Date of Conferral



Doctor of Information Technology (D.I.T.)


Information Systems and Technology


Timothy Perez


The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human InfoSec behavior. Applying sociobehavioral theories to InfoSec research provides information to aid IT security program managers in developing improved SETA programs. The purpose of this correlational study was to examine through the theoretical lens of the theory of planned behavior (TPB) how attitude toward the behavior (ATT), subjective norm (SN), and perceived behavioral control (PBC) affected the intention of computer end users in a K-12 environment to follow InfoSec policy. Data collection was from 165 K-12 school administrators in Northeast Georgia using an online survey instrument. Data analysis occurred applying multiple linear regression and logistic regression. The TPB model accounted for 30.8% of the variance in intention to comply with InfoSec policies. SN was a significant predictor of intention in the model. ATT and PBC did not show to be significant. These findings suggest improvement to K-12 SETA programs can occur by addressing normative beliefs of the individual. The application of improved SETA programs by IT security program managers that incorporate the findings and recommendations of this study may lead to greater information security in K-12 school systems. More secure school systems can contribute to social change through improved information protection as well as increased freedoms and privacy for employees, students, the organization, and the community.