A Composite Framework for Behavioral Compliance with Information Security Policies

Authors:
Salvatore Aurigemma
Affiliations:
Communication and Information Sciences CIS PhD Program, University of Hawaii at Manoa, Honolulu, HI, USA
Venue:
Journal of Organizational and End User Computing
Year:
2013

Citing 24
Cited 0

User acceptance of computer technology: a comparison of two theoretical models

Management Science
Discovering and disciplining computer abuse in organizations: a field study

MIS Quarterly
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Creation of favorable user perceptions: exploring the role of intrinsic motivation

MIS Quarterly
Determinants of Perceived Ease of Use: Integrating Control, Intrinsic Motivation, and Emotion into the Technology Acceptance Model

Information Systems Research
Enemy at the gate: threats to information security

Communications of the ACM - Program compaction
Predicting the use of web-based information systems: self-efficacy, enjoyment, learning goal orientation, and the technology acceptance model

International Journal of Human-Computer Studies - Special issue on HCI and MIS
A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies

Management Science
Network Security First-Step

Network Security First-Step
Employees' Behavior towards IS Security Policy Compliance

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Security lapses and the omission of information security measures: A threat control model and empirical test

Computers in Human Behavior
Gaining Access with Social Engineering: An Empirical Study of the Threat

Information Systems Security
Studying users' computer security behavior: A health belief perspective

Decision Support Systems
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness

Decision Support Systems
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Information Systems Research
Corporate Computer and Network Security

Corporate Computer and Network Security
Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods

Information and Organization
Perceived usefulness, perceived ease of use, and user acceptance of information technology

MIS Quarterly
User acceptance of information technology: toward a unified view

MIS Quarterly
Neutralization: new insights into the problem of employee systems security policy violations

MIS Quarterly
Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness

MIS Quarterly
Fear appeals and information security behaviors: an empirical study

MIS Quarterly
Security Policy Compliance: User Acceptance Perspective

HICSS '12 Proceedings of the 2012 45th Hawaii International Conference on System Sciences
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model

Journal of Management Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.