Effects of Developer Cognitive Style and Motivations on Information Security Policy Compliance

Organizations are faced with information loss on a daily basis. Threats such as hacker attacks are mitigated by applying patches, improving encryption routines, closing security loop-holes in a program and keeping a constant vigil on virus and malicious threats with up-to-date scanning techniques. Companies invest millions of dollars to keep such attacks at bay since a loss of up-time to servers could cause a significant loss in customer revenue and thus result in catastrophic losses in customer satisfaction and ultimately profits. Organizations that create or modify software try to deter threats to their applications by providing information security policies that provide guidelines to developers on what best practices need to be adopted to make their applications safe and secure for customer consumption. This study presents a conceptual model for studying how cognitive style impacts software developer motivations as they approach the task of complying with information security policies. The model is informed by the literature on information security awareness, Protection Motivation Theory, Kirton’s adaption-innovation theory and Herzberg’s motivation and hygiene theory.

[1]  M. Kirton,et al.  Adaptors and Innovators in Organizations , 1980 .

[2]  Michael J. Gallivan,et al.  The influence of software developers' creative style on their attitudes to and assimilation of a software process innovation , 2003, Inf. Manag..

[3]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[4]  Helen Sharp,et al.  Motivation in Software Engineering: A systematic literature review , 2008, Inf. Softw. Technol..

[5]  R. W. Rogers,et al.  A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[6]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[7]  R. Baskerville,et al.  An information security meta‐policy for emergent organizations , 2002 .

[8]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[9]  Thomas W. Ferratt,et al.  Are Information Systems People Different: An Investigation of Motivational Differences , 1986, MIS Q..

[10]  James H. Gerlach,et al.  An empirical analysis of open source software developers' motivations and continuance intentions , 2007, Inf. Manag..

[11]  Teresa M. Amabile,et al.  Assessing the Work Environment for Creativity , 1996 .

[12]  P. Adler,et al.  Beyond Intrinsic Motivation: On the Nature of Individual Motivation in Large-Scale Collaborative Creativity , 2009 .

[13]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[14]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[15]  M. Koch,et al.  Integrating Security Policy Design into the Software Development Process Technical Report B – 01 – 06 , 2001 .

[16]  Laurie J. Kirsch,et al.  The Last Line of Defense: Motivating Employees to Follow Corporate Security Guidelines , 2007, ICIS.

[17]  Lexis F. Higgins,et al.  A comparison of scales for assessing personal creativity in IS , 1996, Proceedings of HICSS-29: 29th Hawaii International Conference on System Sciences.

[18]  J. Daniel Couger,et al.  Comparison of KAI and ISP instruments for determining style of creativity of IS professionals , 1995, Proceedings of the Twenty-Eighth Annual Hawaii International Conference on System Sciences.

[19]  Jörg Becker,et al.  The Concept of Creativity in the Information Systems Discipline: Past, Present, and Prospects , 2010, Commun. Assoc. Inf. Syst..

[20]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[21]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[22]  Guido Hertel,et al.  Motivation of software developers in Open Source projects: an Internet-based survey of contributors to the Linux kernel , 2003 .

[23]  안태경 Social Science Research Network , 2005 .

[24]  G. R. Oldham,et al.  Rewarding creativity: when does it really matter? , 2003 .

[25]  Jin H. Im,et al.  Rethinking the issue of whether IS people are different from non-IS people , 1990 .

[26]  A. Bandura Toward a unifying theory of behavioral change , 1977 .

[27]  Helen Sharp,et al.  What Do We Know about Developer Motivation? , 2008, IEEE Software.

[28]  Edward L. Deci,et al.  Intrinsic Motivation and Self-Determination in Human Behavior , 1975, Perspectives in Social Psychology.

[29]  Hy Sockel,et al.  A confirmatory factor analysis of IS employee motivation and retention , 2001, Inf. Manag..

[30]  Huseyin Cavusoglu,et al.  The Value of Intrusion Detection Systems in Information Technology Security Architecture , 2005, Inf. Syst. Res..

[31]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[32]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..