Understanding compliance with bring your own device policies utilizing protection motivation theory: Bridging the intention-behavior gap

Journal of Information Systems

Volumn 28, Issue 1, 2014, Pages 209-226

  Crossler, Robert E ^a   Long, James H ^b   Loraas, Tina M ^b   Trinkle, Brad S ^a  

^a MISSISSIPPI STATE UNIVERSITY   (United States)

^b AUBURN UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84903215189     PISSN: 08887985     EISSN: 15587959     Source Type: Journal    
DOI: 10.2308/isys-50704     Document Type: Article

References (45)

1. American Institute of Certified Public Accountants (AICPA). 1992. AICPA Code of Professional Conduct. Section ET 301.01. New York, NY: AICPA.
2. Anderson, C. L., and R. Agarwal. 2010. Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly 34 (3): 613-643.
3. Ashton, R. H., and S. S. Kramer. 1980. Students as surrogates in behavioral accounting research: Some evidence. Journal of Accounting Research 18 (1): 1-15.
4. Bagozzi, R. P. 2007. The legacy of the technology acceptance model and a proposal for a paradigm shift. Journal of the Association for Information Systems 8 (4): 244-254.
5. Boomer, J. 2012. Are you ready for BYOD? In CPA Practice Advisor 34. Available at: http://www. cpapracticeadvisor.com/article/10707592/are-you-ready-for-byod
6. Brandon, D., J. H. Long, T. M. Loraas, J. M. Mueller-Phillips, and B. Vansant. 2014. Online instrument delivery and participant recruitment services: Emerging opportunities for behavioral accounting research. Behavioral Research in Accounting (forthcoming).
7. Bryant, S., U. Murthy, and P. Wheeler. 2009. The effects of cognitive style and feedback type on performance in an internal control task. Behavioral Research in Accounting 21 (1): 37-58.
8. Bulgurcu, B., H. Cavusoglu, and I. Benbasat. 2010. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly 34 (3): 523-548.
9. Chaudhry, P. 2012. Tech strategy-Needed: A corporate mobile device policy. Financial Executive-Magazine of Financial Executive Institute 28 (5): 69.
10. Chin, W. W. 1998. The partial least squares approach to structural equation modeling. In Modern Methods for Business Research, edited by Marcoulides, G. A., 295-336. Hillsdale, NJ: Lawrence Erlbaum Associates.
11. Chin, W. W. 2001. PLS-Graph User's Guide. Version 3.0. Available at: http://carma.wayne.edu/documents/ oct1405/plsgraph3.0manual.hubona.pdf
12. Chin, W. W. 2006. PLS Graph Version 3.00, Build 1017. Houston, TX: University of Houston.
13. Churchill, G. A. 1979. A paradigm for developing better measures of marketing constructs. Journal of Marketing Research 16 (1): 64-73.
14. Crossler, R. E. 2010. Protection motivation theory: Understanding determinants to backing up personal data. Paper read at 43rd Hawaii International Conference on System Sciences (HICSS) (January 5-8). Available at: http://www.computer.org/csdl/proceedings/hicss/2010/3869/00/07-03-04-abs.html
15. Crossler, R. E., A. C. Johnston, P. B. Lowry, Q. Hu, M. Warkentin, and R. Baskerville. 2013. Future directions for behavioral information security research. Computers and Security 32 (1): 90-101.
16. Debreceny, R. S. 2011. Betwixt and between? Bringing information systems and accounting systems research together. Journal of Information Systems 25 (2): 1-9.
17. Drew, J. 2012. Managing cybersecurity risks. Journal of Accountancy (August): 44-48.
18. Efron, B., and R. Tibshirani. 1998. An Introduction to the Bootstrap. Boca Raton, FL: Chapman and Hall/ CRC Press LLC.
19. Elliot, W. B., F. D. Hodge, J. J. Kennedy, and M. Pronk. 2007. Are M.B.A. students a good proxy for nonprofessional investors? The Accounting Review 82 (1): 139-168.
20. Ernst & Young. 2012. Global Information Security Survey 2012. Available at: http://www.ey.com/ Publication/vwLUAssets/Fighting_to_close_the_gap:_2012_Global_Information_Security_Survey/ $FILE/2012_Global_Information_Security_Survey___Fighting_to_close_the_gap.pdf
21. Eschelbeck, G., and D. Schwartzbert. 2012. BYOD Risks and Rewards. SOPHOS. Available at: http://www. Sophos.Com/En-Us/Security-News-Trends/Security-Trends/Byod-Risks-Rewards.Aspx
22. Floyd, D. L., S. Prentice-Dunn, and R. W. Rogers. 2000. A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology 30 (2): 407-429.
23. Fortinet. 2012. Fortinet® Global Survey Reveals 'First Generation' BYOD Workers Pose Serious Security Challenges to Corporate IT Systems. Available at: http://www.Fortinet.Com/Press_Releases/120619. html
24. GFI. 2013. It's Time Businesses Wake Up to Mobile Security Reality. Available at: http://www. Threattracksecurity.Com/Documents/Business-Antivirus-White-Paper-Mobile-Security-Reality.pdf
25. Herath, T., and H. Rao. 2009. Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems 18 (2): 106-125.
26. Ifinedo, P. 2012. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers and Security 31 (1): 83-95.
27. Information Systems Audit and Control Association (ISACA). 2012. 2012 IT Risk/Reward Barometer: U.S. Consumer Edition. Available at: http://www.Isaca.Org/Sitecollectiondocuments/2012-Risk-Reward-Barometer-US-Consumer.pdf
28. Johnston, A. C., and M. Warkentin. 2010. Fear appeals and information security behaviors: An empirical study. MIS Quarterly 34 (3): 548-566.
29. Lee, Y., and K. R. Larsen. 2009. Threat or coping appraisal: Determinants of SMB executives' decision to adopt anti-malware software. European Journal of Information Systems 18 (2): 177-187.
30. Lee, Y. 2011. Understanding anti-plagiarism software adoption: An extended protection motivation theory perspective. Decision Support Systems 50 (2): 361-369.
31. Liang, H., and Y. Xue. 2009. Avoidance of information technology threats: A theoretical perspective. MIS Quarterly 33 (1): 71-90.
32. Liang, H., and Y. Xue. 2010. Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems 11 (7): 394-413.
33. Libby, R., R. Bloomfield, and M. W. Nelson. 2002. Experimental research in financial accounting. Accounting, Organizations and Society 27 (8): 775-810.
34. Milne, S., P. Sheeran, and S. Orbell. 2000. Prediction and intervention in health-related behavior: A metaanalytic review of protection motivation theory. Journal of Applied Social Psychology 30: 106-143.
35. Molok, A., N. Nuha, S. Chang, and A. Ahmad. 2013. Disclosure of organizational information on social media: Perspectives from security managers. Paper read at Pacific Asia Conference on Information Systems (PACIS). Available at: http://aisel.aisnet.org/pacis2013/108/
36. Neuwirth, K., S. Dunwoody, and R. J. Griffin. 2000. Protection motivation and risk communication. Risk Analysis 20 (5): 721-734.
37. Podsakoff, P. M., S. B. MacKenzie, J. Y. Lee, and N. P. Podsakoff. 2003. Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology 88 (5): 879-903.
38. Prosch, M. 2008. Protecting personal information using generally accepted privacy principles (GAPP) and continuous control monitoring to enhance corporate governance. International Journal of Disclosure and Governance 5 (2): 153-166.
39. Purvis, S. E. C. 1989. The effect of audit documentation format on data collection. Accounting, Organizations and Society 14 (5/6): 551-563.
40. Ringle, C. M., S. Wende, and A. Will. 2005. SmartPLS (2.0 Beta). Available at: http://smartpls.software. informer.com/2.0/
41. Rogers, R. W. 1975. A protection motivation theory of fear appeals and attitude change. Journal of Psychology: Interdisciplinary and Applied 91 (1): 93-114.
42. Semer, L. 2013. Auditing the BYOD program. Internal Auditor (February): 23-27.
43. Sullivan, D. 2012. How to Plan for BYOD Security: Maas360. Available at: http://searchconsumerization. techtarget.com/tip/How-to-plan-for-BYOD-security
44. Woon, I. M. Y., G. W. Tan, and R. T. Low. 2005. A protection motivation theory approach to home wireless security. Paper read at Twenty-Sixth International Conference on Information Systems (ICIS). Available at: http://aisel.aisnet.org/icis2005/31/
45. Workman, M., W. H. Bommer, and D. W. Straub. 2008. Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior 24 (6): 2799-2816.