ABSTRACT

Psychological and behavioral characteristics are among the most important factors that instigate information security incidents. Although many previous studies have discussed the influencing factors of information security policy compliance behavior in an organization, few have considered the influence of organizational structures. In this study, the mechanism by which information security policy compliance behavioral intention is formed was studied by integrating the theory of planned behavior (TPB) and perceived organizational formalization. Data analysis was performed using the structural equation modeling (SEM) with data obtained from a survey of 261 company employees. The empirical results reveal that perceived organizational formalization significant affected cognitive processes theorized by TPB, behavioral habits, and deterrent certainty. This study suggests that formalized rules, procedures, and communications should be designed to improve employee information security policy compliance behavioral habits and intentions.

摘要

心理和行为特征是引发信息安全事件的最重要因素之一。尽管以往的许多研究都讨论了组织中信息安全策略遵从行为的影响因素，但很少有人考虑组织结构的影响。本研究将计划行为理论（TPB）与感知组织形式化理论相结合，研究了信息安全策略遵从行为意图的形成机制。使用结构方程模型 (SEM) 进行数据分析，数据来自对 261 名公司员工的调查。实证结果表明，感知的组织形式化显着影响了由 TPB、行为习惯和威慑确定性理论化的认知过程。