The Effects of IT Identity on Information Security Behaviors

Despite decades of research, the information security literature built upon the grounded theories of protection motivation and general deterrence continues to produce inconsistent and contradictory results. Some suggest that protection motivation theory, which was developed in the context of health-related behaviors, and general deterrence, which was developed in the context of criminology, suffer from a common source of mis-specification when applied to information security research. The source of this mis-specification is the assumption that the artifacts explored within this research stream are personally relevant. Recent research has explored how an information technology can become integral to one’s sense of self. When applied to information security research, this integration of an information technology into one’s sense of self, deemed IT Identity, has the potential to address the mis-specification of protection motivation and general deterrence theories by affecting an individual’s perceptions of the personal relevance of information security issues thus affecting information security behaviors.