Enforcing Information Security Protection: Risk Propensity and Self-Efficacy Perspectives

Abstract

Effective information security (InfoSec) management cannot be achieved through only technology; people are the weakest point in security and their behaviors such as inappropriate use of computer and network resources, file sharing habits etc. cannot be controlled by security technologies. Although the importance of individuals’ InfoSec behaviors has been widely recognized, there is limited understanding of what impact individual users InfoSec protection behavior. Thus, focusing on the relationships among risk propensity, InfoSec self-efficacy, InfoSec protection efforts from several theoretical lenses, the study proposes a research model to explain individuals’ intention to reinforce their InfoSec protection and empirically validates the proposed model. The results of the study are expected to provide a deeper understanding of the relationships among risk propensity, self-efficacy, risk perception, InfoSec protection efforts, and InfoSec reinforcement intention.