Variable Item Text Adapted From
Transformational_Leadership_Style The management always seeks for changes related to ISPs. [39]
The management always seeks for improvements related to ISPs.
The management always encourages me to comply with ISPs.
The management always educates me on the importance of practicing information security behaviour.
The management always reminds me to practice recommended information security behaviour.
Transactional_Leadership_Style The management provides incentives to their employees who comply with ISPs.
The management always checks to ensure I comply with ISPs
The management takes serious action on those who do not comply with ISPs.
The management strictly documents the ISPs that everyone should follow.
The management is aware of their employees’ weaknesses when it comes to their understanding towards information security.
The management beliefs my job performance will increase if I adopt recommended information security behaviour.
ISPs_Training_Support The management always provides specific training on information security. [42]
The management encourages me to attend the information security trainings
The management organizes information security training effectively.
The management updates me on the changes related to ISPs.
ISPs training in my organization help me to understand how to behave appropriately towards matters related to information security.
PU_Security I believe that information security can reduce security incidents in my organizations. Self- definition
I believe that information security can protect my organization’s data.
I believe that information security can avoid unauthorised access.
PU_Security-Countermeasure I believe that changing passwords regularly is effective for avoiding unauthorised access. Self-definition
I believe that using anti-virus regularly can protect my computer.
I believe that updating anti-virus regularly can protect my computer.
I believe that scanning files and devices before using them can protect my computer.
PEOU_ISPs I find it easy to understand the ISPs in my organization. [10]
I find it easy to comply with the ISPs in my organization.
I feel confident with the ISPs in my organization.
User’s information security compliance Behaviour I comply with ISPs when performing my daily work. [31]
I tend to comply with ISPs only when it is convenient to do so.
I practice recommended information security behaviour as much as possible.
Table 2: Measurement Items.