Advanced search
Publication Cover
Information Systems Management Volume 40, 2023 - Issue 4
Submit an article Journal homepage
571
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Exploring Personal and Environmental Factors that Can Reduce Nonmalicious Information Security Violations

Princely IfinedoDepartment of Finance and Information Systems, Brock University, St. Catharines, ONCanadaCorrespondence[email protected]
View further author information
Pages 316-336 | Published online: 11 Oct 2022

References

  • Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211. https://doi.org/10.1016/0749-5978(91)90020-t
  • Alaskar, M., Vodanovich, S., & Shen, K. N. (2015). Evolvement of information security research on employees’ behavior: A systematic review and future direction. Proceedings of the 48th Hawaii International Conference on System Sciences, 4241–4250.
  • Ameen, N., Tarhini, A., Shah, M. H., Madichie, N., Paul, J., & Choudrie, J. (2021). Keeping customers’ data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile workforce. Computers in Human Behavior, 114, 106531. https://doi.org/10.1016/j.chb.2020.106531
  • Aurigemma, S., & Mattson, T. (2019). Generally speaking, context matters: Making the case for a change from universal to particular ISP research. Journal of the Association for Information Systems, 20(12), 1700–1742. doi:10.17705/1jais.00583
  • Bandura, A. (1986). Social foundations of thought and action: A social cognitive theory. Prentice-Hall.
  • Bateman, T. S., & Strasser, S. (1984). A longitudinal analysis of the antecedents of organizational commitment. Academy of Management Journal, 27(1), 95–112. https://doi.org/10.2307/255959
  • Brick, J., & Kalton, G. (1996). Handling missing data in survey research. Statistical Methods in Medical Research, 5(3), 215–238. https://doi.org/10.1177/096228029600500
  • Brislin, R. W. (1986). The wording and translation of research instruments. In W. J. Lonner & J. W. Berry (Eds.), Field methods in cross-cultural research (pp. 137–164). Sage Publications.
  • Buchanan, B. (1974). Building organizational commitment: The socialization of managers in work organizations. Administrative Science Quarterly, 19(4), 533–546.
  • Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. https://doi.org/10.2307/25750690
  • Buunk, B. P., Doosje, B. J., Jans, L. G. J. M., & Hopstaken, L. E. M. (1993). Perceived reciprocity, social support, and stress at work: The role of exchange and communal orientation. Journal of Personality and Social Psychology, 65(4), 801–811. https://doi.org/10.1037/0022-3514.65.4.801
  • Chan, S. (2017). European court limits employers’ right to monitor workers’ email. Retrieved May 6, 2020, from https://www.nytimes.com/2017/09/05/business/european-court-employers-workers-email.html
  • Chan, M., Woon, I. M. Y., & Kankanhalli, A. (2005). Perceptions of information security at the workplace: Linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3), 18–41. https://doi.org/10.1080/15536548.2005.10855772
  • Chu, A. M. Y., So, M. K. P., & Chung, R. S. W. (2018). Applying the randomized response technique in business ethics research: The misuse of information systems resources in the workplace. Journal Business Ethics, 151(1), 195–212. https://doi.org/10.1007/s10551-016-3240-5
  • Cialdini, C. R., & Trost, M. R. (1998). Social influence: Social norms, conformity and compliance. In The Handbook of Social Psychology (Vol. 1 and 2, pp. 151–192).
  • CISA - US-CERT (2020). Insider threat. Retrieved May 2, 2020, from https://www.us-cert.gov/bsi/articles/best-practices/insider-threat
  • Cohen, J. (1988). Statistical power analysis for the behavioral sciences (2nd ed.). Erlbaum.
  • Colquitt, J. A., & Simmering, M. J. (1998). Conscientiousness, goal orientation, and motivation to learn during the learning process: A longitudinal study. Journal of Applied Psychology, 83(4), 654–665. 10.1037/0021-9010.83.4.654
  • Corral-Verdugo, V. (1997). Dual “realities” of conservation behavior: Self-reports vs observations of re- use and recycling behavior. Journal of Environmental Psychology, 17(2), 135–145. https://doi.org/10.1006/jevp.1997.0048
  • Cram, W. A., D’Arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525–554. https://doi.org/10.25300/misq/2019/15117
  • Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computer & Security, 32(1), 90–101. http://dx.doi.org/10.1016/j.cose.2012.09.010
  • Crown, D. F., & Rosse, J. G. (1995). Yours, mine, and ours: Facilitating group productivity through the integration of individual and group goals. Organizational Behaviour and Human Decision Processes, 6(4), 138–150.
  • Cuganesan, S., Steele, C., & Hart, A. (2018). How senior management and workplace norms influence information security attitudes and self-efficacy. Behaviour & Information Technology, 37(1), 50–65.
  • D’Arcy, J., & Greene, G. (2014). Security culture and the employment relationship as drivers of employees’ security compliance. Information Management & Computer Security, 22(5), 474–489.
  • D’Arcy, J., Hovav, A., & Galletta, D. F. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98.
  • Deloitte (2021). 2021 Energy, resources & industrials cyber survey. Retrieved December 10, 2020, from https://www2.deloitte.com/content/dam/Deloitte/dk/Documents/Cyber/cyberreport/ER&ICyberSurvey.pdf
  • Deloitte Cyber Survey (2020). 2020 Deloitte cyber survey. next normal – More digital. Retrieved from December 10, 2020, from https://www2.deloitte.com/content/dam/Deloitte/dk/Documents/Cyber/cyberreport/Cyber_survey_.pdf
  • Diamantopoulos, A., & Winklhofer, H. M. (2001). Index construction with formative indicators: An alternative to scale development. Journal of Marketing Research, 38(2), 269–277.
  • Donaldson, S. I., Ensher, E. A., & Grant-Vallone, E. J. (2000). Longitudinal examination of mentoring relationships on organizational commitment and citizenship behavior. Journal of Career Development, 26(4), 233–249. https://doi.org/10.1177/089484530002600401
  • Donalds, C., & Osei-Bryson, K.-M. (2020). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51(102256), 1–16.
  • Edwards, P., & Wright, M. (2001). High-involvement work systems and performance outcomes: The strength of variable, contingent and context-bound relationships. International Journal of Human Resource Management, 12(4), 568–585.
  • Evermann, J., & Rönkkö, M. (2021). Recent Developments in PLS. In Communications of the AIS. in press.
  • Federal Office of Information Security (2018). The state of IT security in Germany 2018. Retrieved March 1, 2020, from, https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Securitysituation/IT-Security-Situation-in-Germany-2018.pdf;jsessionid=B2C29D767B45BD9D1D6B72196D30C5DC.1_cid341?__blob=publicationFile&v=3
  • Filstad, C. (2011). Organizational commitment through organizational socialization tactics. Journal of Workplace Learning, 23(6), 376–390.
  • Galperin, B. L., Bennett, R. J., & Aquino, K. (2011). Status differentiation and the protean self: A social-cognitive model of unethical behavior in organizations. Journal of Business Ethics, 98(3), 407–424. https://doi.org/10.1007/s10551-010-0556-4
  • Glomb, T. M., & Liao, H. (2003). Interpersonal aggression in work groups: Social influence, reciprocal, and individual effects. Academy of Management Journal, 46(4), 486–496. https://doi.org/10.2307/30040640
  • Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73, 345–358.
  • Guo, K. H. (2013). Security-related behavior in using information systems in the workplace: A review and synthesis. Computers & Security, 32(C), 242–251.
  • Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203–236. https://doi.org/10.2753/MIS0742-1222280208
  • Hair, J., Hollingsworth, C. L., Randolph, A. B., & Chong, A. Y. L. (2017). An updated and expanded assessment of PLS-SEM in information systems research. Industrial Management & Data Systems, 117(3), 442–458.
  • Hair, J. F., Sarstedt, M., & Ringle, C. M. (2019). Rethinking some of the rethinking of partial least squares. European Journal of Marketing, 53(4), 566–584. https://doi.org/10.1108/EJM-10-2018-0665
  • Henseler, J., Ringle, C. M., & Sarstedt, M. (2015). A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43(1), 115–135. https://doi.org/10.1007/s11747-014-0403-8
  • Hollenbeck, J. R., Williams, C. R., & Klein, H. J. (1989). An empirical examination of the antecedents of commitment to difficult goals. Journal of Applied Psychology, 74(1), 18–23. https://doi.org/10.1037/0021-9010.74.1.18
  • Hu, Q., Dinev, T., Hart, P., & Cooke, D. (2012). Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), 615–659. https://doi.org/10.1111/j.1540-5915.2012.00361.x
  • Hu, Q., Xu, Z., Dinev, T., & Ling, H. (2011). Does deterrence work in reducing information security policy abuse by employees? Communications of the ACM, 54(6), 54–60. https://doi.org/10.1145/1953122.1953142
  • Ifinedo, P. (2015). Effects of organizational citizenship behavior and social cognitive factors on employees’ non-malicious counterproductive computer security behaviors: An empirical analysis. Proceeding of the 2015 International Conference on Information Resources Management (Conf-IRM), May 18-20, 2015, Ottawa, Canada.
  • Ifinedo, P. (2016). Critical times for organizations: What should be done to curb workers’ noncompliance with IS security policy guidelines? Information Systems Management, 33(1), 30–41. https://doi.org/10.1080/10580530.2015.1117868
  • Ifinedo, P. (2019). Understanding workers’ participation in nonmalicious, end-user computing and information security deviant behavior: Insights from the social cognitive theory. Proceeding of the 2019 Administrative Sciences Association of Canada (ASAC) Conference, May 24 – 27, 2019, Brock University, St. Catherines, Canada
  • Ifinedo, P., & Ifinedo, A. (2011). A snapshot of key information systems (IS) issues in Estonian organizations for the 2000s. Baltic Journal of Management, 6(2), 163–178. https://doi.org/10.1108/17465261111131794
  • IIROC (2012). Cybersecurity Best Practices Guide for IIROC Dealer Members. Retrieved December 11, 2020, from www.iiroc.ca.
  • Information Security Forum (2015). Managing the insider threat - improving trustworthiness. Retrieved December 11, 2020, from https://www.securityforum.org/solutions-and-insights/managing-the-insider-threat-improving-trustworthiness/
  • Institute, P. (2012). The human factor in data protection. Retrieved March 14, 2020, from https://www.ponemon.org/local/upload/file/The_Human_Factor_in_data_Protection_WP_FINAL.pdf
  • Johns, G. (2017). Reflections on the 2016 decade award: Incorporating context in organizational research. The Academy of Management Review, 42(4), 577–595. https://doi.org/10.5465/amr.2017.0044
  • Kline, R. B. (1998). Principles and practice of structural equation modeling. The Guilford Press.
  • Knapp, K. J., Marshall, T. E., Rainer, R. K., & Ford, F. N. (2006). Information security: Management’s effect on culture and policy. Information Management & Computer Security, 14(1), 24–36. https://doi.org/10.1108/09685220610648355
  • Kock, N. (2015b). Common method bias in PLS-SEM: A full collinearity assessment approach. International Journal of e-Collaboration, 11(4), 1–10. https://doi.org/10.4018/ijec.2015100101
  • Kock, N. (2020). WarpPLS user manual: Version 7.0 - ScriptWarp Systems. Retrieved December 14, 2020, from https://www.scriptwarp.com/warppls/UserManual_v_7_0.pdf
  • Koskosas, I. (2008). Goal setting and trust in a security management context. Journal Information Security Journal: A Global Perspective, 17(3), 151–161. https://doi.org/10.1080/19393550802290337
  • Koskosas, I. V., Charitoudi, G., & Louta, M. (2008). The role of organizational cultures in information systems security management: A goal setting perspective. Journal of Leadership Studies, 2(1), 7–19. https://doi.org/10.1002/jls.20042
  • Lee, Y., & Kozar, K. A. (2008). An empirical investigation of anti-spyware software adoption: A multitheoretical perspective. Information & Management, 45(2), 109–119. https://doi.org/10.1016/j.im.2008.01.002
  • Liu, C., Liang, H., Wang, N., & Xue, Y. (2021). Ensuring employees’ information security policy compliance by carrot and stick: The moderating roles of organizational commitment and gender. Information Technology & People. in press https://doi.org/10.1108/ITP-09-2019-0452.
  • Liu, C., Wang, N., & Liang, H. (2020). Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment. International Journal of Information Management, 54, 102152. https://doi.org/10.1016/j.ijinfomgt.2020
  • Locke, E. A., & Latham, G. P. (1990). A theory of goal setting and task performance. Prentice Hall.
  • Luo, X., Li, H., Hu, Q., & Xu, H. (2020). Why individual employees commit malicious computer abuse: A routine activity theory perspective. Journal of the Association for Information Systems, 21(6), 1552–1593. https://doi.org/10.17705/1jais.000646
  • Meyer, J. P., & Herscovitch, L. (2001). Commitment in the workplace: Toward a general model. Human Resource Management Review, 11(3), 299–326. https://doi.org/10.1016/S1053-4822(00)00053-X
  • Moody, G. D., & Siponen, M. (2013). Using the theory of interpersonal behavior to explain non-work-related personal use of the internet at work. Information & Management, 50(6), 322–335. https://doi.org/10.1016/j.im.2013.04.005
  • Niehoff, B. P., Enz, C. A., & Grover, R. A. (1990). The impact of top-management actions on employee attitudes and perceptions. Group & Organization Studies, 15(3), 337–352. https://doi.org/10.1177/105960119001500307
  • NTT Research (2019a). Cybersecurity and the next generation. Retrieved December 10, 2020, from https://hello.global.ntt/en-us/insights/risk-value-report
  • NTT Research (2019b). Risk:Value 2019 Destination standstill. Are you asleep at the wheel? Why many organizations are failing to make progress with cybersecurity. Retrieved December 10, 2020, from https://www.nttsecurity.com/docs/librariesprovider3/resources/2019-risk-value/ntt_gbl_riskvalue_report_2019_uea.pdf
  • Ogbanufe, O. (2021). Enhancing end-user roles in information security: Exploring the setting, situation, and identity. Computers & Security, 108(C), 102340. https://doi.org/10.1016/j.cose.2021.102340
  • Ogbanufe, O., Crossler, R. E., & Biros, D. (2021). Exploring stewardship: A precursor to voluntary security behaviors. Computers & Security, 109(C), 102397. https://doi.org/10.1016/j.cose.2021.102397
  • Optimum Security. (2021). The 21 biggest data breaches of the 21st century. Retrieved from December 10, 2020, from https://optimumsecurity.ca/21-biggest-data-breach-of-21-century/
  • Patterson, M. G., West, M. A., Shackleton, V. J., Dawson, J. F., Lawthom, R., Maitlis, S., Robinson, D. L., & Wallace, A. M. (2005). Validating the organizational climate measure: Links to managerial practices, productivity and innovation. Journal of Organizational Behaviour, 26(4), 379–408. https://doi.org/10.1002/job.312
  • Pavlou, P. A., & El Sawy, O. A. (2006). From IT leveraging competence to competitive advantage in turbulent environments: The case of new product development. Information Systems Research, 17(3), 198–227. https://doi.org/10.1287/isre.1060.0094
  • Pavlou, P. A., Liang, H., & Xue, Y. (2007). Understanding and mitigating uncertainty in online exchange relationships: A principal-agent perspective. MIS Quarterly, 31(1), 105–136. https://doi.org/10.2307/25148783
  • Pearce, J. A., Kramer, T. R., & Robbins, D. K. (1997). Effects of managers’ entrepreneurial behavior on subordinates. Journal of Business Venturing, 12(2), 147–160.
  • Pee, L. G., Woon, I. M. Y., & Kankanhalli, A. (2008). Explaining non-work-related computing in the workplace: A comparison of alternative models. Information & Management, 45(2), 120–130. https://doi.org/10.1016/j.im.2008.01.004.
  • Podsakoff, P. M., MacKenzie, S. B., Lee, J.-Y., & Podsakoff, N. P. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879–903. https://doi.org/10.1037/0021-9010.88.5.879
  • Podsakoff, P. M., & Organ, D. (1986). Self-reports in organizational research: Problems and prospects. Journal of Management, 12(4), 531–544. https://doi.org/10.1177/014920638601200
  • Pomaki, G., Maes, S., & Ter Doest, L. (2004). Work conditions and employees’ self-set goals: Goal processes enhance prediction of psychological distress and well-being. Personality & Social Psychology Bulletin, 30(6), 685–694. doi:10.1177/0146167204263970
  • Ponemon Institute (2020). Cost of an insider breach report. Retrieved May 2, 2020, from https://www.ibm.com/account/reg/uk-en/signup?formid=urx-42429
  • Ponemon Institute (2021). Costs of a data breach report 2021. Retrieved December 10, 2020, from, https://www.ibm.com/security/data-breach
  • Ponemon Institute (2022). 2022 Ponemon cost of insider threats global report. Retrieved July, 7, 2022, https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats
  • Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The impact of organizational commitment on insiders’ motivation to protect organizational information assets. Journal of Management Information Systems, 32(4), 179–214. https://doi.org/10.1080/07421222.2015.1138374
  • Posey, C., Roberts, C. L., Lowry, P. B., Bennett, R. J., & Courtney, J. F. (2013). Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189–1210. doi:10.25300/misq/2013/37.4.09
  • Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757–778.
  • Reed, M. S., Evely, A. C., Cundill, G., Fazey, I., Glass, J., Laing, A., Newig, J., Parrish, B., Prell, C., Raymond, C., & Stringer, L. C. (2010). What is Social Learning? Ecology and Society, 15(4). http://www.ecologyandsociety.org/vol15/iss4/resp1/
  • Reemts, S., Hirsch, B., & Nitzl, C. (2016). The impact of goal setting on the individual work performance of German civil servants – Empirical evidence from local administrations. ZögU - Zeitschrift für öffentliche und gemeinwirtschaftliche Unternehmen (Journal of Public and Nonprofit Management), 39(1–2), 89–101. https://doi.org/10.5771/0344-9777-2016-1–2-89
  • Renaud, K., Otondo, R., & Warkentin, M. (2019). “This is the way ‘I’ create my passwords” … does the endowment effect deter people from changing the way they create their passwords? Computers & Security, 82(C), 241–260. https://doi.org/10.1016/j.cose.2018.12.018
  • Rhee, H.-S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users’ information security practice behavior. Computers & Security, 28(8), 816–826. https://doi.org/10.1016/j.cose.2009.05.008
  • Robinson, S. L., & O’Leary-Kelly, A. M. (1998). Monkey see, monkey do: The influence of work groups on the antisocial behavior of employees. Academy of Management Journal, 41(6), 658–672. https://doi.org/10.2307/256963
  • Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computer & Security, 56, 1–13. https://doi.org/10.1016/j.cose.2015.10.006
  • Schmidt, S. M., & Kipnis, D. (1984). Managers’ pursuit of individual and organizational goals. Human Relations, 37(10), 781–794. https://doi.org/10.1177/001872678403701001
  • Scott, J., & Spaniel, D. (2017). The insider threat epidemic begins. Retrieved December 2, 2020, from https://icitech.org/wp-content/uploads/2017/02/ICIT-Brief-In-2017-The-Insider-Threat-Epidemic-Begins.pdf
  • The Security Culture Report (2017). In depth insights into the human factor. Retrieved May 6, 2020, from, https://get.clt.re/security-culture-report-2017/
  • Seijts, G. H., & Latham, G. P. (2000). The effects of goal setting and group size on performance in a social dilemma. Canadian Journal of Behavioural Science/Revue Canadienne Des Sciences du Comportement, 32(2), 104–116. https://doi.org/10.1037/h0087105
  • Sheeran, P. (2002). Intention-behavior relations: A conceptual and empirical review. In W. Stroebe & M. Hewstone (Eds.), European Review of Social Psychology (Vol. 12, pp. 1–30). Wiley.
  • Shilts, M. K., Horowitz, M., & Townsend, M. S. (2004). Goal setting as a strategy for dietary and physical activity behavior change: A review of the literature. American Journal of Health Promotion, 19(2), 81–93. https://doi.org/10.4278/0890-1171-19.2.81
  • Shropshire, J., Warkentin, W., & Sharma, S. (2015). Personality, attitudes, and intentions: Predicting initial adoption of information security behavior. Computers & Security, 49(C), 177–191. https://doi.org/10.1016/j.cose.2015.01.002
  • Sijtsma, K. (2009). Reliability beyond theory and into practice. Psychometrika, 74(1), 169–173. https://doi.org/10.1007/s11336-008-9103-y
  • Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217–224. https://doi.org/10.1016/j.im.2013.08.006
  • Siponen, M., & Vance, A. (2014). Guidelines for improving the contextual relevance of field surveys: The case of information security policy violations. European Journal of Information Systems, 23(3), 289–305. doi:10.1057/ejis.2012.59.
  • Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing information security policy compliance: A systematic review of quantitative studies. Information Management & Computer Security, 22(1), 42–75. https://doi.org/10.1108/IMCS-08-2012-0045
  • Son, J.-Y. (2011). Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Information & Management, 48(7), 296–302. https://doi.org/10.1016/j.im.2011.07.002
  • Strand, V., Wright, G. C., Bergman, M. J., Tambiah, J., & Taylor, P. C. (2015). Patient expectations and perceptions of goal-setting strategies for disease management in rheumatoid arthritis. The Journal of Rheumatology, 42(11), 2046–2054. doi:10.3899/jrheum.140976.
  • Straub, D., Boudreau, M.-C., & Gefen, D. (2004). Validation guidelines for IS positivist research. Communications of the Association for Information Systems, 13(1), 380–427. https://doi.org/10.17705/1CAIS.01324
  • Systems, V. B. (2019). 2019 Data breach investigations report. Verizon RISK Team Research Report, Verizon Communications.
  • Ter Doest, L., Maes, S., Gebhardt, W. A., & Koelewijn, H. (2006). Personal Goal Facilitation through Work: Implications for Employee Satisfaction and Well-Being. Applied Psychology: An International Review, 55(2), 192–219. https://doi.org/10.1111/j.1464-0597.2006.00232.x
  • Thompson, N., McGill, T. J., & Wang, X. (2017). “Security begins at home”: Determinants of home computer and mobile device security behavior. Computer & Security, 70, 376–391. https://doi.org/10.1016/j.cose.2017.07.003
  • Warkentin, M., Johnston, A. C., & Shropshire, J. (2011). The influence of the informal social learning environment on information privacy policy compliance efficacy and intention. European Journal of Information Systems, 20(3), 267–284, https://doi.org/10.1057/ejis.2010.72
  • Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems, 18(2), 101–105. https://doi.org/10.1057/ejis.2009.12
  • Wayne, S. J., & Kacmar, K. M. (1991). The effects of impression management on the performance appraisal process. Organizational Behavior and Human Decision Processes, 48(1), 70–88 .https://doi.org/10.1016/0749-5978(91)90006-F
  • Whitener, E. M. (2001). Do “high commitment” human resource practices affect employee commitment? A cross-level analysis using hierarchical linear modeling. Journal of Management, 27(5), 515–535. https://doi.org/10.1177/014920630102700
  • Wood, R., & Bandura, A. (1989). Social cognitive theory of organizational management. Academy of Management Review, 14(3), 361–384. doi:10.5465/amr.1989.4279067.
  • Yazdanmehr, A., Wang, J., & Yang, Z. (2020). Peers matter: The moderating role of social influence on information security policy compliance. Information Systems Journal, 30(5), 1–54. https://doi.org/10.1111/isj.12271
  • Yi, M., & Davis, F. D. (2003). Developing and validating an observational learning model of computer software training and skill acquisition. Information Systems Research, 14(2), 146–169. https://doi.org/10.1287/isre.14.2.146.16016
  • Zaccaro, S. J., & Klimoski, R. J. (2001). The nature of organizational leadership: Understanding the performance imperatives confronting today’s leaders. Jossey-Bass.
  • Zimmerman, B. J., Bandura, A., & Martinez-Pons, M. (1992). Self-motivation for academic attainment: The role of self-efficacy beliefs and personal goal setting. American Education Research Journal, 29(3), 663–676. https://doi.org/10.3102/00028312029003

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.