| Variable |
Item Text |
Adapted From |
| Transformational_Leadership_Style |
The management always seeks for changes related to ISPs. |
[39]
|
| The management always seeks for improvements related to ISPs. |
| The management always encourages me to comply with ISPs. |
| The management always educates me on the importance of practicing information security behaviour. |
| The management always reminds me to practice recommended information security behaviour. |
| Transactional_Leadership_Style
|
The management provides incentives to their employees who comply with ISPs. |
| The management always checks to ensure I comply with ISPs |
| The management takes serious action on those who do not comply with ISPs. |
| The management strictly documents the ISPs that everyone should follow. |
| The management is aware of their employees’ weaknesses when it comes to their understanding towards information security. |
| The management beliefs my job performance will increase if I adopt recommended information security behaviour. |
| ISPs_Training_Support |
The management always provides specific training on information security. |
[42] |
| The management encourages me to attend the information security trainings |
| The management organizes information security training effectively. |
| The management updates me on the changes related to ISPs. |
| ISPs training in my organization help me to understand how to behave appropriately towards matters related to information security. |
| PU_Security |
I believe that information security can reduce security incidents in my organizations. |
Self-
definition
|
| I believe that information security can protect my organization’s data. |
| I believe that information security can avoid unauthorised access. |
| PU_Security-Countermeasure |
I believe that changing passwords regularly is effective for avoiding unauthorised access. |
Self-definition
|
| I believe that using anti-virus regularly can protect my computer. |
| I believe that updating anti-virus regularly can protect my computer. |
| I believe that scanning files and devices before using them can protect my computer. |
| PEOU_ISPs |
I find it easy to understand the ISPs in my organization. |
[10] |
| I find it easy to comply with the ISPs in my organization. |
| I feel confident with the ISPs in my organization. |
| User’s information security compliance Behaviour |
I comply with ISPs when performing my daily work. |
[31] |
| I tend to comply with ISPs only when it is convenient to do so. |
| I practice recommended information security behaviour as much as possible. |
