Factors in Information Assurance Professionals' Intentions to Adhere to Information Security Policies

Abstract

Information security policies (ISPs) serve to clarify and formalize organizational information security practices and reduce data risks, but research shows that ISP noncompliance remains a prominent concern for both scholars and practitioners. This study utilized the unified theory of acceptance and use of technology 2 (UTAUT2) to explore factors that predict information assurance professionals' behavioral intentions to comply with ISPs. The research question addressed: To what extent do performance expectancy, effort expectancy, social influence, facilitating conditions, hedonic motivation, price value, and habit predict information assurance professionals' behavioral intention to comply with information security policies in organizations? A nonexperimental, cross-sectional research design using structural equation modeling (PLS-SEM) addressed the research question with information assurance professionals in government agencies where habit emerged as the important component of ISP compliance with hedonic factors having a negative impact.