Security-related behavior of PC users in organizations
Information and Management
Issues and opinion on structural equation modeling
MIS Quarterly
Influence of experience on personal computer utilization: testing a conceptual model
Journal of Management Information Systems
Evaluating information assurance strategies
Decision Support Systems
Managing user relationships in hierarchies for information system security
Decision Support Systems
Access control and audit model for the multidimensional modeling of data warehouses
Decision Support Systems
Employees' Behavior towards IS Security Policy Compliance
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Software Piracy in the Workplace: A Model and Empirical Test
Journal of Management Information Systems
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Toward user patterns for online security: Observation time and online user identification
Decision Support Systems
Understanding compliance with internet use policy from the perspective of rational choice theory
Decision Support Systems
ACM Transactions on Management Information Systems (TMIS)
An investigation of email processing from a risky decision making perspective
Decision Support Systems
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
International Journal of Information Management: The Journal for Information Professionals
The effects of multilevel sanctions on information security violations: A mediating model
Information and Management
Proceedings of the 2012 workshop on New security paradigms
The effects of sanctions and stigmas on cyberloafing
Computers in Human Behavior
IS Security Policy Violations: A Rational Choice Perspective
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Hi-index | 0.00 |
Secure management of information systems is crucially important in information intensive organizations. Although most organizations have long been using security technologies, it is well known that technology tools alone are not sufficient. Thus, the area of end-user security behaviors in organizations has gained an increased attention. In information security observing end-user security behaviors is challenging. Moreover, recent studies have shown that the end users have divergent security views. The inability to monitor employee IT security behaviors and divergent views regarding security policies, in our view, provide a setting where the principal agent paradigm applies. In this paper, we develop and test a theoretical model of the incentive effects of penalties, pressures and perceived effectiveness of employee actions that enhances our understanding of employee compliance to information security policies. Based on 312 employee responses from 77 organizations, we empirically validate and test the model. Our findings suggest that security behaviors can be influenced by both intrinsic and extrinsic motivators. Pressures exerted by subjective norms and peer behaviors influence employee information security behaviors. Intrinsic motivation of employee perceived effectiveness of their actions was also found to play an important role in security policy compliance intentions. In analyzing the penalties, certainty of detection was found to be significant while surprisingly, severity of punishment was found to have a negative effect on security behavior intentions. We discuss the implications of our findings for theory and practice.