Issues and opinion on structural equation modeling
MIS Quarterly
Modeling IT ethics: a study in situational ethics
MIS Quarterly
Extending the technology acceptance model: the influence of perceived user resources
ACM SIGMIS Database - Special issue on adoption, diffusion, and infusion of IT
A Practical Approach to Information Security Awareness in the Organization
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
Why there aren't more information security research studies
Information and Management
An integrative model of computer abuse based on social control and general deterrence theories
Information and Management
Studying users' computer security behavior: A health belief perspective
Decision Support Systems
Information Systems Research
Human Relationships: A Never-Ending Security Education Challenge?
IEEE Security and Privacy
Policies and procedures to manage employee Internet abuse
Computers in Human Behavior
Information and Management
End User Security Training for Identification and Access Management
Journal of Organizational and End User Computing
Hi-index | 0.00 |
Employee violations of IS security policies are reported as a key concern for organizations. Although behavioral research on IS security has received increasing attention from IS scholars, little empirical research has examined this problem. To address this research gap, the authors test a model based on Rational Choice Theory RCT-a prominent criminological theory not yet applied in IS-which explains, in terms of a utilitarian calculation, an individual's decision to commit a violation. Empirical results show that the effects of informal sanctions, moral beliefs, and perceived benefits convincingly explain employee IS security policy violations, while the effect of formal sanctions is insignificant. Based on these findings, the authors discuss several implications for research and practice.