TY - JOUR
T1 - Security Policy Opt-in Decisions in Bring-Your-Own-Device (BYOD) – A Persuasion and Cognitive Elaboration Perspective
AU - Yang, Xue
AU - Wang, Xinwei
AU - Yue, Wei Thoo
AU - Sia, Choon Ling
AU - Luo, Xin(Robert)
PY - 2019
Y1 - 2019
N2 - Bring-Your-Own-Device (BYOD) has gained increased popularity in organizations but may engender information security concerns. To address these concerns, employees are expected to opt-in and comply with organizational BYOD security policy. This study investigates the factors that affect employees’ opt-in decisions with BYOD security policy. Drawing on the theoretical lenses of persuasion and cognitive elaboration, we propose that employees’ cognitive elaborations of BYOD security policy could be affected by the valence of justification of the BYOD security policy, the stringency of BYOD security measures, and the sequence of the introduction of BYOD security policy in relation to employees’ use of personal devices to perform organizational tasks and such cognitive elaborations would in turn affect opt-in decisions. We conducted an experimental survey to test our propositions. The results indicate that positive BYOD security policy justification framing and post-task security policy exposure would lead to more positive cognitive elaboration, decision to opt-in, and compliance with the BYOD security policy. This research has significant implications for security management with respect to the design and implementation of BYOD security policy within an organization according to the nature of security policy and the task requirements.
AB - Bring-Your-Own-Device (BYOD) has gained increased popularity in organizations but may engender information security concerns. To address these concerns, employees are expected to opt-in and comply with organizational BYOD security policy. This study investigates the factors that affect employees’ opt-in decisions with BYOD security policy. Drawing on the theoretical lenses of persuasion and cognitive elaboration, we propose that employees’ cognitive elaborations of BYOD security policy could be affected by the valence of justification of the BYOD security policy, the stringency of BYOD security measures, and the sequence of the introduction of BYOD security policy in relation to employees’ use of personal devices to perform organizational tasks and such cognitive elaborations would in turn affect opt-in decisions. We conducted an experimental survey to test our propositions. The results indicate that positive BYOD security policy justification framing and post-task security policy exposure would lead to more positive cognitive elaboration, decision to opt-in, and compliance with the BYOD security policy. This research has significant implications for security management with respect to the design and implementation of BYOD security policy within an organization according to the nature of security policy and the task requirements.
KW - Bring-Your-Own-Device (BYOD)
KW - information security policies
KW - security training
KW - cognitive elaboration
KW - opt-in
UR - http://www.scopus.com/inward/record.url?scp=85075407025&partnerID=8YFLogxK
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85075407025&origin=recordpage
U2 - 10.1080/10919392.2019.1639913
DO - 10.1080/10919392.2019.1639913
M3 - RGC 21 - Publication in refereed journal
SN - 1091-9392
VL - 29
SP - 274
EP - 293
JO - Journal of Organizational Computing and Electronic Commerce
JF - Journal of Organizational Computing and Electronic Commerce
IS - 4
ER -