Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/information-security-awareness-and-behavior-a-theory-based-literature-EGYRpzdfPt
References (123)
-
E. Albrechtsen, J. Hovden (2010)
Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention studyComput. Secur., 29
-
10.1109/ICSMC.2003.1244259
-
Mari Karjalainen, M. Siponen (2011)
Toward a New Meta-Theory for Designing Information Systems (IS) Security Training ApproachesJ. Assoc. Inf. Syst., 12
-
A. Adam (2004)
Information Systems Research, 143
-
M. Fishbein, I. Ajzen (1977)
Belief, Attitude, Intention, and Behavior: An Introduction to Theory and ResearchContemporary Sociology, 6
-
Seppo Pahnila, M. Siponen, M. Mahmood (2007)
Which Factors Explain Employees' Adherence to Information Security Policies? An Empirical Study -
M. Limayem, S. Hirt (2003)
Force of Habit and Information Systems Usage: Theory and Initial ValidationJ. Assoc. Inf. Syst., 4
-
R. Brody, William Brizzee, Lewis Cano (2012)
Flying under the radar: social engineeringInternational Journal of Accounting and Information Management, 20
-
P. Podsakoff, D. Organ (1986)
Self-Reports in Organizational Research: Problems and ProspectsJournal of Management, 12
-
M. Siponen, Anthony Vance (2010)
Neutralization: New Insights into the Problem of Employee Systems Security Policy ViolationsMIS Q., 34
-
M. Workman, W. Bommer, D. Straub (2008)
Security lapses and the omission of information security measures: A threat control model and empirical testComput. Hum. Behav., 24
-
M. Rosemann, I. Vessey (2008)
Toward Improving the Relevance of Information Systems Research to Practice: The Role of Applicability ChecksMIS Q., 32
-
Tejaswini Herath, H. Rao (2009)
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectivenessDecis. Support Syst., 47
-
Dan Harnesk, J. Lindström (2011)
Shaping security behaviour through discipline and agilityInformation Management & Computer Security, 19
-
Hyeun-Suk Rhee, Cheongtag Kim, Young Ryu (2009)
Self-efficacy in information security: Its influence on end users' information security practice behaviorComput. Secur., 28
-
D. Straub (1990)
Effective IS Security: An Empirical StudyInf. Syst. Res., 1
-
Merrill Warkentin, Allen Johnston, Jordan Shropshire (2011)
The influence of the informal social learning environment on information privacy policy compliance efficacy and intentionEuropean Journal of Information Systems, 20
-
Tamara Dinev, Jahyun Goo, Qing Hu, K. Nam (2009)
User behaviour towards protective information technologies: the role of national cultural differencesInformation Systems Journal, 19
-
Lori Leonard, T. Cronan (2001)
Illegal, Inappropriate, And Unethical Behavior In An Information Technology Context: A Study To Explain InfluencesJ. Assoc. Inf. Syst., 1
-
J. D'Arcy, A. Hovav, D. Galletta (2009)
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence ApproachInf. Syst. Res., 20
-
J. Brocke, C. Buddendick (2005)
Security Awareness Management - Konzeption, Methoden und Anwendung -
R. Dodge, C. Carver, A. Ferguson (2007)
Phishing for user security awarenessComput. Secur., 26
-
Fred Davis, R. Bagozzi, P. Warshaw (1989)
User Acceptance of Computer Technology: A Comparison of Two Theoretical ModelsManagement Science, 35
-
Sherly Abraham (2011)
Information Security Behavior: Factors and Research Directions -
Allen Johnston, Barbara Wech, E. Jack, M. Beavers (2010)
Reigning in the Remote Employee: Applying Social Learning Theory to Explain Information Security Policy Compliance Attitudes -
10.1002/asi.20474
-
Rayne Reid, J. Niekerk, R. Solms (2011)
Guidelines for the creation of brain-compatible cyber security educational material in Moodle 2.02011 Information Security for South Africa
-
Janine Spears, H. Barki (2010)
User Participation in Information Systems Security Risk ManagementMIS Q., 34
-
Mark Chan, Irene Woon, A. Kankanhalli (2005)
Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant BehaviorJournal of Information Privacy and Security, 1
-
C. Vroom, R. Solms (2004)
Towards information security behavioural complianceComput. Secur., 23
-
Jie Zhang, Brian Reithel, Han Li (2009)
Impact of perceived technical protection on security behaviorsInf. Manag. Comput. Secur., 17
-
10.1109/ICMSS.2009.5302667
-
Ayako Komatsu, D. Takagi, T. Takemura (2013)
Human aspects of information security: An empirical study of intentional versus actual behaviorInf. Manag. Comput. Secur., 21
-
B. Venard (2009)
Organizational Isomorphism and Corruption: An Empirical Research in RussiaJournal of Business Ethics, 89
-
10.2307/25750690
-
10.1109/ISSA.2011.6027505
-
Sriraman Ramachandran, Srinivasan Rao (2006)
Security Cultures in Organizations: A Theoretical Model -
H. Kruger, L. Drevin, T. Steyn (2010)
A Vocabulary Test to Assess Information Security AwarenessInf. Manag. Comput. Secur., 18
-
10.1109/HICSS.2012.104
-
Keshnee Padayachee (2012)
Taxonomy of compliant information security behaviorComput. Secur., 31
-
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
-
J. Brocke, Alexander Simons, Björn Niehaves, K. Riemer, Ralf Plattfaut, A. Cleven (2009)
Reconstructing the giant: On the importance of rigour in documenting the literature search process -
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2009)
Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance -
10.1109/CIT.2007.186
-
Danuvasin Charoen, Murali Raman, L. Olfman (2008)
Improving End User Behaviour in Password Utilization: An Action Research InitiativeSystemic Practice and Action Research, 21
-
Thomas Webb, P. Sheeran (2006)
Does changing behavioral intentions engender behavior change? A meta-analysis of the experimental evidence.Psychological bulletin, 132 2
-
10.1109/HICSS.2007.206
-
Qing Hu, Tamara Dinev, Paul Hart, Donna Cooke (2012)
Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational CultureDecis. Sci., 43
-
K. Thomson, J. Niekerk (2012)
Combating Information Security Apathy By Encouraging Prosocial Organisational Behaviour -
Ahmad Al-Omari, O. El-Gayar, A. Deokar (2012)
Security Policy Compliance: User Acceptance Perspective2012 45th Hawaii International Conference on System Sciences
-
J. D'Arcy, Tejaswini Herath (2011)
A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findingsEuropean Journal of Information Systems, 20
-
Ken Guo, Yufei Yuan, N. Archer, C. Connelly (2011)
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior ModelJournal of Management Information Systems, 28
-
10.1109/IC4E.2010.63
-
Allen Johnston, Merrill Warkentin (2010)
Fear Appeals and Information Security Behaviors: An Empirical StudyMIS Q., 34
-
Charlie Chen, B. Medlin, R. Shaw (2008)
A cross-cultural investigation of situational information security awareness programsInf. Manag. Comput. Secur., 16
-
R. Willison (2006)
Understanding the perpetration of employee computer crime in the organisational contextInf. Organ., 16
-
10.1109/HICSS.2012.265
-
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2009)
Effects of Individual and Organization Based Beliefs and the Moderating Role of Work Experience on Insiders' Good Security Behaviors2009 International Conference on Computational Science and Engineering, 3
-
J. Webster, R. Watson (2002)
Analyzing the Past to Prepare for the Future: Writing a Literature ReviewMIS Q., 26
-
Ahmad Al-Omari, O. El-Gayar, A. Deokar (2012)
Information Security Policy Compliance: The Role of Information Security Awareness -
P. Ifinedo (2008)
IT Security and Privacy Issues in Global Financial Services Institutions: Do Socio-Economic and Cultural Factors Matter?2008 Sixth Annual Conference on Privacy, Security and Trust
-
I. Ajzen (1991)
The theory of planned behaviorOrganizational Behavior and Human Decision Processes, 50
-
J. Stanton, K. Stam, Paul Mastrangelo, Jeffrey Jolton (2005)
Analysis of end user security behaviorsComput. Secur., 24
-
S. Sivo, C. Saunders, Qing Chang, James Jiang (2006)
How Low Should You Go? Low Response Rates and the Validity of Inference in IS Questionnaire ResearchJ. Assoc. Inf. Syst., 7
-
M. Siponen (2000)
Critical analysis of different approaches to minimizing user-related faults in information systems security: implications for research and practiceInf. Manag. Comput. Secur., 8
-
Salvatore Aurigemma (2012)
A Composite Framework for Behavioral Compliance with Information Security Policies2012 45th Hawaii International Conference on System Sciences
-
10.1109/HPCC.2012.187
-
Anthony Vance, M. Siponen, Seppo Pahnila (2012)
Motivating IS security compliance: Insights from Habit and Protection Motivation TheoryInf. Manag., 49
-
10.1109/BWCCA.2010.70
-
Jintae Lee, Younghwa Lee (2002)
A holistic model of computer abuse within organizationsInf. Manag. Comput. Secur., 10
-
R. Shaw, Charlie Chen, Albert Harris, Hui-Jou Huang (2009)
The impact of information richness on information security awareness training effectivenessComput. Educ., 52
-
Jai-Yeol Son (2011)
Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policiesInf. Manag., 48
-
Yajiong Xue, Huigang Liang, Liansheng Wu (2011)
Punishment, Justice, and Compliance in Mandatory IT SettingsInf. Syst. Res., 22
-
10.1109/HICSS.2013.606
-
H. Kruger, Wayne Kearney (2008)
Consensus ranking - An ICT security awareness case studyComput. Secur., 27
-
Benjamin Cone, C. Irvine, M. Thompson, Thuy Nguyen (2007)
A video game for cyber security training and awarenessComput. Secur., 26
-
M. Siponen, Seppo Pahnila, M. Mahmood (2010)
Compliance with Information Security Policies: An Empirical InvestigationComputer, 43
-
Scott Boss, L. Kirsch, I. Angermeier, Ray Shingler, Wayne Boss (2009)
If someone is watching, I'll do what I'm asked: mandatoriness, control, and information securityEuropean Journal of Information Systems, 18
-
Gen-Yih Liao, Chia-Min Wang (2011)
Exploring the Influences of Implementation Intention on Information Security Behaviors -
Tamara Dinev, Qing Hu (2007)
The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information TechnologiesJ. Assoc. Inf. Syst., 8
-
10.1109/ICCITechnol.2012.6285845
-
Huigang Liang, Yajiong Xue (2010)
Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance PerspectiveJ. Assoc. Inf. Syst., 11
-
Dong Hu, Yu Wang (2008)
Teaching Computer Security using Xen in a Virtual Environment2008 International Conference on Information Security and Assurance (isa 2008)
-
Tejaswini Herath, H. Rao (2009)
Protection motivation and deterrence: a framework for security policy compliance in organisationsEuropean Journal of Information Systems, 18
-
Ritu Agarwal, J. Prasad (1998)
A Conceptual and Operational Definition of Personal Innovativeness in the Domain of Information TechnologyInf. Syst. Res., 9
-
10.1145/503345.503348
-
10.28945/2980
-
10.1109/ISA.2008.25
-
Liisa Myyry, M. Siponen, Seppo Pahnila, Tero Vartiainen, Anthony Vance (2009)
What levels of moral reasoning and values explain adherence to information security rules? An empirical studyEuropean Journal of Information Systems, 18
-
V. Venkatesh, Michael Morris, G. Davis, Fred Davis (2003)
User Acceptance of Information Technology: Toward a Unified ViewInstitutions & Transition Economics: Microeconomic Issues eJournal
-
M. Siponen (2000)
A conceptual foundation for organizational information security awarenessInf. Manag. Comput. Secur., 8
-
M. Pattinson, Grant Anderson (2007)
How well are information risks being communicated to your computer end-users?Inf. Manag. Comput. Secur., 15
-
C. Banerjee, S. Pandey (2010)
Research on software security awareness: problems and prospectsACM SIGSOFT Softw. Eng. Notes, 35
-
T. Madden, P. Ellen, I. Ajzen (1992)
A Comparison of the Theory of Planned Behavior and the Theory of Reasoned ActionPersonality and Social Psychology Bulletin, 18
-
Patricia Williams (2008)
In a 'trusting' environment, everyone is responsible for information securityInf. Secur. Tech. Rep., 13
-
J. Hagen, E. Albrechtsen (2009)
Effects on employees' information security abilities by e-learningInf. Manag. Comput. Secur., 17
-
Mete Eminağaoğlu, E. Uçar, Saban Eren (2009)
The positive outcomes of information security awareness training in companies - A case studyInf. Secur. Tech. Rep., 14
-
A. Bandura (1982)
Self-efficacy mechanism in human agency.American Psychologist, 37
-
Catherine Anderson, Ritu Agarwal (2010)
Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral IntentionsMIS Q., 34
-
A. Tsohou, S. Kokolakis, Maria Karyda, E. Kiountouzis (2008)
Investigating Information Security Awareness: Research and Practice GapsInformation Security Journal: A Global Perspective, 17
-
Y. Rezgui, Adam Marks (2008)
Information security awareness in higher education: An exploratory studyComput. Secur., 27
-
A. Tsohou, Maria Karyda, S. Kokolakis, E. Kiountouzis (2012)
Analyzing Trajectories of Information Security AwarenessInf. Technol. People, 25
-
J. Heikka (2008)
A Constructive Approach to Information Systems Security Training: An Action Research Experience -
Petri Puhakainen, M. Siponen (2010)
Improving Employees' Compliance Through Information Systems Security Training: An Action Research StudyMIS Q., 34
-
J. D'Arcy, A. Hovav (2009)
Does One Size Fit All? Examining the Differential Effects of IS Security CountermeasuresJournal of Business Ethics, 89
-
L. Drevin, H. Kruger, T. Steyn (2007)
Value-focused assessment of ICT security awareness in an academic environmentComput. Secur., 26
-
10.1109/BROADCOM.2008.68
-
J. Hagen, E. Albrechtsen, J. Hovden (2008)
Implementation and effectiveness of organizational information security measuresInf. Manag. Comput. Secur., 16
-
Tejaswini Herath, Rui Chen, Jingguo Wang, Ketan Banjara, Jeff Wilbur, H. Rao (2014)
Security services as coping mechanisms: an investigation into user intention to adopt an email authentication serviceInformation Systems Journal, 24
-
Jeffrey Jenkins, Alexandra Durcikova, M. Burns (2011)
Get a Cue on IS Security Training: Explaining the Difference between how Security Cues and Security Arguments Improve Secure Behavior -
Andrew Kotulic, J. Clark (2004)
Why there aren't more information security research studiesInf. Manag., 41
-
H. Kruger, Wayne Kearney (2006)
A prototype for assessing information security awarenessComput. Secur., 25
-
P. Ifinedo (2012)
Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theoryComput. Secur., 31
-
E. Kritzinger, E. Smith (2008)
Information security management: An information security retrieval and awareness model for industryComput. Secur., 27
-
Qing Hu, Zhengchuan Xu, Tamara Dinev, Hong Ling (2011)
Does deterrence work in reducing information security policy abuse by employees?Communications of the ACM, 54
-
Jing Fan, Pengzhu Zhang (2011)
Study on e-government information misuse based on General Deterrence TheoryICSSSM11
-
S. Furnell, M. Gennatou, P. Dowland (2002)
A prototype tool for information security awareness and trainingLogistics Information Management, 15
-
Boon-Yuen Ng, A. Kankanhalli, Y. Xu (2009)
Studying users' computer security behavior: A health belief perspectiveDecis. Support Syst., 46
-
10.1109/HICSS.2012.285
-
A. Hovav, J. D'Arcy (2012)
Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South KoreaInf. Manag., 49
-
10.4018/ijsodit.2013010102
-
E. Albrechtsen (2007)
A qualitative study of users' view on information securityComput. Secur., 26
-
Sang Lee, Sang-Gun Lee, Sangjin Yoo (2004)
An integrative model of computer abuse based on social control and general deterrence theoriesInf. Manag., 41
- Publisher
- Emerald Publishing
- Copyright
- Copyright © Emerald Group Publishing Limited
- ISSN
- 2040-8269
- DOI
- 10.1108/MRR-04-2013-0085
- Publisher site
- See Article on Publisher Site
Abstract
Purpose– This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for future research are worked out by analyzing and synthesizing existing literature. Design/methodology/approach– This paper presents the results of a literature review comprising 113 publications. The literature review was designed to identify applied theories and to understand the cognitive determinants in the research field. A meta-model that explains employees’ IS security behavior is introduced by assembling the core constructs of the used theories. Findings– The paper identified 54 used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM). By synthesizing results of empirically tested research models, a survey of factors proven to have a significant influence on employees’ security behavior is presented. Research limitations/implications– Some relevant publications might be missing within this literature review due to the selection of search terms and/or databases. However, by conduction a forward and a backward search, this paper has limited this error source to a minimum. Practical implications– This study presents an overview of determinants that have been proven to influence employees’ behavioral intention. Based thereon, concrete training and awareness measures can be developed. This is valuable for practitioners in the process of designing Security Education, Training and Awareness (SETA) programs. Originality/value– This paper presents a comprehensive up-to-date overview of existing academic literature in the field of employees’ security awareness and behavior research. Based on a developed meta-model, research gaps are identified and implications for future research are worked out.
Journal
Management Research Review – Emerald Publishing
Published: Nov 11, 2014