Skip to main content
Article
Subjective Norm and Measuring Its Impact on Information Security Behavioral Intention in Organizations.
2016 Proceedings of the Conference on Information Systems Applied Research Las Vegas, Nevada USA (2016)
  • Nooredin Etezady
Abstract
Understanding employee’s security behavior is required before effective security policies and training materials can be developed. Anti-virus software, secure systems design methods, information management standards, and information systems security policies have been developed and implemented. However, many organizations have not been successful in adopting these measures. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior (TPB), which is an extension of the theory of reasoned action, considers intentions as cognitive antecedents of actions or behavior. Attitude, subjective norm, and perceived controllability are the three constructs on which TPB is based. Several studies have investigated subjective norm and its effect on information security. This study reviews various research on subjective norm and information security in order to obtain the most commonly used description for subjective norm in the area of information security. The most commonly used measures for subjective norm are also obtained from reviewing the existing research. Utilizing the commonly used subjective norm measures, it will be possible to develop a method to measure and influence employees’ subjective norm positively with the goal of inducing positive information security behavior. Finally, a conceptual model for operationalizing the obtained subjective norm measures and enhancing information security in organizations is presented.
Keywords
  • information security,
  • subjective norm,
  • organizational security,
  • Theory of Planned Behavior
Publication Date
Fall November, 2016
Citation Information
Nooredin Etezady. "Subjective Norm and Measuring Its Impact on Information Security Behavioral Intention in Organizations." 2016 Proceedings of the Conference on Information Systems Applied Research Las Vegas, Nevada USA Vol. v9 n4253 Iss. n4253 (2016) p. 1 - 13 ISSN: 2167-1508
Available at: http://works.bepress.com/etezady/2/