TitleDo Measures of Security Compliance Intent Equal Non-Compliance Scenario Agreement?
Publication TypeConference Papers
Year of Publication2022
AuthorsMarshall, B, Shadbad, F, Curry, M, Biros, D
Conference NameWISP2022: 2022 Workshop on Information Security and Privacy (WISP)
Date Published2022
Conference LocationCopenhagen, Denmark, Dec. 2022
KeywordsAccounting, BIS
Abstract

To better protect organizations from the threat of insiders, IS security (ISS) research frequently emphasizes IS Security Policy (ISP) behavior. The effectiveness of an assessment model is typically analyzed either using short survey statements (behavior survey) or by using scenario agreement (prospective scenario) to measure current and prospective compliance (or non-compliance) behavior. However, a significant gap is the lack of statistical evidence to demonstrate that these two measures or dependent variables (DV) sufficiently agree with one another. We report on an effort to compare and contrast two assessment models which employed alternate styles of DVs and demonstrate that the primary construct from two different ISS behavioral theories had approximately the same effect size on either of the DVs. Our findings add support for substantial (but not overly correlated) synchronization between the two DV values, since we also observe that the prospective scenario non-compliance measure resulted in lower model fit while the behavior survey compliance measures fit both models with higher accuracy. We discuss our findings and recommend that for many studies there can be value in employing both DVs.
Custom 2

b