文章基本信息

标题：Mitigating the Security Intention-Behavior Gap: The Moderating Role of Required Effort on the Intention-Behavior Relationship
本地全文：下载
作者：Jeffrey Jenkins ; Alexandra Durcikova ; Jay Nunamaker 等
期刊名称：Journal of the Association for Information Systems
印刷版ISSN：1536-9323
出版年度：2021
卷号：22
期号：1
页码：246-272
DOI：10.17705/1jais.00660
出版社：Association for Information Systems
摘要：Although users often express strong positive intentions to follow security policies, these positive intentions fail to consistently translate to behavior. In a security setting, the inconsistency between intentions and behavior—termed the intention-behavior gap—is particularly troublesome, as a single failure to enact positive security intentions may make a system vulnerable. We address a need in security compliance literature to better understand the intention-behavior gap by explaining how an omnipresent competing intention—the user’s desire to minimize required effort—negatively moderates the relationship between positive intentions and actual security behavior. Moreover, we posit that this moderating effect is not accounted for in extant theories used to explain behavioral information security, introducing an opportunity to broadly impact information security research to more consistently predict behavior. In three experiments, we found that high levels of required effort negatively moderated users’ intentions to follow security policies. Controlling for this moderating effect substantially increased the explained variance in security policy compliance. The results suggest that security researchers should be cognizant of the existence of competing intentions, such as the desire to minimize required effort, which may moderate the security intention-behavior relationship. Otherwise, such competing intentions may cause unexpected inconsistencies between users’ intentions to behave securely and their actual security behavior.
其他关键词：Security, Intention-Behavior Gap, Effort, Passwords, Information Disclosure, Competing Intentions