Effects of Developer Cognitive Style and Motivations on Information Security Policy Compliance

Organizations are faced with information loss on a daily basis. Threats such as hacker attacks are mitigated by applying patches, improving encryption routines, closing security loop-holes in a program and keeping a constant vigil on virus and malicious threats with up-to-date scanning techniques. Companies invest millions of dollars to keep such attacks at bay since a loss of up-time to servers could cause a significant loss in customer revenue and thus result in catastrophic losses in customer satisfaction and ultimately profits. Organizations that create or modify software try to deter threats to their applications by providing information security policies that provide guidelines to developers on what best practices need to be adopted to make their applications safe and secure for customer consumption. This study presents a conceptual model for studying how cognitive style impacts software developer motivations as they approach the task of complying with information security policies. The model is informed by the literature on information security awareness, Protection Motivation Theory, Kirton’s adaption-innovation theory and Herzberg’s motivation and hygiene theory.