Theses and Dissertations
Issuing Body
Mississippi State University
Advisor
Warkentin, Merrill
Committee Member
Collier, Joel E.
Committee Member
Marett, Kent
Committee Member
Crossler, Robert E.
Committee Member
Otondo, Robert F.
Date of Degree
8-15-2014
Document Type
Dissertation - Open Access
Major
Business Information Systems
Degree Name
Doctor of Philosophy
College
College of Business
Department
Department of Management and Information Systems
Abstract
Information system security literature has primarily focused on cognitive processes and their impact on information security policy noncompliance behavior. Specific cognitive theories that have been applied include planned behavior, rational choice, deterrence, neutralization, and protection motivation. However, affective processes may better determine misuse or information security policy noncompliance than cognitive processes. The purpose of this dissertation is to evaluate the impact of affective absorption (i.e. the trait or disposition to become deeply involved with one’s emotions) and affective flow (i.e. a state of deep involvement with one’s emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. In essence, individuals with high levels of negative affective absorption may be more prone to experience negative affective flow which may lead to deviant behavior such as misuse of organizational information or noncompliance with information security policy. The proposed conceptual model is evaluated using the classical experimental design through a laboratory experiment. A preliminary investigation (e.g. expert panel reviews, pre-test, and pilot studies) is conducted to ensure measurement validity. During the main investigation, the proposed model and hypotheses are tested. Driven by theory, an alternative model is proposed and tested. The findings of this study underscore the need for understanding affective processes with regard to information security policy compliance behavior. By evaluating both cognitive and affective processes, we gain a more holistic understanding pertaining to information security decision making. This study contributes to information systems security literature by introducing two new constructs, affective absorption and affective flow. In addition, it asserts the need to capture actual behavior in information security research. The findings also contribute to practice by indicating that organizations should (1) include affect in their security, education, training, and awareness programs, (2) focus on eliminating frustrating tasks or reducing frustration caused by these tasks, and (3) induce positive affect through monitoring employee affect levels, identifying areas that need correction, and quickly responding to issues prior to deviance.
URI
https://hdl.handle.net/11668/20694
Recommended Citation
Ormond, Dustin K., "The Impact of Affective Flow on Information Security Policy Compliance" (2014). Theses and Dissertations. 4488.
https://scholarsjunction.msstate.edu/td/4488
Comments
compliance||attitude||affective flow||affective absorption||affect||future compliance intention||information security policy||negative affect||organizational injustice