Taxonomy of compliant information security behavior

Computers and Security

Volumn 31, Issue 5, 2012, Pages 673-680

  Padayachee, Keshnee ^a  

^a UNIVERSITY OF SOUTH AFRICA   (South Africa)

Author keywords

Access control; Behavior; Compliance; Deterrence control; Motivation

Indexed keywords

BEHAVIOR; COMPLIANCE; EMPIRICAL STUDIES; END-USER PERSPECTIVE; END-USERS; INFORMATION SECURITY POLICIES; INTRINSIC MOTIVATION; SELF-DETERMINATION THEORIES;

ACCESS CONTROL; MOTIVATION;

TAXONOMIES;

EID: 84862271726     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2012.04.004     Document Type: Article

References (35)

1. S. Alfawaz, K. Nelson, and K. Mohannak Information security culture: a behavior compliance conceptual framework Proceedings of the 8th Australasian Information Security Conference (AISC) 2010 47 55
2. J.C. Ball The deterrence concept in criminology and law The Journal of Criminal Law, Criminology, and Police Science 46 1955 347 354
3. M. Chan, I. Woon, and A. Kankanhalli Perceptions of information security in the workplace: linking information security climate to compliant behavior Journal of Information Privacy and Security 1 2006 18 41
4. D. D'Arcy, and A. Hovav Deterring internal information systems misuse Communications of the ACM 50 2007 113 117 (Pubitemid 47505008)
5. D. D'Arcy, and A. Hovav Does one size fit all? Examining the differential effects of IS security countermeasures Journal of Business Ethics 89 2009 57 71
6. D. D'Arcy, and T. Herath A review and analysis of deterrence theory in the IS security literature: making sense of disparate findings European Journal of Information Systems 20 2011 643 658
7. E.L. Deci, and R.M. Ryan Intrinsic motivation and self-determination in human behavior 1985 Plenum New York
8. Deloitte Global security survey [cited 26 October 2010] 2007 Available from: http://www.deloitte.com/view/en-GX/global/industries/financial-services/ 5f5d5724a82fb110VgnVCM100000ba42f00aRCRD.htm
9. S. Furnell, and K.-L. Thomson From culture to disobedience: recognising the varying user acceptance of IT security Computer Fraud & Security 2009 2009 5 10
10. E. George, G.E. Higgins, and D.A. Makin Self-Control, deviant peers and software piracy Psychological Reports 95 2004 921 931 (Pubitemid 40131934)
11. H.G. Grasmick, and R.J. Bursik Conscience, significant others, and rational choice: extending the deterrence model Law & Society Review 24 1990 837 862
12. T. Herath, and H.R. Rao Encouraging information security behavior in organizations: role of penalties, pressures and perceived effectiveness Decision Support Systems 47 2009 154 165
13. T. Herath, and H.R. Rao Protection motivation and deterrence: a framework for security policy compliance in organisations European Journal of Information Systems 18 2009 106 125
14. G.E. Higgins, A.L. Wilson, and B.D. Fell An application of deterrence theory to software piracy Journal of Criminal Justice and Popular Culture 12 2005 166 184 (Pubitemid 43011663)
15. J. Hunker, and C.W. Probst Insiders and insider threats - an overview of definitions and mitigation techniques Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 2 2011 4 27
16. P. Ifinedo Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory Computers & Security 31 2011 83 95
17. M. Jovanovic, D. Starcevic, M. Minovic, and V. Stavljanin Motivation and multimodal interaction in model-driven educational game design IEEE Transactions on Systems, Man and Cybernetics Systems and Humans, Part A 41 2011 817 824
18. J. Leach Improving user security behaviour Computers & Security 22 2003 685 692
19. Y. Li, T. Chan-Hoo, X. Heng, and T. Hock-Hai Open source software adoption: motivations of adopters and amotivations of non-adopters SIGMIS Database 42 2011 76 94
20. G.B. Magklaras, and S.M. Furnell Insider threat prediction tool: evaluating the probability of IT misuse Computers & Security 21 2001 62 73 (Pubitemid 34133784)
21. S.J. Marcinkowski, and J.M. Stanton Motivational aspects of information security policies IEEE internal conference on systems, man and cybernetics 2003 2527 2532
22. Padayachee K. An aspect-oriented approach towards enhancing optimistic access control with usage control. Pretoria: University of Pretoria (Doctoral-Thesis) [cited 5 November 2010]; Available from: http://upetd.up.ac. za/thesis/available/etd-07262010-142652/; 2009.
23. S. Pahnila, M. Siponen, and A. Mahmood Employee's behavior towards IS security policy compliance Proceedings of the 40th Hawaii international conference on system sciences 2007 1561
24. J. Predd, S.L. Pfleeger, J. Hunker, and C. Bulford Insiders behaving badly IEEE Security & Privacy 6 2010 66 70
25. R.M. Ryan, and E.L. Deci Intrinsic and extrinsic motivations: classic definitions and new directions Contemporary Educational Psychology 25 2000 54 67
26. E.E. Schultz A framework for understanding and predicting insider attacks Computers & Security 21 2002 526 531 (Pubitemid 35186246)
27. E. Shaw, K. Ruby, and J. Post The insider threat to information systems Security Awareness Bulletin 1998 2 98
28. S. Sherizen Criminological concepts and research findings relevant for improving computer crime control Computers & Security 9 1990 215 222 (Pubitemid 20694883)
29. M. Siponen, S. Pahnila, and A. Mahmood Employees' adherence to information security policies: an empirical study IFIP International Federation for Information Processing 2007 133 144
30. M. Siponen, S. Pahnila, and M.A. Mahmood Compliance with information security policies: an empirical investigation Computer 43 2010 64 71
31. A. Vance, M. Siponen, and S. Pahnila How personality and habit affect protection motivation Workshop on Information Security and Privacy (WISP 2009) 2009 14 21
32. A. Whitten, and J.D. Tygar Why Johnny can't encrypt: a usability evaluation of PGP 5.0 Proceedings of the 8th USENIX security symposium 1999 14
33. A. Wiklund-Engblom, M. Hassenzahl, A. Bengs, and S. Sperring What needs tell us about user experience T. Gross, J. Gulliksen, P. Kotzé, L. Oestreicher, P. Palanque, R. Prates, Human-computer interaction - INTERACT 2009 2009 Springer Berlin/Heidelberg 666 669
34. R. Willison, and M. Siponen Overcoming the insider: reducing employee computer crime through situational crime prevention Communications of the ACM 52 2009 133 137
35. M. Workman, W.H. Bommer, and D. Straub Security lapses and the omission of information security measures: a threat control model and empirical test Computers in Human Behavior 24 2008 2799 2816