Access the full text.
Sign up today, get DeepDyve free for 14 days.
I. Ajzen (1991)
The theory of planned behaviorOrganizational Behavior and Human Decision Processes, 50
C.L. Anderson, R. Agarwal
Practicing safe computing: a multi‐method empirical examination of home computer user security intentions
J. Stanton, K. Stam, Paul Mastrangelo, Jeffrey Jolton (2005)
Analysis of end user security behaviorsComput. Secur., 24
J. Maddux, R. Rogers (1983)
Protection motivation and self-efficacy: A revised theory of fear appeals and attitude changeJournal of Experimental Social Psychology, 19
R. Rogers (1975)
A Protection Motivation Theory of Fear Appeals and Attitude Change1.The Journal of psychology, 91 1
M. Fishbein, I. Ajzen (1977)
Belief, Attitude, Intention, and Behavior: An Introduction to Theory and ResearchContemporary Sociology, 6
J. Leach (2003)
Improving user security behaviourComput. Secur., 22
Debasish Banerjee, T. Cronan, Thomas Jones (1998)
Modeling IT Ethics: A Study in Situational EthicsMIS Q., 22
Wynne Chin (1998)
Issues and Opinion on Structural Equation ModelingMIS Q., 22
Han Li, Jie Zhang, R. Sarathy (2010)
Understanding compliance with internet use policy from the perspective of rational choice theoryDecis. Support Syst., 48
A. Bandura (1977)
Self-efficacy: toward a unifying theory of behavioral change.Psychological review, 84 2
T. Goles, Bandula Jayatilaka, Beena George, Linda Parsons, Valrie Chambers, David Taylor, Rebecca Brune (2008)
Softlifting: Exploring Determinants of AttitudeJournal of Business Ethics, 77
Mikko Siponen, Seppo Pahnila, Adam Mahmood (2005)
A Protection Motivation Theory Approach to Home Wireless Security
M. Workman, W. Bommer, D. Straub (2008)
Security lapses and the omission of information security measures: A threat control model and empirical testComput. Hum. Behav., 24
Tamara Dinev, Qing Hu (2007)
The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information TechnologiesJ. Assoc. Inf. Syst., 8
Seppo Pahnila, M. Siponen, M. Mahmood (2007)
Employees' Behavior towards IS Security Policy Compliance2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07)
J. Maddux, M. Stanley (1986)
Self-Efficacy Theory in Contemporary Psychology: An OverviewJournal of Social and Clinical Psychology, 4
M. Siponen, M.A. Mahmood, S. Pahnila
Are your employees putting your company at risk by not following information security policies?
Huigang Liang, Yajiong Xue (2010)
Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance PerspectiveJ. Assoc. Inf. Syst., 11
R. Rogers (1983)
Cognitive and physiological processes in fear appeals and attitude change: a revised theory of prote
Tejaswini Herath, H. Rao (2009)
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectivenessDecis. Support Syst., 47
M.E. Sobel
Asymptotic intervals for indirect effects in structural equation models
Younghwa Lee, K. Kozar (2008)
An empirical investigation of anti-spyware software adoption: A multitheoretical perspectiveInf. Manag., 45
Tejaswini Herath, H. Rao (2009)
Protection motivation and deterrence: a framework for security policy compliance in organisationsEuropean Journal of Information Systems, 18
A. Bandura, N. Adams, Arthur Hardy, G. Howells (1980)
Tests of the generality of self-efficacy theoryCognitive Therapy and Research, 4
M. Siponen (2000)
A conceptual foundation for organizational information security awarenessInf. Manag. Comput. Secur., 8
D. Gefen, D. Straub (2005)
A Practical Guide To Factorial Validity Using PLS-Graph: Tutorial And Annotated ExampleCommun. Assoc. Inf. Syst., 16
P. Podsakoff, Scott MacKenzie, Jeong-Yeon Lee, Nathan Podsakoff (2003)
Common method biases in behavioral research: a critical review of the literature and recommended remedies.The Journal of applied psychology, 88 5
T. Dinev, Q. Hu
The centrality of awareness in the formation of user behavioral intentions towards preventive technologies in the context of voluntary use
Lori Leonard, T. Cronan (2001)
Illegal, Inappropriate, And Unethical Behavior In An Information Technology Context: A Study To Explain InfluencesJ. Assoc. Inf. Syst., 1
Cheolho Yoon (2011)
Theory of Planned Behavior and Ethics Theory in Digital Piracy: An Integrated ModelJournal of Business Ethics, 100
C. Fornell, D. Larcker (1981)
Evaluating structural equation models with unobservable variables and measurement error.Journal of Marketing Research, 18
M. Siponen, M. Mahmood, Seppo Pahnila (2009)
Technical opinionAre employees putting your company at risk by not following information security policies?Communications of the ACM, 52
L. Beck, I. Ajzen (1991)
Predicting dishonest actions using the theory of planned behaviorJournal of Research in Personality, 25
H. Perkins, A. Berkowitz (1986)
Perceiving the community norms of alcohol use among students: some research implications for campus alcohol education programming.The International journal of the addictions, 21 9-10
T. Cronan, Sulaiman Al-Rafee (2008)
Factors that Influence the Intention to Pirate Software and MediaJournal of Business Ethics, 78
R.W. Rogers
Cognitive and physiological processes in fear appeals and attitude change: a revised theory of protection motivation
Catherine Anderson, Ritu Agarwal (2010)
Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral IntentionsMIS Q., 34
Jonathan Frank, B. Shamir, W. Briggs (1991)
Security-related behavior of PC users in organizationsInf. Manag., 21
P. Pavlou, D. Gefen (2005)
Psychological Contract Violation in Online Marketplaces: Antecedents, Consequences, and Moderating RoleFox: Management Information Systems (Topic)
S. Ransbotham, Sabyasachi Mitra (2009)
Choice and Chance: A Conceptual Model of Paths to Information Security CompromiseInf. Syst. Res., 20
Shirley Taylor, P. Todd (1995)
Understanding Information Technology Usage: A Test of Competing ModelsInf. Syst. Res., 6
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
J. Tunner, Ellen Day, M. Crask (1989)
Protection motivation theory : An extension of fear appeals theory in communicationJournal of Business Research, 19
R. Bagozzi, Youjae Yi (1988)
On the evaluation of structural equation modelsJournal of the Academy of Marketing Science, 16
Allen Johnston, Merrill Warkentin (2010)
Fear Appeals and Information Security Behaviors: An Empirical StudyMIS Q., 34
Boon-Yuen Ng, A. Kankanhalli, Y. Xu (2009)
Studying users' computer security behavior: A health belief perspectiveDecis. Support Syst., 46
Younghwa Lee, Kai Larsen (2009)
Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware softwareEuropean Journal of Information Systems, 18
Sang Lee, Sang-Gun Lee, Sangjin Yoo (2004)
An integrative model of computer abuse based on social control and general deterrence theoriesInf. Manag., 41
Purpose – In organizations today, protecting information and computer assets from attacks or disaster has become one of the top managerial issues. The purpose of this paper is to propose and empirically test a comprehensive model of computer security behaviors of individuals in the workplace. Design/methodology/approach – The model was developed based on the reference disciplines of the theory of reasoned action, moral obligation, protection motivation theory (PMT), and organizational context factors. The measurements for the variables in the model, including computer security behavioral intention were adapted from prior studies, and their reliability and validity were verified by a confirmatory factor analysis. The model was empirically analyzed by structural equation modeling with respect to data from 162 employees in a number of organizations in Korea. Findings – The results indicate that moral obligation and organizational norms along with attitude toward computer security behavior have significant impacts on employees’ behavioral intentions of computer security. In addition, perceived threat severity, response efficacy, and self‐efficacy, which are drawn from the PMT, have significant impacts on employee attitude, whereas security policy has significant impacts on the organizational norms. Originality/value – The paper provides a useful model for analyzing employees’ computer security behaviors in the workplace. Also, the paper reveals that moral obligation as well as attitude toward computer security behavior was a significant predictor of an individual employee's intention to practice computer security behavior.
Information Technology and People – Emerald Publishing
Published: Nov 8, 2013
Keywords: Security; Empirical study; Behavioural theories; IT policy
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.