Information security conscious care behaviour formation in organizations

Experts believe that technology cannot solely guarantee a secure environment for information. Users’ behaviour should be considered as an important factor in this domain. The Internet is a huge network with great potential for information security breaches. Hackers use different methods to change confidentiality, integrity, and the availability of information in line with their benefits. Users’ negligence, ignorance, lack of awareness, mischievous, apathy and resistance are usually the reasons for security breaches. Users’ poor information security behaviour is the main problem in this domain and the presented model endeavours to reduce the risk of users’ behaviour in this realm. The results showed that Information Security Awareness, Information Security Organization Policy, Information Security Experience and Involvement, Attitude towards information security, Subjective Norms, Threat Appraisal, and Information Security Self-efficacy have a positive effect on users’ behaviour. However, Perceived Behavioural Control does not affect their behaviour significantly. The Protection Motivation Theory and Theory of Planned Behaviour were applied as the backbone of the research model.