Employees' information security awareness and behavior: A literature review

Proceedings of the Annual Hawaii International Conference on System Sciences

Volumn , Issue , 2013, Pages 2978-2987

  Lebek, Benedikt ^a   Uffen, Jörg ^a   Breitner, Michael H ^a   Neumann, Markus ^b   Hohler, Bernd ^b  

^a LEIBNIZ UNIVERSITY HANNOVER   (Germany)

^b Bhn Dienstleistungs GmbH Coand KG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AWARENESS AND BEHAVIORS; BEHAVIORAL FACTORS; BEHAVIORAL THEORY; INFORMATION SECURITY AWARENESS; LITERATURE REVIEWS; SECURITY AWARENESS; SECURITY RESEARCH; WEAKEST LINKS;

INFORMATION MANAGEMENT; RESEARCH; SECURITY OF DATA; SYSTEMS SCIENCE;

BEHAVIORAL RESEARCH;

EID: 84875493546     PISSN: 15301605     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2013.192     Document Type: Conference Paper

References (40)

1. S. Abraham, "Information Security Behavior: Factors and Research Directions", Proceedings of the American Conference on Information Systems (AMCIS), Paper 462, 2011.
2. I. Ajzen, "The Theory of Planned Behavior", Organizational Behavior and Human Decision Processes, Vol. 50, No. 2, pp.179-211, 1991.
3. A. Al-Omari, O. El.Gayar, A. Deokar, "Security Policy Compliance: User Acceptance Perspective", Proceedings of the 45th Hawaii International Conference on System Sciences (HICSS), pp. 3317-3316, 2012.
4. C.L. Anderson, and R. Agarwal, "Practicing Safe Computing: A multimethod empirical examination of home computer user behavioral intentions", MIS Quarterly, Vol. 34, No. 3, 2010, pp. 613-643, 2010.
5. A. Aurigemma, R. Panko, "A Composite Framework for Behavioral Compliance with Information Security Policies", Proceedings of the 45th Hawaii International Conference on System Sciences (HICSS), pp. 3248-3257, 2012.
6. N. Boon Yuen and A. Kankanhalli,. "Processing Information Security Messages: An Elaboration Likelihood Perspective", Proceedings of the European Conference on Information Systems (ECIS), Paper 113, 2008.
7. B. Bulgurcu, H. Cavusoglu, I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness", MIS Quarterly, Vol. 34, pp. 523-548, 2010.
8. B. Bulgurcu, H. Cavusoglu, I. Benbasat, "Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance", Proceedings of the American Conference on Information Systems (AMCIS), Paper 419, 2009
9. M. Chan, I. Woon A. Kankanhalli, "Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior", Journal of Information Privacy Security, Vol. 1, pp. 18-41, 2005.
10. Davis, F. D., Bagozzi, R. P., and Warshaw, P. R. 1989. "User Acceptance of Computer Technology: A Comparison of Two Theoretical Models," Management Science, Vol. 35, no. 8, pp. 982-1003, 1989.
11. J. D'Arcy, A. Hovav, "Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures", Journal of Business Ethics, Vol. 89, pp. 59-71, 2009.
12. J. D'Arcy, A. Hovav, D. Galletta, "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach", Information Systems Research, Vol. 20, No. 1, pp. 79-98, 2009.
13. M. Fishbein, I. Ajzen, "Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research", MA, Addison-Wesley, 1975.
14. T. Herath, H.R. Rao, "Protection motivation and deterrence: a framework for security policy compliance in organizations", European Journal on Information Systems, Vol. 18, No. 2, pp. 106-125, 2009
15. M. Karjalainen, M.T. Siponen, "Toward a New Meta-Theory for Designing Information Systems (IS) Security Training Approaches", Journal of the Association for Information Systems (JAIS), Vol. 12, pp. 518-555, 2011.
16. A.G. Kotulic, and J.G. Clark, "Why there aren't more information security research studies", Information & Management, Vol. 41, 2004, pp. 597-607, 2004.
17. R. Kukafka, S.B. Johnson, A. Linfante, J.P. Allegrantec, "Grounding a new information technology implementation framework in behavioral science: a systematic analysis of the literature on IT use", Journal of Biomedical Informatics, Vol. 36, pp. 218-227, 2003.
18. Y. Levy, T.J. Ellis, "Towards a Framework of Literature review Process in Support of Information Systems Research", Proceedings of the Informing Science and IT Education Joint Conference, pp. 171-181, 2006.
19. T.J. Madden, P.S. Scholder, I. Ajzen, "A Comparison of the Theory of Planned Behavior and the Theory of Reasoned Action", Personality and Social Psychology Bulletin, Vol. 18, pp. 3-9, 1992.
20. W.A. Mehrens, I.J. Lehman, "Using standadized tests in education", Longman Group United Kingdom, 1987.
21. S. Mishra, G. Dhillon, "Information systems security governance research: A behavioral perspective", Proceedings of the 1st Annual Symposium on Information Assurance, Academic Track of 9th Annual NYS Cyber Security Conference, pp. 18-26, 2005.
22. S. Pahnila, M.T. Siponen, A. Mahmood, "Employees' Behavior towards IS Security Policy Compliance", Proceedings of the 40th Hawaii International Conference on System Sciences (HICSS), 2007.
23. P.M. Podsakoff, D. Organ, "Self-reports in organizational research: Problems and prospects", Journal of Management, Vol. 12 No. 4, pp. 531-544, 1986.
24. R.W. Rogers, "Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation Theory", in Social Psychophysiology, J. Cacioppo and R. Petty (Eds.), Guilford, New York, 1983.
25. M. Rosemann, I. Vessey, "Toward Improving the Relevance of Information Systems Research to Practice: The Role of Applicability Checks" MIS Quarterly, Vol. 32, No. 1, 2008.
26. J.L. Spears, H. Barki, "User Participation in Information Systems Security Risk Management", MIS Quarterly, Vol. 34, No. 3, pp. 503-522, 2010
27. D.W. Straub, "Effective IS security: An empirical study", Information Systems Research, Vol. 1, No. 3, pp. 255-276, 1990.
28. V. Venkatesh, M.G. Morris, G.B. Davis, F.D. Davis, "User Acceptance of Information Technology: Toward a Unified View", MIS Quarterly, Vol. 27, No. 3, pp. 425-478, 2003.
29. M.T. Siponen, "Critical analysis of different approaches to minimizing user-related faults in information systems security: implications for research and practice", Information Management & Computer Security, Vol. 8, pp. 197-209, 2000.
30. M.T. Siponen, S. Phanila, A.M. Mahmood, "A New Model for Understanding Users' IS Security Compliance", Proceedings of the Pacific Asia Conference on Information systems (PACIS), 2006.
31. M.T. Siponen, A. Osborn Vance, "Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations", MIS Quarterly, Vol. 34 No. 3, pp. 487-502, 2010.
32. S. Sivo, S. Saunders, Q. Chang, and J.J. Jiang, "How low should you go? Low response rates and the validity of inference in IS questionnaire research", Journal of the Association for Information Systems, Vol. 7, No. 6, pp. 351-414, 2004.
33. C. Vroom, and R. von Solms, "Towards information security behavioral compliance", Computer & Security, Vol. 23, No. 3, pp. 191-198, 2004.
34. J. vom Brocke, A. Simons, B. Niehaves, K. Riemer, R. Plattfaut, A. Cleven, "Reconstructing the Giant: On the Importance of Rigour in Documenting the Literature Search Process", Proceedings of the European Conference on Information Systems (ECIS), 2009.
35. K.A. Walstrom, B.V. Hardgrave, "Forums for Information Systems Scholars: III", Infromation & Management, Vol.39, pp. 117-124, 2001.
36. T.L. Webb, P Sheeran, "Does Changing Behavioral Intentions Engender Behavior Change? A Meta-Analysis of the Experimental Evidence", Psychological Bulletin, Vol. 132, No. 2, pp. 249-268, 2006.
37. J. Webster, R.T. Watson, "Analyzing the Past to Prepare for the Future: Writing a Literature Review", MIS Quarterly, Vol. 26, pp. xiii-xxiii, 2002.
38. L. Willcocks, E.A. Whitley, C. Avgerou, "The Ranking of Top IS Journals: A Perspective from the London School of Economics", European Journal of Information Systems (EJIS), Vol. 17, pp. 163-168, 2008.
39. M. Workman, W.H. Bommer, D. Straub, "Security lapses and the omission of information security measures: A threat control model and empirical test", Computers in Human Behavior, Vol. 24, pp. 2799-2816, 2008.
40. B.R. Worthen, W.R. Borg, K.R. White, Measurement and evaluation in the school, Longman Group United Kingdom, 1993.