End-users Compliance to the Information Security Policy: A Comparison of Motivational Factors

Abstract

Business information, held within information systems, is critical for most organizations. To protect these critical information assets, security controls should be deployed which might come as a hindrance for the end-users. The Information Security Policies (ISP) give direction to their behaviors. Organizations can focus on conditions likely to promote so-called motivational factors influencing the end-users intentions to perform the desired behavior of compliance to ISP in order to protect these information assets. In total, six motivational factors, applicable to intentions on compliance, are found during research and are measured within five organizational contexts. From the measurements and analysis is learned, that the degree to which these factors relate differs per factor and per context. Two of these factors were found to always relate in such degree to compliance intentions that even without measuring the degree for a particular organization, applying these factors can be very effective for any organization or context. The other four factors have shown to be effective within particular context(s) meaning measurement of the context is needed before utilizing these factors within an organization to optimize the effect of efforts.