Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Assessing information security behaviour: a self-determination theory perspective

Assessing information security behaviour: a self-determination theory perspective This paper outlines the development of a validated questionnaire for assessing information security behaviour. The purpose of this paper is to present data from the questionnaire validation process and the quantitative study results.Design/methodology/approachData obtained through a quantitative survey (N = 263) at a South African university were used to validate the questionnaire.FindingsExploratory factor analysis produced 11 factors. Cronbach’s alpha for the 11 factors were all above 0.7, suggesting that the questionnaire is valid and reliable. The responses show that autonomy questions received positive perception, followed by competence questions and lastly relatedness questions. The correlation analysis results show that there was a statistically significant relationship between competence factors and autonomy factors. There was a partial significant relationship between autonomy and relatedness factors, and between competence and relatedness factors. The study results suggest that competence and autonomy could be more important than relatedness in fostering information security behaviour among employees.Research limitations/implicationsThis study used a convenience sampling, a cross-sectional design, and was carried out in a single organisation. This could pose limitations when generalising the study results. Future studies could use random sampling and consider other universities for further validation.Practical implicationsUniversities can use the questionnaire to identify developmental areas to improve information security from a behaviour perspective.Originality/valueThis paper provides a research instrument for assessing information security behaviour from the perspective of the self-determination theory. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information & Computer Security Emerald Publishing

Assessing information security behaviour: a self-determination theory perspective

Loading next page...
 
/lp/emerald-publishing/assessing-information-security-behaviour-a-self-determination-theory-UbxlhETf0H
Publisher
Emerald Publishing
Copyright
© Emerald Publishing Limited
ISSN
2056-4961
DOI
10.1108/ics-11-2020-0179
Publisher site
See Article on Publisher Site

Abstract

This paper outlines the development of a validated questionnaire for assessing information security behaviour. The purpose of this paper is to present data from the questionnaire validation process and the quantitative study results.Design/methodology/approachData obtained through a quantitative survey (N = 263) at a South African university were used to validate the questionnaire.FindingsExploratory factor analysis produced 11 factors. Cronbach’s alpha for the 11 factors were all above 0.7, suggesting that the questionnaire is valid and reliable. The responses show that autonomy questions received positive perception, followed by competence questions and lastly relatedness questions. The correlation analysis results show that there was a statistically significant relationship between competence factors and autonomy factors. There was a partial significant relationship between autonomy and relatedness factors, and between competence and relatedness factors. The study results suggest that competence and autonomy could be more important than relatedness in fostering information security behaviour among employees.Research limitations/implicationsThis study used a convenience sampling, a cross-sectional design, and was carried out in a single organisation. This could pose limitations when generalising the study results. Future studies could use random sampling and consider other universities for further validation.Practical implicationsUniversities can use the questionnaire to identify developmental areas to improve information security from a behaviour perspective.Originality/valueThis paper provides a research instrument for assessing information security behaviour from the perspective of the self-determination theory.

Journal

Information & Computer SecurityEmerald Publishing

Published: Oct 26, 2021

Keywords: Information security; Compliance; Information security behaviour; Self-determination theory (SDT); Information security policy (ISP)

References