powerful, yet parsimonious, model based on expectancy theory explains a significant portion of the variance in these two important concepts: 52.7% in intentions to comply with ISPs and 68.1% in intentions to protect organizational information assets. We discuss the implications of our findings for research and practice and offer future research opportunities.