Which factors explain employees' adherence to information security policies? An empirical study

PACIS 2007 - 11th Pacific Asia Conference on Information Systems: Managing Diversity in Digital Enterprises

Volumn , Issue , 2007, Pages

  Pahnila, Seppo ^a   Siponen, Mikko ^a   Mahmood, Adam ^b  

^a UNIVERSITY OF OULU   (Finland)

^b UNIVERSITY OF TEXAS   (United States)

Author keywords

General deterrence theory; Information security compliance; Protection motivation theory

Indexed keywords

DIRECT PATHS; EMPIRICAL STUDIES; GENERAL DETERRENCE THEORY; INFORMATION SECURITY COMPLIANCE; INFORMATION SECURITY POLICIES; INNOVATION DIFFUSION THEORY; PROTECTION MOTIVATION THEORY; SECURITY POLICY; SELF EFFICACY; THEORY OF REASONED ACTION;

INFORMATION SYSTEMS; MOTIVATION; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 80053473856     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (39)

1. Agarwal, R. and J. Prasad. "Conceptual and Operational Definition of Personal Innovativeness in the Domain of Information Technology." Information Systems Research, 1998, 9:2, pp. 204-215.
2. Ajzen, I. "The Theory of Planned Behavior", Organizational Behavior and Human Decision Processes 50:2, 1991, pp.179-211.
3. Aytes, K. and Connolly, T. "A Research Model for Investigating Human Behavior Related to Computer Security", Proceedings of the 2003 American Conference On Information Systems, Tampa, FL, August 4-6. 2003.
4. Aytes, K. and Connolly, T. "Computer and Risky Computing Practices: A Rational Choice Perspective", Journal of Organizational and End User Computing, 16:2, 2004, pp. 22-40.
5. Bagchi, K. and Udo, G. "An analysis of the growth of computer and Internet security breaches", Communications of AIS 12, 2003, pp. 684-700.
6. Bandura, A. "Self-Efficacy: Toward a Unifying Theory of Behaviour Change", Psychological Review 84:2, 1977, pp. 191-215.
7. Boudreau, M.-C., Gefen, D. and Straub, D. W. "Validation in information systems research: A state-of-the-art assessment." MIS Quarterly 25:1, 2001, pp. 1-16. (Pubitemid 33738447)
8. Cameron, J. and Pierce, W. Rewards and intrinsic motivation. Westport, Conn: Bergin & Garvey, 2002.
9. Dhillon, G. and Backhouse, J. "Current directions in information security research: toward socio-organizational perspectives", Information Systems Journal, 2001, 11:2.
10. Fishbein, M. and Ajzen, I. Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. MA, Addison-Wesley. 1975.
11. Gordon, L & Loeb, M. The economics of information security investment. ACM Transactions on Information and System Security, 2002, 5:4, pp. 438-457.
12. Hair, J.F.J., Anderson, R.E., Tatham, R.L., and Black, W. C. Multivariate data analysis. 5th ed: Upper Saddle River, New Jersey, Prentice Hall Inc, 1998.
13. Hair, J.F.J., Black,W.C., Babin, B.J. Anderson, R.E., Tatham, R.L. Multivariate data analysis. 6th ed. Pearson Prentice Hall, 2006.
14. Heijden, H. V. D. "Factors influencing the usage of websites: the case of a generic portal in The Netherlands." Information & Management, 2003, 40, pp. 541-549.
15. Hoffer, J. A. and D. W. Straub. "The 9 to 5 Underground: Are you Policing Computer Crimes." Sloan Management Review, 1989, 30:4, pp. 35-43.
16. Hoyle, R.H. Structural Equation Model. Concepts, Issues, and Applications, H. R. Hoyle (ed.), SAGE publications, Inc, 1995.
17. Higgins, G.E., Wilson, A.L. and Fell, B.D. "An Application of Deterrence Theory to Software Piracy", Journal of Criminal Justice and Popular Culture, 2005, 12:3, pp. 166-184. (Pubitemid 43011663)
18. Hinde, S. "Security surveys spring crop", Computers & Security, 2002, 21:4, pp. 310-321. (Pubitemid 34715235)
19. Karahanna, E., Straub, D. W. and Chervany, N. L. "Information technology adoption across time: A cross-sectional comparison of pre-adoption and post-adoption beliefs", MIS Quarterly, 1999, 23:2, pp. 183-213.
20. Limayem, M., and Hirt, S.G. "Force of Habit and Information Systems Usage: Theory and Initial Validation", Journal of Association for Information Systems, 2003, 4, pp. 65-97.
21. Moon, J.-W. and Y.-G. Kim. "Extending the TAM for a World-Wide-Web context." Information & Management, 2001, 38, pp. 217-230. (Pubitemid 33651294)
22. Moore, G.C. and Benbasat, I. "Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation". Information Systems Research, 1991, 2:3, pp. 191-222.
23. Pahnila, S., Siponen, M., Mahmood, A. "Employees' Behavior Towards IS Security Policy Compliance". Proceedings of 2007 Hawaii International Conference on System Sciences, 2007.
24. Puhakainen, P. A design theory for information security awareness. Unpublished Ph.D. Thesis, Oulu, Finland, 2006.
25. Rippetoe, S. and Rogers, R. W., "Effects of Components of Protection - Motivation Theory on Adaptive and Maladaptive Coping with a Health Threat", Journal of Personality and Social Psychology, 1987, 52:3, pp. 596-604.
26. Rogers, R. W. "Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation Theory", in Social Psychophysiology, J. Cacioppo and R. Petty (Eds.), Guilford, New York, 1983.
27. Rogers, R. W. and Prentice-Dunn, S. "Protection motivation theory", In D. S. Gochman (Ed.), Handbook of Health Behavior Research I: Personal and Social Determinants, New York, NY, Plenum Press, 1997, pp. 113-132.
28. Schumacker, R.E. and R.G. Lomax, A Beginner's Guide to Structural Equation Modeling, Mahwah, New Jersey: Lawrence Erlbaum Associates, 1996, pp. 288.
29. Siponen, M. "A Conceptual Foundation for Organizational Information Security Awareness", Information Management & Computer Security, 2000, 8:1, pp. 31-41.
30. Siponen, M.T. "Analysis of modern information security development approaches: towards the next generation of social and adaptable ISS methods", Information and organization, 2005, 15:4, pp. 339-375. (Pubitemid 41283300)
31. Siponen, M. T., Pahnila, S., Mahmood, A. Adherence to Information Security Policies: An Empirical Study. Proceedings of the IFIP SEC2007, Sandton, Gauteng, South Africa, 2007.
32. Stanton, J. M., Stam, K. R., Mastrangelo, P. and Jolton, J. "An analysis of end user security behaviors", Computers & Security, 2005, 24, pp. 124-133 (Pubitemid 40583824)
33. Straub, D. W. "Validating Instruments in MIS Research", MIS Quarterly, 1989, 13:2, pp. 147-169.
34. Straub, D.W. "Effective IS Security: An Empirical Study", Information Systems Research, 1990, 1:3, pp. 255-276.
35. Straub, D.W. and Welke, R.J. "Coping with Systems Risk: Security Planning Models for. Management Decision-Making", MIS Quarterly, 1998, 22:4, pp. 441-469.
36. Thompson, D. "1997 Computer crime and security survey", Information Management & Computer Security, 1998, 6:2, pp. 78-101.
37. Venkatesh, V., Morris, M. G., Davis, G. B. and Davis, F. D. "User Acceptance of Information Technology: Toward a Unified View", MIS Quarterly, 2003, 27:3, pp. 425-478
38. Villarroel, R., Fernández-Medina, E. and Piattini, M. "Secure information systems development - a survey and comparison", Computers & Security, 2005, 24:4, pp. 308-321. (Pubitemid 40752314)
39. Woon, I. M. Y., Tan, G. W. and Low, R. T. "A Protection Motivation Theory Approach to Home Wireless Security", Proceedings of the Twenty-Sixth International Conference on Information Systems, Las Vegas, 2005, pp. 367-380.