Individual's Response to Security Messages: A Decision-Making Perspective

Individual decision making determines critical outcomes for organizations in various domains including information security, where the increase of security incidents is causing great concern to organizations. Information security awareness programs are an important approach towards educating users to prevent such incidents. However, it is unclear how to effectively design security programs and messages such that they can inform and change user behavior. This paper attempts to investigate this problem by studying the effects of security message characteristics on users, using the decision-making theory of elaboration likelihood. A 2×2 factorial design experiment was conducted to determine the influence of message repetition and message comprehensibility on user’s elaboration likelihood towards a security message. Our findings indicate that message repetition enhances elaboration likelihood of users. Message comprehensibility interacts with message repetition in determining elaboration likelihood. The results have implications for designing effective security messages and for decision support systems for this purpose.

[1]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[2]  Peter G. W. Keen,et al.  Decision support systems : an organizational perspective , 1978 .

[3]  J. Cacioppo,et al.  Source factors and the elaboration likelihood model of persuasion , 1984 .

[4]  Mikko T. Siponen,et al.  Critical analysis of different approaches to minimizing user-related faults in information systems security: implications for research and practice , 2000, Inf. Manag. Comput. Secur..

[5]  Jean-Charles Chebat,et al.  What makes open vs. closed conclusion advertisements more persuasive? The moderating role of prior knowledge and involvement , 2001 .

[6]  C. F. Kao,et al.  The efficient assessment of need for cognition. , 1984, Journal of personality assessment.

[7]  D. Berlyne,et al.  Motivational problems raised by exploratory and epistemic behavior. , 1962 .

[8]  I. Ajzen Nature and operation of attitudes. , 2001, Annual review of psychology.

[9]  Alice H. Eagly,et al.  Current trends in attitude theory and research , 1974 .

[10]  J. Cacioppo,et al.  Effects of need for cognition on message evaluation, recall, and persuasion. , 1983 .

[11]  Ramesh Sharda,et al.  Decision support system effectiveness: a review and an empirical test , 1988 .

[12]  Izak Benbasat,et al.  Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation , 1991, Inf. Syst. Res..

[13]  Franziska Marquart,et al.  Communication and persuasion : central and peripheral routes to attitude change , 1988 .

[14]  J. Zaichkowsky Measuring the Involvement Construct , 1985 .

[15]  Wendy Wood,et al.  Access to attitude-relevant information in memory as a determinant of persuasion: The role of message attributes , 1985 .

[16]  Rossouw von Solms,et al.  Information security awareness: educating your users effectively , 1998, Inf. Manag. Comput. Secur..

[17]  Kieran Mathieson,et al.  Predicting User Intentions: Comparing the Technology Acceptance Model with the Theory of Planned Behavior , 1991, Inf. Syst. Res..

[18]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[19]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[20]  Michel Laroche,et al.  Attitude accessibility, certainty and the attitude—behaviour relationship: an empirical study of ad repetition and competitive interference effects , 2002 .

[21]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[22]  S. Ratneshwar,et al.  The Effect of Cultural Orientation on Persuasion , 1997 .

[23]  Alice H. Eagly,et al.  Readings in attitude change , 1974 .

[24]  G. Keppel,et al.  Design and Analysis: A Researcher's Handbook , 1976 .

[25]  S. Chaiken The heuristic model of persuasion. , 1987 .

[26]  G. Keppel Design and analysis: A researcher's handbook, 3rd ed. , 1991 .

[27]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .