International Journal of Man-Machine Studies
Issues and opinion on structural equation modeling
MIS Quarterly
Inside risks: risks of insiders
Communications of the ACM
Five dimensions of information security awareness
ACM SIGCAS Computers and Society
Extending the technology acceptance model: the influence of perceived user resources
ACM SIGMIS Database - Special issue on adoption, diffusion, and infusion of IT
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
International Journal of Human-Computer Studies - Special issue on HCI and MIS
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition
A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
An integrative model of computer abuse based on social control and general deterrence theories
Information and Management
Information Security Risk Analysis
Information Security Risk Analysis
A Theoretical Integration of User Satisfaction and Technology Acceptance
Information Systems Research
An analysis of the traditional IS security approaches: implications for research and practice
European Journal of Information Systems
Understanding the perpetration of employee computer crime in the organisational context
Information and Organization
Employees' Behavior towards IS Security Policy Compliance
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
International Journal of Electronic Commerce
Communications of the ACM - The psychology of security: why do good users make bad decisions?
Information Systems Research
Choice and Chance: A Conceptual Model of Paths to Information Security Compromise
Information Systems Research
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
The effects of multilevel sanctions on information security violations: A mediating model
Information and Management
Privacy management in dynamic groups: understanding information privacy in medical practices
Proceedings of the 2013 conference on Computer supported cooperative work
IS Security Policy Violations: A Rational Choice Perspective
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
A qualitative analysis of effects of security risks on architecture of an information system
ACM SIGSOFT Software Engineering Notes
Fuzzy Assessment of Health Information System Users' Security Awareness
Journal of Medical Systems
Modeling the Impact of Biometric Security on Millennials' Protection Motivation
Journal of Organizational and End User Computing
Hi-index | 0.00 |
Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the information security rules and regulations of the organization are the key to strengthening information security, understanding compliance behavior is crucial for organizations that want to leverage their human capital. This research identifies the antecedents of employee compliance with the information security policy (ISP) of an organization. Specifically, we investigate the rationality-based factors that drive an employee to comply with requirements of the ISP with regard to protecting the organization's information and technology resources. Drawing on the theory of planned behavior, we posit that, along with normative belief and self-efficacy, an employee's attitude toward compliance determines intention to comply with the ISP. As a key contribution, we posit that an employee's attitude is influenced by benefit of compliance, cost of compliance, and cost of noncompliance, which are beliefs about the overall assessment of consequences of compliance or noncompliance. We then postulate that these beliefs are shaped by the employee's outcome beliefs concerning the events that follow compliance or noncompliance: benefit of compliance is shaped by intrinsic benefit, safety of resources, and rewards, while cost of compliance is shaped by work impediment; and cost of noncompliance is shaped by intrinsic cost, vulnerability of resources, and sanctions. We also investigate the impact of information security awareness (ISA) on outcome beliefs and an employee's attitude toward compliance with the ISP. Our results show that an employee's intention to comply with the ISP is significantly influenced by attitude, normative beliefs, and self-efficacy to comply. Outcome beliefs significantly affect beliefs about overall assessment of consequences, and they, in turn, significantly affect an employee's attitude. Furthermore, ISA positively affects both attitude and outcome beliefs. As the importance of employees' following their organizations' information security rules and regulations increases, our study sheds light on the role of ISA and compliance-related beliefs in an organization's efforts to encourage compliance.