Theses and Dissertations



Issuing Body

Mississippi State University


Warkentin, Merrill

Committee Member

Marett, Kent

Committee Member

Otondo, Robert F.

Committee Member

Collier, Joel

Committee Member

Nehme, Alaa

Date of Degree


Document Type

Dissertation - Open Access


Business Administration – Business Information Systems

Degree Name

Doctor of Philosophy (Ph.D)


College of Business


Department of Management and Information Systems


Employees’ information security policy (ISP) related behaviors have been paid attention by previous studies in the past decades. Among different factors that are influential on employees’ ISP behaviors, different leadership styles have been tested under the information security context; however, as one leadership style that is highly related to employees’ positive organization behaviors, the role of ethical leadership has been largely overlooked under the information security context. In addition, most research in the past decades overly focused on employees’ performance on ISP in-role behaviors, including ISP compliance and violation behaviors, where extra-role behaviors – security behaviors that are beneficial to an organization’s information security protection but not required by the organization – have long been overlooked as well. Therefore, this primary focus of this research is to test the role of ethical leadership in influencing employees’ ISP-related behaviors, including both in-role and extra-role behaviors through the mediation mechanism of the theory of planned behavior.

To test the 11 hypotheses in this research model, I conducted two studies using different methods following McGrath (1982)’s suggestion, including a survey-based experiment and a cross-sectional survey. Both studies were conducted using a two-phase study design, including a preliminary investigation and main investigation. The findings of this research showed positive influences of ethical leadership on both ISP in-role and extra-role behaviors directly and indirectly through three mediators, including subjective norm about security behavior, behavioral control over security behavior, and attitude toward security behavior. Furthermore, the findings suggested attitude toward security behavior did not significantly influence ISP extra-role behavior. This research contributed to research streams of information security, ethical leadership, and theory of planned behavior, and provided managerial suggestions to organizations by showing how the ethical leadership influences employees’ two information security behaviors and the paths of improving employees’ information security performances in the organization.