Theses and Dissertations

Issuing Body

Mississippi State University


Warkentin, Merrill

Committee Member

Collier, Joel E.

Committee Member

Marett, Kent

Committee Member

Crossler, Robert E.

Committee Member

Otondo, Robert F.

Date of Degree


Document Type

Dissertation - Open Access


Business Information Systems

Degree Name

Doctor of Philosophy


College of Business


Department of Management and Information Systems


Information system security literature has primarily focused on cognitive processes and their impact on information security policy noncompliance behavior. Specific cognitive theories that have been applied include planned behavior, rational choice, deterrence, neutralization, and protection motivation. However, affective processes may better determine misuse or information security policy noncompliance than cognitive processes. The purpose of this dissertation is to evaluate the impact of affective absorption (i.e. the trait or disposition to become deeply involved with one’s emotions) and affective flow (i.e. a state of deep involvement with one’s emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. In essence, individuals with high levels of negative affective absorption may be more prone to experience negative affective flow which may lead to deviant behavior such as misuse of organizational information or noncompliance with information security policy. The proposed conceptual model is evaluated using the classical experimental design through a laboratory experiment. A preliminary investigation (e.g. expert panel reviews, pre-test, and pilot studies) is conducted to ensure measurement validity. During the main investigation, the proposed model and hypotheses are tested. Driven by theory, an alternative model is proposed and tested. The findings of this study underscore the need for understanding affective processes with regard to information security policy compliance behavior. By evaluating both cognitive and affective processes, we gain a more holistic understanding pertaining to information security decision making. This study contributes to information systems security literature by introducing two new constructs, affective absorption and affective flow. In addition, it asserts the need to capture actual behavior in information security research. The findings also contribute to practice by indicating that organizations should (1) include affect in their security, education, training, and awareness programs, (2) focus on eliminating frustrating tasks or reducing frustration caused by these tasks, and (3) induce positive affect through monitoring employee affect levels, identifying areas that need correction, and quickly responding to issues prior to deviance.



compliance||attitude||affective flow||affective absorption||affect||future compliance intention||information security policy||negative affect||organizational injustice