Theses and Dissertations

Issuing Body

Mississippi State University


Warkentin, Merrill

Committee Member

Otondo, Robert F.

Committee Member

Marett, Kent

Committee Member

Crossler, Robert E.

Committee Member

Xu, Jianzhong

Other Advisors or Committee Members

Lowry, Paul Benjamin

Date of Degree


Document Type

Dissertation - Open Access


Business Information Systems

Degree Name

Doctor of Philosophy


College of Business


Department of Management and Information Systems


Despite the best efforts of many organizations, protection of information assets continues to be a major problem for a number of firms. A large portion of data breaches can be attributed to employees of the organization, who have been commonly identified as the weakest link in an organization’s overall security profile. Organizations implement security policies to give their employees guidelines for appropriate behavior related to information protection. For policies to be effective, employees must exhibit adequate comprehension of the secure behaviors described in the policy. Security Education, Training, and Awareness (SETA) programs have been utilized as an organizational mechanism for communicating the details of security policies and the importance of employees’ compliance. Although researchers have identified the importance of SETA programs in the implementation of security policies, individual differences among employees may contribute to the effectiveness of a SETA program. One such difference is an employee’s orientation toward self-determined (intrinsic) or control-oriented (extrinsic) forms of motivation related to both the workplace context and situational tasks, such as participation in a SETA program. A theoretical model is developed to assess the influence of an employee’s overall work motivation and perceptions of the work environment on his or her situational motivation toward participating in an organization’s SETA program. Methods for capturing the hypothesized relationships and analysis of the associated data are described. The findings indicate that an employee’s perceptions of autonomy, competence, and relatedness while participating in the SETA program have a significant impact on the employee’s motivation toward the SETA program. SETA program motivation significantly influenced an employee’s attitude toward the information security policy (ISP), cognition of ISP concepts, and intention to comply with the ISP while also serving as a significant predictor of an employee’s decision to participate in an additional training program. Implications for both research and practice are discussed.