A Common Description and Measures for Attitude in Information Security for Organizations

Abstract

Understanding employee's security behavior is required before effective security policies and training materials can be developed. The Anti-virus software, secure systems design methods, information management standards, and information systems security policies; which have been developed and implemented by many organizations; have not been successfully adopted. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior (TPB) based on attitude, subjective norm, and perceived behavioral control constructs, considers intentions as cognitive antecedents of actions or behavior. This study reviews various research on attitude and finds the most common measures for attitude, which can be used in organizations to develop a method to influence employees' attitude positively with the goal of inducing positive security behavior. Further, a conceptual model for operationalizing the obtained measures for enhancing information security in organizations is presented.