Electronic Theses and Dissertations





Date of Award


Document Type


Degree Name

Doctor of Philosophy


Business Administration


Management Information Systems

Committee Chair

Thomas F. Stafford

Committee Member

Lloyd D. Brooks

Committee Member

Mark L. Gillenson

Committee Member

Marla Royne Stafford


Phishing attacks and other information security problems are major issues facing individuals and organizations in the internet age. For protection against phishing attacks, the individual needs to maintain some form of phishing protection with ongoing maintenance cost but without any immediate benefit. However, failing to maintain this protection may result in potentially negative effects, such as identity theft. Problems such as this one are largely ignored by the management information systems (MIS) literature. Instead, more general behavioral models that focus on the type of behavior that has clear perceived immediate benefits have been used to explain this type of behavior. This study adopted the protection motivation theory (PMT) as an underlying theoretical model. The main focuses of the PMT are the possible negative impacts of a threat and the potential effectiveness of protective behaviors that can be directly applied to the threat—in this case, computer security threats. The PMT model developed here was further improved to address its weakness by applying related concepts from the theory of planned behavior and the cognitive dissonance theory. The research method employed in this study was a survey-based method. The final sample consisted of 376 college students. The results from the survey indicated that the research model is substantially able to explain the intention to perform recommended phishing protections. The results also showed that to influence an individual’s intention to protect him or herself against phishing attempts, the intervention message should persuade the individual to believe that the threat is real and could be severe; that the current behavior is not effective against the threat; that the individual can successfully perform the recommended protection; that the cost of protection is reasonable; that responding to phishing does not have any benefit; and that the recommended protection is effective.


Data is provided by the student.

Library Comment

dissertation or thesis originally submitted to the local University of Memphis Electronic Theses & dissertation (ETD) Repository.