Most often, security breaches are related to internal employees due to their indirect or direct actions leading to information security policy (ISP) violations. Therefore, understanding employees’ intrinsic motivation and security behaviour towards ISP compliance is critical. Previous studies have identified different types of extrinsic motivation, such as complying with an ISP to avoid sanctions. This research adds an important contribution: intrinsic motivation is a more effective motivator because deterrence does not have a significant effect on employee behaviour. This thesis proposes a model which predicts that intrinsic motivation influences intentions towards ISP compliance. A combination of qualitative and quantitative approaches was used to evaluate the model via five stages.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...