Computers in Human Behavior
Understanding compliance with internet use policy from the perspective of rational choice theory
Decision Support Systems
Metrics for characterizing the form of security policies
The Journal of Strategic Information Systems
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
Information and Management
A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers
Decision Support Systems
Modifying smartphone user locking behavior
Proceedings of the Ninth Symposium on Usable Privacy and Security
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Fuzzy Assessment of Health Information System Users' Security Awareness
Journal of Medical Systems
Hi-index | 0.00 |
The literature agrees that the major threat to IS security is constituted by careless employees who do not comply with organizations' IS security policies and procedures. To address this concern , different approaches for ensuring employees' IS security policy compliance have been proposed. Prior research on IS security compliance has criticized these extant IS security awareness approaches as lacking theoretically and empirically grounded principles to ensure that employees comply with IS security policies. To fill this gap, this study proposes a theoretical model that contains the factors that explain employees' IS security policy compliance. Data (N=245) from a Finnish company provides empirical support for the model. The results suggest tha t information quality has a significant effect on actual IS security policy compliance. Employees' attitude, normative beliefs and habits have significant effect on intention to comply with IS security policy. Threat appraisa l a nd facilitating conditions have significant impact on attitude towards complying, while coping appraisal does not have a significant effect on employees' attitude towards complying. Sanctions have insignificant effect on intention to comply with IS security policy a nd rewards do not have a significant effect on actual compliance with IS security policy.