IS Security Policy Enforcement with Technological Agents: A Field Experiment

Frank Hadasch, Ye Li, Benjamin Mueller

Research output: Contribution to conferenceOtherAcademic

2 Citations (Scopus)


This paper addresses the question of employees’ information protection behaviour from a socio- technical perspective. While prior information systems (IS) security research thoroughly examines the determinants of employees’ security motivation, this work investigates if information protection motivation translates into actual behaviour and how security policy-enforcing technological agents influence behaviour. For researchers this is important as measurements of actual security behaviour are scarce in the literature, the underlying cognitive process of information protection behaviour lacks detailed examination, and the design of information technology (IT) artefacts requires an understanding of what makes them effective in changing an employee’s information protection behaviour. In a scenario-based field experiment with 82 participants we test for direct and moderation effects of policy-enforcing technological agents on employees’ information protection behaviour. Captured screen recordings of the simulated work environment are analysed with principles of inductive reasoning to suggest a cognitive process model of users’ information protection behaviour. Shedding light into the black box of the post-motivational phase helps us to investigate when employees are specifically challenged to protect confidential information and how a policy-enforcing technological agent might help to prevent information leakage incidents.
Original languageEnglish
Publication statusPublished - 2013
Externally publishedYes
Event21. European Conference on Information Systems - Utrecht, Netherlands
Duration: 5-Jun-20138-Jun-2013


Conference21. European Conference on Information Systems


  • IS security behaviour leakage prevention policy enforcement field experiment

Cite this