Toward Developing a Theory of End User Information Security Competence

In this paper we attempt to synthesize the behavioral information security research literature to construct a theory of end-user information security competence. The theory has three components: ethics and perceptions, knowledge and skills, and behavior. Additionally, we also propose that organizations can play an important role in the development of the information security competence. Contributions to both theory and practice are discussed.