To establish the relationship between independent factors, and the user behaviors regarding information systems security measures under the Theory of Planned Behavior
Change Matrix for Revisions made as per comments
Comment Change
A1 Issue of Study Scope corrected
A2 Phrasing done correctly
A3 Exact problem specified
A4 Grammar corrected
A5 Word written correctly
A6 Redundant removed
A7 Grammar corrected
A8 Corrected according to importance
A9 Previous usage of theory rectified
A10 Grammar corrected
A11 Another possibility specified
A12 Anthropomorphism removed
A13 Anthropomorphism removed
A14 Grammar corrected
A15 Grammar corrected
A16 Anthropomorphism issue solved
A17 Grammar corrected
A18 Phrasing issue rectified
A19 Grammar corrected
A20 Grammar corrected
A21 Grammar corrected
A22 Grammar corrected
A23 More Research Questions added
A24 Research Sub-questions included
A25 Grammar corrected
A26 Grammar corrected
A27 Research design discussed in details
A28 Issue of IV and DV solved
A29 Abbreviations written in capital letters
A30 Grammar corrected
A31 Substantive response done
A32 Corrected as per comments A23 and A24
A33 Pilot testing described
A34 The use of IVs and DV in regression testing corrected
Section 1. Research Problem, Significance, Question(s), Title
Research Study State the research problem your study will investigate, including its background. See Instructions.
There have been significant developments in understanding IT security measures in systems (Kim, Tao, Shin, & Kim, 2010; Liang & Xue, 2010). Although there has been increased investment in technology to increase system security whose lack is the main problem being addressed, there have been striking failures that constitute much of the problem being addressed including security breach in using information systems withinin leading organizations like HP. The same issue exists in the mobile technology (Subashini & Kavitha, 2011; Weber, 2010). Concerns over the issue have increased over time, and more specifically during the digital age (Bélanger & Crossler, 2011). Nevertheless, increased investment in security has not contributed much in stopping security breaches as seen in previous studies and surveys (Subashini & Kavitha, 2011). Thus, the problem to be addressed is the ability to adopt information security systems measures as an aspect of end-user behavior when using information security system. Armerding (2012), on worst data breaches, indicates that incidence and severity of data breaches are related to the size of organization and industry, with large organizations and those operating in the financial sector most affected. Human factors pose the greatest threat to security issues. This is typically a major challenge to organizations since human conduct contribute to most system vulnerabilities as well as security breaches (Chiu, Lin, & Tang, 2005; Jones, McCarthy, & Halawi, 2010). This aspect raises major security concerns (Alice, 2010; D’Arcy, Hovav, & Galletta, 2009; PEW, 2013).
Bélanger and Crossler (2011) have conducted a study on security issues in the digital age. They indicated that information systems have a significant weakness. It is typically difficult to determine whether participants provide the desirable answers expected of them or not especially with self-reported data. A major problem could be in adhering to information security policies as studied by Bulgurcu, Cavusoglu, and Benbasat (2010). Further in developing the sampling procedures, Jones et al. (2010) intended to determine the study coverage. There are also no insights or empirical studies on employee adoption of information systems security measures based on specific industries, with studies assuming that adoption is similar across all sectors (Chuttur, 2009; Jones et al., 2010).
1.2 Purpose of the Research
State the purpose of the study. Typically, the purpose is to contribute to knowledge and solve the research problem. See Instructions. The purpose of this quantitative study will be to establish the relationship between independent factors, like employee perception, attitudes, and management support, and the user behaviors regarding information systems security measures under the Theory of Planned Behavior. The independent variables, which include employees’ perceptions, attitudes, and management support, determine the change in the dependent variable; in this case, behavior in using information security system measures (Trochim, 2006; Vogt, 2007). The factors considered in this case, would be evaluated according to the way they affects the user behavior when using information system. Factors like employees’ perceptions, attitudes, and management support have the potential of influencing employee adoption regarding the use of information system security measures for a specific industry. The industry of concern is the manufacturing industry, which could be found to have vast differences or no differences between organizations and employees when it comes to observing information security measures. There could also be differences among employees within a given company. The industry has reported high incidences of security breaches, due to unobserved security protocols (Rieback, Crispo, & Tanenbaum, 2007).This research uses a non-experimental study with the original TAM, as an outgrowth of the Theory of planned Behavior (TPB), which will be extended to be comparable to the one used in Jones et al. (2010).
This research aims at extending the original TAM model to be comparable to Jones et al (2010) in order to take into account the attitudes of the employees with regards to their peers, managers, and supervisors, or the job with respect to the same model according to Kozar, Larsen, and Lee (2003). This is because their attitudes may affect the intention of the employees to adopt and follow information systems security measures (Phelps, Nowak, & Ferrell, 2000). This would be done, through an empirical research, sing a theoretical framework with respect to the Theory of Planned Behavior, in which TAM is based. The Theory of Planned Behavior considers attitude and subjective norm as important constructs. In fact, the study by Jones et al. (2010) also showed that subjective norms highly influenced employees’ intention to adopt and use system security measures. The model by Jones et al. (2010) is applied by considering companies operating in the US in a specific industry, and by incorporating the variable of management support. This marks one of the gaps to be addressed. Further, by determining the influence generated by the attitudes of the employees with regards to their peers, managers, and supervisors, or the job, this research extends the use of Jones et al. (2010) extended TAM model which incorporates management support as the intervening variable on subjective norms according to Jones, McCarthy, Halawi, and Mujtaba (2010).
In this study, management support is incorporated as an independent variable alongside employees’ attitudes and perceptions, while factors such as age and management level are used as intervening variables. Therefore, the research provides new insight into ways of promoting employee acceptance of technology as well as assist in the development of appropriate security measures through the analysis of employee attitudes, management support and external controls on technology acceptance levels. An empirical study of the management support would validate the development of intervention measures relating to employee support.
1.3 Significance of the Study.
Describe the significance of your study’s investigation of the research problem. Include a statement of the study’s particular significance to the field of Organization and Management. See Instructions. This study is significant because it shows the usefulness of the study of the research problem to all stakeholders: system developers, policy makers, entrepreneurs, and managers, and information system users since it will offer additional insights with regards to promoting employee adoption and acceptance, as well as use of computer information system security measures. By using the findings of the study, managers can gain new insight into ways that promote employee acceptance and use of security systems policies, particularly for large corporations. The empirical study will also help in determining the major factors that influence employees’ adoption of information systems security measures.
Therefore, the research will contribute to new knowledge about the adoption information system and the respective security measures within a specific industry such as manufacturing, which may contribute to reducing system security measures adoption failures in organizations. Important information and insight is also provided, which security professionals and management can use in designing information security measures that promote usage by employees, and communicating them to the employees (Jones et al., 2010). Its significance to the academic field of study is that students, using future researcher, can gain an insight of the problem from a broader perspective since the study would bring together various aspects from previous studies and include some aspects that have never been tackled in such studies. Researchers would also gain a basis of arguing for the need to focus on information security measures even at an individual level (Chin, Felt, Sekar, & Wagner, 2012).
1.4 Research Question
Write out your research question. If there are sub-questions or more than one, number them accordingly. See Instructions. Using information system is a sensitive practice, but some employees within some organizations may not observe the necessary security measures adequately. The failure in this aspect could be associated with a number of factors which are the variables to be used for the research. The statistical model used to test the omnibus/overall hypothesis is TAM, which is a modification from Jones et al. (2013) using a probability sample obtained using the random sampling method.
These variables then leads to the following research questions:
Main RQ: To what extent do employees’ perceptions, attitudes, and management support predict end-user behavior in adopting information security systems based on the theory of planned behavior?
Sub-Questions
RQ1: To what extent do employees’ perceptions predict end-user behavior in adopting information security systems, based on the theory of planned behavior?
RQ2: To what extent do employees’ attitudes predict end-user behavior in adopting information security systems, based on the theory of planned behavior?
RQ3: To what extent does management support predict end-user behavior in adopting information security systems, based on the theory of planned behavior?
1.5 HypothesesFor each quantitative question and sub-question (sub-Q), list hypotheses for their investigation. Give nulls and alternates for each sub-Q. See Instructions. Ho1: There is no significant relationship between employees’ perceptions in predicting end-user behavior when using Information Systems
Ha1: There is a significant relationship between employees’ perceptions in predicting end-user behavior when using Information Systems
Ho2: There is no significant relationship between employee attitudes in predicting end-user behavior when using Information Systems
Ha2: There is a significant relationship between employees’ attitudes in predicting end-user behavior when using Information Systems
Ho3: There is no significant relationship between management support influence to employees’ behavioral intentions when using Information Systems
Ha3: There is a significant relationship between management support influences to employees’ behavioral intentions when using Information Systems.
1.6 Method overview Briefly describe the methodologies and methods (data collection, statistical models, and analysis) that will be used to conduct the study. The proposed method is a quantitative study that is non-experimental. As a quantitative study, quantifiable data is used to derive a solution to the research problem. A meaningful research design would be considered for the quantitative study. The design is based on targeting major corporations in the manufacturing industry approach on a sample of 2*102 respondents from 10 leading major corporations in the manufacturing sector, specifically those operating in the US. This implies that from each corporation, 20 respondents would be selected from 1o corporations through random sampling and the final list maintained for the research. Permission would be obtained from the responsible management. This sample size would be large enough to minimize biasness of the research results. Only the corporations having information systems security measures in place would be considered. Online survey tool, Survey Monkey, will be used and the link for the survey will be distributed via e-mail to potential respondents. Questionnaires will be used for the survey. Each of the respondents would be chosen randomly and completely by chance. All the respondents would have an equal probability of being selected from any of the 10 corporations during the sampling process. The technique would be a surveying technique that is hardly biased (Yates, David, Daren, 2008).
Partial Least Squares (PLS), which is an element-based structural equation modeling method, will be used to analyze the data collected. PLS graph, build 1126, version 3 will be used for data analysis. The guidelines specified in Chin et al. (2003) shall be followed while analyzing the data; additionally, other exemplars in Information Systems research will also be followed. Modeling of the constructs will be done using reflective indicators. Employee attitude will be coded as per the score of each participant, while perception will be coded as an ordinal variable; this will be consistent with Davis (2000).
Ordinal data would be tested for normality in order to be used for parametric testing with respect to the numerical scores placed on the variable (Sheskin, 2007). Prior to indicating the terms of interaction, the variables will be mean-centered at the indicator level. This will help limit certain multicollinearity. To test the various PLS models, bootstrapping method will be employed.
1.7 Dissertation Title
Do not write the title until Items 1.1-1.6 are complete. See Instructions. Employee adoption of information security measures in the manufacturing sector using extended TAM under a quantitative study.
DISSERTATION RESEARCHERS: STOP!!!
If this RP is for your dissertation (after comps), forward completed Section 1 plus your references gathered so far (section 8) to your Mentor for review and for Specialization Chair’s Approval. (Work on your full Literature Review while waiting for topic approval)
Section 2. Overall Methodology and Approach
2.1 Research Design
Describe your research design in words. See Instructions. The study would be based on a quantitative research methodology which focuses on gathering data, usually in numerical form. The data would then be generalized across large groups of people, especially employees within similar organizations. A non-experimental approach shall be used on a sample of 200 respondents from 10 leading major corporations in the manufacturing sector, specifically those operating in the US. From each corporation, 20 respondents shall be considered for the research. Each of the companies must have information systems security measures in place. Since the research is quantitative in nature, quantitative methods of data collection and analysis shall be used for the survey. An online survey tool and a Survey Monkey will be used since the data will be collected through online means. To make the online survey possible online questionnaires will be distributed via e-mail to potential respondents, which would be done through the Survey Monkey audience service. Typically, the potential respondents will be selected using a random sampling technique. Each of the 10 organizations will offer an opportunity for testing the research model in real world settings. The potential respondents will be derived from the ten different organizations offering different functional areas. In all the ten organizations, data will be collected over a period of five months with four measurement points. The data shall then be compiled for analysis. The analysis will also be quantitative.
2.2 Approach
Quantitative approaches include experimental, quasi-experimental, or non-experimental. Please state the approach, then how it is consistent with your research problem/question. See Instructions for details. The approach that shall be utilized for this study, as has already been mentioned, shall be a non-experimental approach, which either describes something that has happened or evaluates the relationships between variables. This approach is selected since this study has a number of independent variables that are to be studied against a dependent variable, which cannot be manipulated; the research question is what drives this study. Non-experimental research approach is used in determining the nature of a given situation as it is at the time of a given study. With this kind of approach, no control or administration of treatment is required as is the case with experimental approach. Despite the fact that non-experimental is not usually meant to test hypothesis, a casual comparative approach, which is directed towards hypothesis testing is used. This hypothesis testing is used because it can provide a good description of the relationship between perceptions, attitudes, and management support influence when using Information Systems.
2.3 Methodological Model
Describe the statistical model. If using a particular quantitative model (e.g., structural equation modeling or a specific kind of regression analysis), describe it here. The model must align with the research question. If not, type N/A. See Instructions for details. PLS, Partial Least Squares, which is an element-based structural equation modeling method, will be used to analyze the data collected. PLS graph, build 1126, version 3 will be used for data analysis. According to Chin, Marcolin, and Newsted (2003), PLS have very minimal restrictions with regards to the sample size used as well as the distributional assumptions. The guidelines specified in Chin et al. (2003) shall be followed while analyzing the data; additionally, other exemplars in Information Systems research will also be followed such as Structured Equation Modeling (SEM). Modeling of the constructs will be done using reflective indicators. Employee attitude will be coded as per the score of each participant, while perception will be coded as an ordinal variable; this will be consistent with Davis (2000). Prior to indicating the terms of interaction, the variables will be mean-centered at the indicator level. This will help limit certain multicollinearity. To test the various PLS models, bootstrapping method will be employed.
2.4 Rationale
Discuss how your design is suited to answering your research question(s). See Instructions for details. The 10 organizations will offer an opportunity for testing the research model in real world settings. This design will enable hypothesis testing, specifically allow for the description of the relationship between perceptions, attitudes, and management support influence when using Information Systems. The use of a large sample would provide results that reflect close to the actual population being studied due to lack of biasness.
Section 3. Framework, Constructs, Variables, Operational Definitions
3.1 Theoretical Framework
Describe the business theory base that guides or focuses this study or defines the constructs it will investigate. See Instructions. Previous studies using TAM such as Jones et al. (2010) have focused more on three wide areas including some of them replicating TAM and focusing on psychometric features of TAM constructs; other have offered theoretical underpinning of great importance for TAM constructs, specifically with regards to perceived ease of use and perceived usefulness; others have sought to extended the TAM model by adding some more constructs as determinants of the original TAM constructs. The behavioral theory also explains two of the three constructs, attitude and perception in terms of cognitive dissonance theory and the self-perception theory respectively.
These theories explain how these variables relate to one another and the way they can influence the adoption of information security measures by employees. Motivation theory of management could be used for management support construct to strengthen the moderation aspect of the variable as discussed further in the paper. Further, studies into employee adoption of information system security measures that have been carried out using the extended TAM such as that of Jones et al. (2010), have focused on self-reported data, which are usually considered to cause a lot of concern since it is difficult to accurately rate their behavior. In fact, with self-reported data, it is difficult to determine whether participants’ gives expected desirable answers or the most truthful answers.
There are also no insights or empirical studies on employee adoption based on specific industries, with studies assuming that adoption is similar across all sectors (Chuttur, 2009; Jones et al., 2010). With this in mind, this research develops a theoretical framework which incorporates and somewhat extends TAM with the aim of assessing the factors that influence employee adoption and use of information system security measures for a specific industry, the manufacturing industry, which has reported high incidences of security breaches.
The TAM model proposed is comparable to that used in Jones et al. (2010) but takes into account additional constructs including the attitudes of the employees with regards to their peers, managers, and supervisors, or the job. This is because employees’ attitudes may affect the intention of the employees to adopt and follow information systems security measures. Thus, this theoretical framework is based on the Theory of Planned behavior. This is because the Theory of Planned behavior considers attitude and subjective norm as important constructs. In fact, the study by Jones et al. (2010) also showed that subjective norm had the largest effect on employees’ intention to adopt and use system security measures. Further, by determining the effect of the attitudes of the employees with regards to their peers, managers, and supervisors, or the job, this research extends the use of Jones et al (2010) extended TAM model which incorporates management support as the intervening variable on subjective norms. However, in this study management support is incorporated as the intervening variable on employees’ attitudes to use.
Therefore, the research provides new insight into ways of promoting employee acceptance of technology as well as assist in the development of appropriate security measures through the analysis of employee attitudes, management support and external controls on technology acceptance levels. An empirical study into the management support would validate the development of intervention measures relating to employee support.
3.2 Unit(s) of Analysis
Describe the unit(s) of analysis for this study. Typically, the unit of analysis will be individual or group. Multiple research questions may require different units of analysis. See Instructions. This study focuses on analyzing employee behavior and adoption of information security systems. In order to analyze employee adoption of security systems, data regarding employee perceptions, attitudes, and management support will be collected, and will be used to determine whether these variables influence employee adoption of security systems. Therefore, in this study, the unit of analysis is an individual from the sample versus a behavior portrayed by the individual, particularly, employee attitudes and perception with regards to adoption of information security systems. In this regard, to determine and accept whether the hypothesis is probably true or false, certain steps are taken. The research questions and the related hypothesess being addressed are:
Main RQ: To what extent do employees’ perceptions, attitudes, and management support predict end-user behavior in adopting information security systems based on the theory of planned behavior?
Sub-Question and Respective Hypotheses
RQ1: To what extent do employees’ perceptions predict end-user behavior in adopting information security systems, based on the theory of planned behavior?
Ho1: There is no significant relationship between employees’ perceptions in predicting end-user behavior when using Information Systems
Ha1: There is a significant relationship between employees’ perceptions in predicting end-user behavior when using Information Systems
RQ2: To what extent do employees’ attitudes predict end-user behavior in adopting information security systems, based on the theory of planned behavior?
Ho2: There is no significant relationship between employee attitudes in predicting end-user behavior when using Information Systems
Ha2: There is a significant relationship between employees’ attitudes in predicting end-user behavior when using Information Systems
RQ3: To what extent does management support predict end-user behavior in adopting information security systems, based on the theory of planned behavior?
Ho3: There is no significant relationship between management support influence to employees’ behavioral intentions when using Information Systems
Ha3: There is a significant relationship between management support influences to employees’ behavioral intentions when using Information Systems.
3.3 Constructs
Define each construct required by the research question and title. Provide citations showing your theoretical framework. Number each construct. See Instructions. Various constructs are required by the research questions and title in this study. A construct refers to a conceptual term that describes a scenario that cannot be directly observed; it is basically an abstract idea or image meant for a given study. The constructs are defined as follows:
Employees’ Attitudes
The study evaluates employee behavior particularly, employee attitudes and perception with regards to adoption of information security systems. Attitude and perception are mainly attributed to lack of experience among people. Attitudes and perception can be explained through the Cognitive Dissonance Theory, which allows the action of dissonance between the factors causing levels of uncomfortable feeling and a determination wavering thereby reflecting the need to change due to this. This aspect could ultimately generate some variation in the way employees respond to the use of information systems (Jeffrey, 2005).
Employees’ Perception
The study also evaluates employees’ perceptions towards the use of information security measures. Perception is essentially the way an individual perceives something in terms of the benefits or issues associated with it (Ion & Langheinrich et al., 2010). The theory of Self-perception can explain this construct and accounts for attitude formation among people. According to the theory, individuals develop their attitudes due to lack of experience (Laird, 2007). The lack of experience determines the way people would perceive something such as using information security measures in the case of this study.
Management Support
The research investigates employees’ behavioral intention to adopt and use information security measures and its relationship to management support, employee attitudes and employee perception. Management happens within an organizational setting that is well structured with prescribed roles, and it is set to achieve aims and objectives by influencing employees’ efforts. Management support can be achieved through the Theory of Motivation, in which the management provides the best motivational support possible to its employees (Kautish & Thapliyal, 2012).
The IVs (Independent Variables) in this study are employee’s perception and employee’s attitudes while the dependent variable is the employees’ behavioral intention to adopt and use information security systems. Management support, on the other hand, acts as an MV, Moderating Variable. There are other MV, Moderating that are related to the research question and the hypothesis; they include: (i) age, (ii) level of management or work, and (iii) years of employment. Age is a demographic variable used as an MV. It has some impact on internet usage, besides haltering the attitude and perception of people towards the use of information security measures (Teo, 2001; Zukowski & Brown, 2007).
3.4 Variables (Definitions of Constructs as variables)
Define each construct (in Item 3.3) as a variable. Provide citations to theoretical framework or previous research supporting the selection of variable type. See Instructions. Employee’s Perception: Perception refers to people’s sensory experience of their environment. It involves both recognition and actions in response to environmental stimuli. It contributes to the way one perceives something in real life (Goldstein & Cialdini, 2009). In this study, employee perceptions are considered as being reality; it is what the employees perceive or consider about security measures regardless of the management’s intent about security measures (Sandhu & Samarati, 1994).
Employee’s Attitude: Attitude can be defined as being an investigative and evaluative judgment either unfavorable or favorable that is directed or is possessed by an individual towards an object, attitude object according to Laird (2007) An object or attitude object can either be concrete, such as the internet, or abstract, such as information technology security measures. The attitude could be depicted by an individual or a group (Sarker, Valacich, & Sarker, 2005). Usually, employees are typically somewhat biased towards those objects, in which their examination is positive; they are also against those attitude objects in which their evaluation is negative.
Management Support: Management support is a moderating variable. Management support entails the use of prescribed roles to assist employees in their activities by enhancing their efforts. The support can be offered through employee motivation, through guidance, leading by example, as well as through encouragement (Kautish & Thapliyal, 2012). The theory of motivation can be useful in this case such as in security protection motivation (Herath & Rao, 2009). In their study, Kautish and Thapliyal (2012) investigated decision support system and established that it is highly related to knowledge management, which is an aspect of management support.
3.5 Operational Definitions
Present an operational definitio