References
- Anand, S., & Sen, A. (2000). Human development and economic sustainability. World Development, 28(12), 2029–2049. https://doi.org/https://doi.org/10.1016/S0305-750X(00)00071-1
- Andoh-Baidoo, F. K., & Osei-Bryson, K.-M. (2007). Exploring the characteristics of internet security breaches that impact the market value of breached firms. Expert Systems with Applications, 32(3), 703–725. https://doi.org/https://doi.org/10.1016/j.eswa.2006.01.020
- Baker, S. E., & Edwards, R. (Eds.). (2012). How many qualitative interviews are enough? Expert voices and early career reflections on sampling and cases in qualitativeresearch. National Centre for Research Methods Review Paper. http://eprints.ncrm.ac.uk/2273/
- Balozian, P., Leidner, D., & Warkentin, M. (2017). Managers’ and employees’ differing responses to security approaches. Journal of Computer Information Systems, 59(3), 197–210. https://doi.org/https://doi.org/10.1080/08874417.2017.1318687
- Barclay, C. (2014). Sustainable security advantage in a changing environment: the cybersecurity capability maturity model (CM2). Proceedings of the 2014 ITU kaleidoscope academic conference: living in a converged world - impossible without standards?pp. 275-282, St. Petersburg, Russia. doi:https://doi.org/10.1109/Kaleidoscope.2014.6858466
- Barclay, C., & Logan, D. (2013). Towards an understanding of the implementation & adoption of massive online open courses (MOOCs) in a developing economy context. Annual workshop of the AIS special interest group for ICT in global development. Proceedings of SIG GlobDev Sixth Annual Workshop, Milano, Italy.
- Barclay, C., & Osei-Bryson, K.-M. (2010). Project performance development framework: an approach for developing performance criteria & measures for information systems (IS) projects. International Journal of Production Economics, 124(1), 272–292. https://doi.org/https://doi.org/10.1016/j.ijpe.2009.11.025
- Barrett-Maitland, N., Barclay, C., & Osei-Bryson, K.-M. (2016). Security in social networking services: a value-focused thinking exploration in understanding users’ privacy and security concerns. Information Technology for Development, 22(3), 464–486. https://doi.org/https://doi.org/10.1080/02681102.2016.1173002
- Becker, H. S. (2012). Tricks of the Trade. In S. E. Baker & R. Edwards (Eds.), How many qualitative interviews are enough? Expert voices and early career reflections on sampling and cases in qualitative research (pp. 15). National Centre for Research Methods Review Paper http://eprints.ncrm.ac.uk/2273/
- Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837–864. https://doi.org/https://doi.org/10.25300/MISQ/2015/39.4.5
- Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If someone is watching, i’ll do what i’m asked: mandatoriness, control, and information security. European Journal of Information Systems, 18(2), 151–164. https://doi.org/https://doi.org/10.1057/ejis.2009.8
- Bowen, G. A. (2008). Naturalistic inquiry and the saturation concept: a research note. Qualitative Research, 8(1), 137–152. https://doi.org/https://doi.org/10.1177/1468794107085301
- Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. https://doi.org/https://doi.org/10.2307/25750690
- Casadesus-Masanell, R., & Ricart, J. E. (2011). How to design a winning business model. Harvard Business Review, 89(1/2), 100–107.
- Chen, X., Chen, L., & Wu, D. (2018). Factors That Influence Employees’ Security Policy Compliance: An Awareness-Motivation-Capability Perspective. Journal of Computer Information Systems, 58(4), 312–324. https://doi.org/https://doi.org/10.1080/08874417.2016.1258679
- Chen, X., Wu, D., Chen, L., & Teng, J. K. L. (2018). Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables. Information & Management, 55(8), 1049–1060. https://doi.org/https://doi.org/10.1016/j.im.2018.05.011
- Chen, Y., & Zahedi, F. M. (2016). Individuals’ internet security perceptions and behaviors: polycontextual contrasts between the united States and China. MIS Quarterly, 40(1), 205–222. https://doi.org/https://doi.org/10.25300/MISQ/2016/40.1.09
- Cram, W. A., D’Arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525–554. https://doi.org/https://doi.org/10.25300/MISQ/2019/15117
- Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organisational information security policies: A review and research framework. European Journal of Information Systems, 26(6), 605–641. https://doi.org/https://doi.org/10.1057/s41303-017-0059-9
- Creswell, J. W. (1998). Qualitative inquiry and research design: Choosing among five traditions. Sage Publications.
- D’Arcy, J., & Greene, G. (2014). Security culture and the employment relationship as drivers of employees’ security compliance. Information Management & Computer Security, 22(5), 474–489. https://doi.org/https://doi.org/10.1108/IMCS-08-2013-0057
- D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98. https://doi.org/https://doi.org/10.1287/isre.1070.0160
- D’Arcy, J., & Lowry, P. B. (2019). Cognitive‐affective drivers of employees’ daily compliance with information security policies: A multilevel, longitudinal study. Information Systems Journal, 29(1), 43–69. https://doi.org/https://doi.org/10.1111/isj.12173
- Davison, R. M., & Martinsons, M. G. (2016). Context is king! considering particularism in research design and reporting. Journal of Information Technology, 31(3), 241–249. https://doi.org/https://doi.org/10.1057/jit.2015.19
- De, R., Pal, A., Sethi, R., Reddy, S. K., & Chitre, C. (2018). ICT4D research: A call for a strong critical approach. Information Technology for Development, 24(1), 63–94. https://doi.org/https://doi.org/10.1080/02681102.2017.1286284
- Dhillon, G., & Backhouse, J. (2001). Current direction in IS security research: towards socio-organisational perspective. Information Systems Journal, 11(2), 127–153. https://doi.org/https://doi.org/10.1046/j.1365-2575.2001.00099.x
- Dhillon, G., & Torkzadeh, G. (2006). Value-focused assessment of information system security in organisations. Information Systems Journal, 16(3), 293–314. https://doi.org/https://doi.org/10.1111/j.1365-2575.2006.00219.x
- Dlamini, M. T., Eloff, J. H. P., & Eloff, M. M. (2009). Information security: The moving target. Computers & Security, 28(3–4), 189–198. https://doi.org/https://doi.org/10.1016/j.cose.2008.11.007
- Donalds, C. (2015). Cybersecurity policy compliance: An empirical study of jamaican government agencies. SIG GlobDev Pre-ECIS Workshop.
- Donalds, C., & Osei-Bryson, K.-M. (2020). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51. https://doi.org/https://doi.org/10.1016/j.ijinfomgt.2019.102056
- Drevin, L., Kruger, H. A., & Steyn, T. (2007). Value-focused assessment of ICT security awareness in an academic environment. Computers & Security, 26(1), 36–43. https://doi.org/https://doi.org/10.1016/j.cose.2006.10.006
- Glaser, B., & Strauss, A. (1967). The discovery of grounded theory: Strategies for qualitative research. Aldine de Gruyters.
- Goo, J., Yim, M.-S., & Kim, D. J. (2014). A path to successful management of employee security compliance: an empirical study of information security climate. IEEE Transactions on Professional Communications, 57(4), 286–308. https://doi.org/https://doi.org/10.1109/TPC.2014.2374011
- Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125. https://doi.org/https://doi.org/10.1057/ejis.2009.6
- Hoehle, H., Huff, S. L., & Goode, S. (2012). The role of continuous trust in information systems continuance. Journal of Computer Information Systems, 52(4), 1–9. DOI:https://doi.org/10.1080/08874417.2012.11645571
- Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95. https://doi.org/https://doi.org/10.1016/j.cose.2011.10.007
- ISO/IEC 27001:2013.(2013). Information technology - Security techniques - Information security management systems - Requirements.
- Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113–134. https://doi.org/https://doi.org/10.25300/MISQ/2015/39.1.06
- Keeney, R. L. (1992). Value-focused thinking: A path to creative decision making. Harvard University Press.
- Keeney, R. L. (1994). Creativity in decision making with value-focused thinking. Sloan Management Review, 34(4), 33–41.
- Keeney, R. L. (1999). The value of internet commerce to the customer. Management Science, 45(4), 533–542. https://doi.org/https://doi.org/10.1287/mnsc.45.4.533
- Keeney, R. L. (2008). Applying value-focused thinking. Military Operations Research, 13(2), 7–17. https://doi.org/https://doi.org/10.5711/morj.13.2.7
- Khan, H. U., & AlShare, K. A. (2019). Violators versus non-violators of information security measures in organisations—A study of distinguishing factors. Journal of Organisational Computing and Electronic Commerce, 29(1), 4–23. https://doi.org/https://doi.org/10.1080/10919392.2019.1552743
- Koohang, A., & Anderson, J. (2020). Building an awareness-centered information security policy compliance model. Industrial Management & Data, 120(1), 231–247. https://doi.org/https://doi.org/10.1108/IMDS-07-2019-0412
- Koranteng, F. N., Apau, R., Opoku-Ware, J., & Ekpezu, A. O. (2020). Evaluating the Effectiveness of Deterrence Theory in Information Security Compliance: New Insights From a Developing Country. In W. Yaokumah, M. Rajarajan, & J.-D. Abdulai (Eds.), Modern Theories and Practices for Cyber Ethics and Security Compliance (pp. 140–151). Information Science Reference. doi:https://doi.org/10.4018/978-1-7998-3149-5.ch009
- Legard, R., Keegan, J., & Ward, K. (2003). In-depth interviews. In J. Richie & J. Lewis (Eds.), Qualitative Research Practice: A Guide for Social Science Students and Researcher (pp. 139–168). Sage, London.
- Li, H., Sarathy, R., Zhang, J., & Luo, X. (2014). Exploring the effects of organisational justice, personal ethics and sanction on internet use policy compliance. Information Systems Journal, 24(6), 479–502. https://doi.org/https://doi.org/10.1111/isj.12037
- Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635–645. https://doi.org/https://doi.org/10.1016/j.dss.2009.12.005
- Malekos Smith, Z., & Lostri, E. (2020). The Hidden Costs of Cybercrime. McAfee. Retrieved February 10, 2021. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf
- May, J., Dhillon, G., & Caldeira, M. (2013). Defining value-based objectives for ERP systems planning. Decision Support Systems, 55(1), 98–109. https://doi.org/https://doi.org/10.1016/j.dss.2012.12.036
- Moody, G. D., Siponen, M. T., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285–311. https://doi.org/https://doi.org/10.25300/MISQ/2018/13853
- Nah, F. F.-H., Siau, K., & Sheng, H. (2005). The value of mobile applications: A utility company study. Communications of the ACM, 48(2), 85–90. https://doi.org/https://doi.org/10.1145/1042091.1042095
- Niemimaa, E., & Niemimaa, M. (2017). Information systems security policy implementation in practice: From best practices to situated practices. European Journal of Information Systems, 26(1), 1–20. https://doi.org/https://doi.org/10.1057/s41303-016-0025-y
- Orlikowski, W., & Gash, D. C. (1994). Technological frames: Making sense of information technology in organisations. ACM Transaction on Information Systems, 12(2), 174–207. https://doi.org/https://doi.org/10.1145/196734.196745
- Osei-Bryson, K.-M., & Vogel, D. (2014). Editorial: Special Issue on Cyber-Security for Development. Information Technology for Development, 20(2), 93–95. https://doi.org/https://doi.org/10.1080/02681102.2014.883115
- Ponemon Institute. (2020). 2020 Cost of Insider Threats: Global Report. Retrieved February 10, 2021 from https://www.observeit.com/cost-of-insider-threats/
- Rowley, J. (2012). Conducting research interviews. Management Research Review, 35(3/4), 260–271. https://doi.org/https://doi.org/10.1108/01409171211210154
- Sen, A. (2001). Economic development and capability expansion in historical perspective. Pacific Economic Review, 6(2), 179–191. https://doi.org/https://doi.org/10.1111/1468-0106.00126
- Siponen, M. T., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217–224. https://doi.org/https://doi.org/10.1016/j.im.2013.08.006
- Smith, K. J., Dhillon, G., & Hedström, K. (2018). Reconciling value-based objectives for security and identity management. Information & Computer Security, 26(2), 194–212. https://doi.org/https://doi.org/10.1108/ICS-08-2017-0059
- Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing information security policy compliance: A systematic review of quantitative studies. Information Management & Computer Security, 22(1), 42–75. https://doi.org/https://doi.org/10.1108/IMCS-08-2012-0045
- Sommestad, T., Karlzén, H., & Hallberg, J. (2019). The Theory of Planned Behavior and Information Security Policy Compliance. Journal of Computer Information Systems, 59(4), 344–353. https://doi.org/https://doi.org/10.1080/08874417.2017.1368421
- Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503–522. https://doi.org/https://doi.org/10.2307/25750689
- Trompeter, C. M., & Eloff, J. H. P. (2001). A framework for the implementation of socio-ethical controls in information security. Computers and Security, 20(5), 384–391. https://doi.org/https://doi.org/10.1016/S0167-4048(01)00507-7
- Unwin, T. (2017). Reclaiming information and communication technologies for development. Oxford University Press.
- van Bijon, J., & Osei-Bryson, K.-M. (2020). The Communicative Power of Knowledge Visualizations in Mobilizing Information and Communication Technology Research. Information Technology for Development, 26(4), 637–652. https://doi.org/https://doi.org/10.1080/02681102.2020.1821954
- Wall, J. D., Palvia, P., & Lowry, P. B. (2013). Control-Related Motivations and Information Security Policy Compliance: The Role of Autonomy and Efficacy. Journal of Information Privacy and Security, 9(4), 52–79. https://doi.org/https://doi.org/10.1080/15536548.2013.10845690
- Walsham, G. (2012). Are we making a better world with ICTs? Reflections on a future agenda for the IS field. Journal of Information Technology, 27(2), 87–93. https://doi.org/https://doi.org/10.1057/jit.2012.4
- Walsham, G. (2017). ICT4D research: Reflections on history and future agenda. Information Technology for Development, 23(1), 18–41. https://doi.org/https://doi.org/10.1080/02681102.2016.1246406
- Warkentin, M., & Willison, R. (2009). Behavioral and Policy Issues in Information Systems Security: The Insider Threat. European Journal of Information Systems, 18(2), 101–105. https://doi.org/https://doi.org/10.1057/ejis.2009.12
- Zheng, Y., Hatakka, M., Sahay, S., & Andersson, A. (2018). Conceptualizing development in information and communication technology for development (ICT4D). Information Technology for Development, 24(1), 1–14. https://doi.org/https://doi.org/10.1080/02681102.2017.1396020