Advanced search
Publication Cover
Journal of Computer Information Systems Volume 59, 2019 - Issue 4
Submit an article Journal homepage
1,535
Views
22
CrossRef citations to date
0
Altmetric
Articles

The Theory of Planned Behavior and Information Security Policy Compliance

Teodor SommestadSwedish Defence Research Agency, Linköping, SwedenCorrespondence[email protected]
,
Henrik KarlzénSwedish Defence Research Agency, Linköping, Sweden
&
Jonas HallbergSwedish Defence Research Agency, Linköping, Sweden
Pages 344-353 | Published online: 18 Sep 2017

References

  • Sommestad T, Karlzén H, Hallberg J. A meta-analysis of studies on protection motivation theory and information security behaviour. Int J Inf Secur Priv. 2015;9(1):26–46. doi:10.4018/IJISP.2015010102.
  • Sommestad T, Hallberg J, Lundholm K, Bengtsson J. Variables influencing information security policy compliance. Inf Manag Comput Secur. 2014;22(1):42–75. doi:10.1108/IMCS-08-2012-0045.
  • Milicevic D, Goeken M. Systematic review and meta-analysis of is security policy compliance research. First steps towards evidence-based structuring of the IS security domain. In: Rainer Alt and Bogdan Franczyk, editors. International Conference on Wirtschaftsinformatik. Leipzig, Germany: 2013. p. 1067–81.
  • Sommestad T, Hallberg J. A review of the theory of planned behaviour in the context of information security policy compliance. In: Janczewski E, Wolf H, Shenoi S, eds. International information security and privacy conference. Auckland: Springer Berlin /Heidelberg; 2013.
  • D’Arcy J, Herath T. A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings. Eur J Inf Syst. 2011;20(6):643–58. doi:10.1057/ejis.2011.23.
  • Fishbein M, Ajzen I. Predicting and changing behavior: the reasoned action approach. New York, NY, USA: Psychology Press; 2010.
  • Ajzen I. The theory of planned behavior. Organ Behav Hum Decis Process. 1991;50(2):179–211. doi:10.1016/0749-5978(91)90020-T.
  • Cox J. Information systems user security: a structured model of the knowing–doing gap. Comput Human Behav. 2012;28(5):1849–58. doi:10.1016/j.chb.2012.05.003.
  • Cox J Organizational narcissism as a factor in information security|A structured model of the user knowing-doing gap [Dissertation]. Minneapolis (USA); Capella University; 2012.
  • Sommestad T, Karlzén H, Hallberg J. The sufficiency of the theory of planned behavior for explaining information security policy compliance. Inf Comput Secur. 2015;23(2):200–17. doi:10.1108/ICS-04-2014-0025.
  • Siponen MT, Adam Mahmood M, Pahnila S. Employees’ adherence to information security policies: an exploratory field study. Inf Manag. 2014;51(2):217–24. doi:10.1016/j.im.2013.08.006.
  • Al-Omari A, El-Gayar O, Deokar A. Information security policy compliance: the role of information security awareness. In: K. D. Joshi and Youngjin Yoo, editors. 18th Americas Conference on Information Systems 2012, AMCIS 2012.Vol 2. 2012. Association for Information Systems. p. 1633–40.
  • Jenkins JL, Durcikova A. What, I shouldn’t have done that?: the influence of training and just-in-time reminders on secure behavior. In: Dorothy Leidner and Joyce Elam, editors. International conference on information systems. Milan, Italy: Association for Information Systems. 2013. p. 1–18.
  • Ifinedo P. Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. In: Eugene H. Spafford, editor. Computers and Security.Vol 31. United Kingdom: Langford Lane, Kidlington, Oxford, OX5 1GB; 2012. p. 83–95. doi:10.1016/j.cose.2011.10.007.
  • Dugo TM. The insider threat to organizational information security: A sturctural model and empirical test. Auburn (USA): Auburn University; 2007.
  • Bulgurcu B, Cavusoglu H, Benbasat I. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q Manag Inf Syst. 2010;34(SPEC. ISSUE 3):523–48.
  • Herath T, Rao HR. Protection motivation and deterrence: A framework for security policy compliance in organisations. Eur J Inf Syst. 2009;18(2):106–25. doi:10.1057/ejis.2009.6.
  • Zhang J, Reithel BJ, Li H. Impact of perceived technical protection on security behaviors. Inf Manag Comput Secur. 2009;17(4):330–40. doi:10.1108/09685220910993980.
  • Hu Q, Dinev T, Hart P, Cooke D. Managing employee compliance with information security policies: the critical role of top management and organizational culture*. Decis Sci. 2012;43(4):615–60. doi:10.1111/j.1540-5915.2012.00361.x.
  • Liao Q, Luo X, Gurung A, Li L. Workplace management and employee misuse: does punishment matter? J Comput Inf Syst. 2009;50:49–60.
  • Li H, Zhang J, Sarathy R. Understanding compliance with internet use policy from the perspective of rational choice theory. Decis Support Syst. 2010;48(4):635–45. doi:10.1016/j.dss.2009.12.005.
  • Guo KH, Yuan Y, Archer NP, Connelly CE. Understanding nonmalicious security violations in the workplace: a composite behavior model. J Manag Inf Syst. 2011;28(2):203–36. doi:10.2753/MIS0742-1222280208.
  • Sohrabi Safa N, Von Solms R, Furnell S. Information security policy compliance model in organizations. Comput Secur. 2016;56:70–82. doi:10.1016/j.cose.2015.10.006.
  • Johnston AC, Wech B, Jack E, Beavers M. Reigning in the remote employee: applying social learning theory to explain information security policy compliance attitudes. In: Dorothy Leidner and Joyce Elam, editors. 16th Americas Conference on Information Systems 2010, AMCIS 2010.Vol 3. Lima, Peru: Association for Information Systems. 2010. p. 2217–30.
  • Vance A. Motivating IS security compliance: insights from habit and protection motivation theory. In: E.H. Sibley and P.Y.K. Chau, editors. Why do employees violate is security policies? insights from multiple theoretical perspectives. Oulu (Finland): University of Oulu; 2010.
  • Johnston AC, Warkentin M. Fear appeals and information security behaviors: an empirical study. MIS Q Manag Inf Syst. 2010;34(SPEC. ISSUE 3):549–66.
  • Armitage CJ, Conner M. Efficacy of the theory of planned behaviour: a meta-analytic review. Br J Soc Psychol. 2001;40(Pt 4):471–99. doi:10.1348/014466601164939.
  • Rivis A, Sheeran P. Descriptive norms as an additional predictor in the theory of planned. Curr Psycology Dev Learn Personal Scoial. 2003;22(3):218–33. doi:10.1007/s12144-003-1018-2.
  • McEachan RRC, Conner M, Taylor NJ, Lawton RJ. Prospective prediction of health-related behaviours with the theory of planned behaviour: a meta-analysis. Health Psychol Rev. 2011;5(2):97–144. doi:10.1080/17437199.2010.521684.
  • Ajzen I. The theory of planned behaviour: reactions and reflections. Psychol Health. 2011;26(9):1113–27. doi:10.1080/08870446.2011.613995.
  • Sandberg T, Conner M. Anticipated regret as an additional predictor in the theory of planned behaviour: A meta-analysis. Br J Soc Psychol. 2008;47(Pt 4):589–606. doi:10.1348/014466607X258704.
  • Li H, Zhang J, Sarathy R. Understanding the compliance with the internet use policy from a criminology perspective. In: Andrew B. Whinston, editor. 15th Americas Conference on Information Systems 2009, AMCIS 2009. Vol 5. 2009. San Francisco, CA: Association for Information Systems. p. 3278–85.
  • Goo J, Yim M-S, Kim DJ. A path way to successful management of individual intention to security compliance: A role of organizational security climate. In: Ralph H. Sprague, Jr, editor. Proceedings of the Annual Hawaii International Conference on System Sciences. 2013. Los Alamitos, CA: IEEE Computer Society. p. 2959–68.
  • Goo J, Yim M-S, Kim DJ. A path to successful management of employee security compliance: an empirical study of information security climate. IEEE Trans Prof Commun. 2014;57(4):286–308. doi:10.1109/TPC.2014.2374011.
  • Ouellette JA, Wood W. Habit and intention in everyday life: the multiple processes by which past behavior predicts future behavior. Psychol Bull. 1998;124(1):124–54. doi:10.1037/0033-2909.124.1.54.
  • Ye C, Potter RE. The role of habit in post-adoption switching of personal information technologies: an empirical investigation. Commun Assoc Inf Syst. 2011;28(June):585–610.
  • Sommestad T, Karlzén H, Nilsson P, Hallberg J. An empirical test of the perceived relationship between risk and the constituents severity and probability. Inf Comput Secur. 2016;24(2):194–204. doi:10.1108/ICS-01-2016-0004.
  • Putri FF, Hovav A. Employees’ Compliance with BYOD Security Policy: insights from reactance, organizational justice, and protection motivation theory. In: Avital M, Leimeister JM, Schultze U, eds. 22st European Conference on Information Systems. Tel Aviv, Israel: Association for Information Systems. 2014. p.0–17.
  • Ajzen I Theory of Planned Behavior. 2012. http://people.umass.edu/aizen/tpb.html. Accessed August 19, 2013.
  • Statistics Sweden. No Title. Longitud Integr database Heal Insur labour Mark Stud (LISA by Swedish acronym). 2016. http://www.scb.se/lisa-en. Accessed March 29, 2016.
  • Gullberg Brännström S. Yrkesregistret Med Yrkesstatistik En Beskrivning Av Innehåll Och Kvalitet (AM76BR1105). Örebro: Statistics Sweden. 2011.
  • Campbell DT, Fiske DW. Convergent and discriminant validation by the multitrait-multimethod matrix. Psychol Bull. 1959;56(2):81–105. doi:10.1037/h0046016.
  • Danner UN, Aarts H, Vries NK. Habit vs. intention in the prediction of future behaviour: the role of frequency, context stability and mental accessibility of past behaviour. Br J Soc Psychol. 2008;47(2):245–65. doi:10.1348/014466607X230876.
  • Hovav A, D’Arcy J. Applying an extended model of deterrence across cultures: an investigation of information systems misuse in the U.S. and South Korea. Inf Manag. 2012;49(2):99–110. doi:10.1016/j.im.2011.12.005.
  • Son J-Y. Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Inf Manag. 2011;48(7):296–302. doi:10.1016/j.im.2011.07.002.
  • Dinev T, Goo J, Hu Q, Nam K. User behaviour towards protective information technologies: the role of national cultural differences. Inf Syst J. 2009;19:391–412. doi:10.1111/j.1365-2575.2007.00289.x.
  • Hofstede G What about Sweden? Cult Dimens. 2017. https://geert-hofstede.com/sweden.html. Accessed April 28, 2017.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.