| End-users, arguably the most important part of information systems, have received little attention concerning information security. As the security technology becomes more and more advanced, the end-user related fault---which cannot be decreased effectively by technology alone---becomes a more prominent problem.; This dissertation addresses the question of how to properly train and motivate end-users so that they can be a strong and effective security countermeasure instead of the weakest link. The objective of this study is to determine the significance and relative importance of the following factors: behavioral intention, attitude, subjective norm, perceived behavioral control, and perceived risk. To be more specific, this study answers the following two questions: (1) Do these factors matter in determining end-users' information security behaviors? (2) Which factor(s) is (are) more important in determining end-users' behaviors?; A model of the factors that affect end-users' information security behaviors and, consequently, affect the organizational information security effectiveness is proposed and tested. Research data is collected using an online survey and analyzed using Amos 5.0. The research findings support the theory that behavioral intention, perceived behavioral control, and attitudes are strong predictors of end-users' security behaviors. |
