nach oben

Information Systems Frontiers

Erschienen in:

25.10.2019

A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research

verfasst von: Simon Trang, Benedikt Brendel

Erschienen in: Information Systems Frontiers | Ausgabe 6/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Enforcing information security policies is a key concern of information security managers. To deter employees from deviant behavior, organizations often implement sanction mechanisms. However, evidence from research regarding the efficiency of such a deterrence approach has been mixed. Drawing on this inconsistency, this paper examines the applicability of deterrence theory in information security policy compliance research. It is argued that contextual and methodological moderators play a crucial role when conceptualizing deterrence theory in security studies. Applying a meta-analysis, the results suggest that sanctions have an overall effect on deviant behavior. However, the results also indicate that this relationship is dependent on the study’s context. Deterrence theory better predicts deviant behavior in malicious contexts, cultures with a high degree of power distance, and cultures with a high uncertainty avoidance. The meta-analysis also reveals no meaningful differences arising from the methodological context in terms of scenario-based and behavior-specific measurement.

Vorheriger Artikel Fear of Online Consumer Identity Theft: Cross-Country Application and Short Scale Development

Nächster Artikel Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Alshare, K., Lane, P. L., & Lane, M. R. (2018). Information security policy compliance: A higher education case study. Information and Computer Security, 26(1), 91–108. https://doi.org/10.1108/ICS-09-2016-0073.CrossRef

Arunothong, W. (2014). Three research essays on propensity to disclose medical information through formal and social information technologies. ProQuest Dissertations and Theses. University of Wisconsin Milwaukee. Retrieved from https://search.proquest.com/docview/1664611536?accountid=14169

Aurigemma, S., & Mattson, T. (2017). Deterrence and punishment experience impacts on ISP compliance attitudes. Information & Computer Security, 25(4), 421–436. https://doi.org/10.1108/ICS-11-2016-0089.CrossRef

Baskerville, R., & Siponen, M. (2002). An information security meta-policy for emergent organizations. Logistics Information Management, 15(5/6), 337–346. https://doi.org/10.1108/09576050210447019.CrossRef

Bochner, S., & Hesketh, B. (1994). Power distance, individualism/collectivism, and job-related attitudes in a culturally diverse work group. Journal of Cross-Cultural Psychology, 25(2), 233–257.CrossRef

Brown, D. A. (2017). Examining the behavioral intention of individuals’ compliance with information security policies. Walden Dissertations and Doctoral Studies. Walden University. Retrieved from http://scholarworks.waldenu.edu/dissertations%0Ahttp://scholarworks.waldenu.edu/dissertations/3750/

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010a). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548.CrossRef

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010b). Quality and fairness of an information security policy as antecedents of employees’ security engagement in the workplace: An empirical investigation. In Proceedings of the 43rd Hawaii International Conference on System Sciences (pp. 1–7). https://doi.org/10.1109/HICSS.2010.312.

Busk, P. L. (2005). Field experiment. In B. Everitt & D. Howell (Eds.), Encyclopedia of statistics in behavioral science (pp. 650–652). Ltd: John Wiley & Sons.

Cao, L. (2004). Major criminological theories: Concepts and measurements. Wadsworth Publishing.

Chao, J. M. C., Cheung, F. Y. L., & Wu, A. M. S. (2011). Psychological contract breach and counterproductive workplace behaviors: Testing moderating effect of attribution style and power distance. International Journal of Human Resource Management, 22(4), 763–777. https://doi.org/10.1080/09585192.2011.555122.CrossRef

Chen, X., Chen, L., Wu, D., & Perspective, A. (2018). Factors that influence employees’ security policy compliance: An awareness-motivation-capability perspective. Journal of Computer Information Systems, 58(4), 312–324. https://doi.org/10.1080/08874417.2016.1258679.CrossRef

Chen,Y., Ramamurthy, K., Wen, K.-W. (2013). Organizations’ Information Security Policy Compliance: Stick or Carrot Approach?, Journal of Management. Information Systems, 29 157–188. https://doi.org/10.25300/MISQ/2018/13853.CrossRef

Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers and Security, 39(PART B), 447–459. https://doi.org/10.1016/j.cose.2013.09.009.CrossRef

Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Seeing the forest and the trees: A meta-analysis of information security policy compliance literature. In Proceedings of the 50th Hawaii International Conference on System Sciences (pp. 4051–4060).

Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers and Security, 32, 90–101. https://doi.org/10.1016/j.cose.2012.09.010.CrossRef

Cuganesan, S., Steele, C., & Hart, A. (2018). How senior management and workplace norms influence information security attitudes and self-efficacy. Behaviour and Information Technology, 37(1), 50–65. https://doi.org/10.1080/0144929X.2017.1397193.CrossRef

D’Arcy, J., & Greene, G. (2014). Security culture and the employment relationship as drivers of employees’ security compliance. Information Management & Computer Security, 22(5), 474–489. https://doi.org/10.1108/IMCS-08-2013-0057.CrossRef

D’Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20(6), 643–658. https://doi.org/10.1057/ejis.2011.23.CrossRef

D’Arcy, J., & Hovav, A. (2009). Does one size fit all? Examining the differential effects of IS security countermeasures. Journal of Business Ethics, 89(SUPPL. 1), 59–71. https://doi.org/10.1007/s10551-008-9909-7.CrossRef

D’Arcy, J., Hovav, A., & Galletta, D. F. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98. https://doi.org/10.1287/isre.1070.0160.CrossRef

D’Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful information security requirements: A coping Perspective. Journal of Management Information Systems, 31(2), 285–318. https://doi.org/10.2753/MIS0742-1222310210.CrossRef

Dickersin, K. (1990). The existence of publication Bias and risk factors for its occurrence. The Journal of the American Medical Association, 10(263), 1385–1359.CrossRef

Dinev, T., Goo, J., Hu, Q., & Nam, K. (2009). User behaviour towards protective information technologies: The role of national cultural differences. Information Systems Journal, 19(4), 391–412. https://doi.org/10.1111/j.1365-2575.2007.00289.x.CrossRef

Dugo, T. M. (2007). The insider threat to Organisational information security: A structural model and empirical test. Auburn University. Retrieved from https://etd.auburn.edu/handle/10415/1345

Foth, M. (2016). Factors influencing the intention to comply with data protection regulations in hospitals: Based on gender differences in behaviour and deterrence. European Journal of Information Systems, 25(2), 91–109. https://doi.org/10.1057/ejis.2015.9.CrossRef

Gartner. (2018). Gartner forecasts worldwide information security spending to exceed $124 billion in 2019. https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019

Gerow, J. E., Grover, V., Thatcher, J., & Roth, P. L. (2014). Looking toward the future of IT-business strategic alignment through the past: A meta-analysis. Management Information Systems Quarterly, 38(4), 1159–1185.CrossRef

Gibbs, J. P. (1975). Crime, punishment, and deterrence. New York: Elsevier.

Guo, K. H., & Yuan, Y. (2012). The effects of multilevel sanctions on information security violations: A mediating model. Information and Management, 49(6), 320–326. https://doi.org/10.1016/j.im.2012.08.001.CrossRef

Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203–236. https://doi.org/10.2753/MIS0742-1222280208.CrossRef

Harrington, S. J. (1996). The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly, 20(3), 257–278. https://doi.org/10.2307/249656.CrossRef

Herath, T., & Rao, H. R. (2009a). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125. https://doi.org/10.1057/ejis.2009.6.CrossRef

Herath, T., & Rao, H. R. (2009b). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154–165. https://doi.org/10.1016/j.dss.2009.02.005.CrossRef

Hofstede, G. (1980). Culture’s consequences: International differences in work-related values. London: Sage Publications.

Hofstede, G., Hofstede, G. J., & Minkov, M. (2010). Cultures and organizations: Software of the mind. New York: McGraw-Hill.

Hovav, A., & D’Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea. Information and Management, 49(2), 99–110. https://doi.org/10.1016/j.im.2011.12.005.CrossRef

Hu, Q., & Xu, Z. (2018). The role of rational calculus in controlling individual propensity toward information security policy non-compliance behavior. In Proceedings of the 51st Hawaii International Conference on System Sciences (pp. 3688–3697).

Hu, Q., Xu, Z., Dinev, T., & Ling, H. (2011). Does deterrence work in reducing information security policy abuse by employees? Communications of the ACM, 54(6), 54–60. https://doi.org/10.1145/1953122.1953142.CrossRef

Humaidi, N., & Balakrishnan, V. (2015). Leadership styles and information security compliance behavior: The mediator effect of information security awareness. International Journal of Information and Education Technology, 5(4), 311–318. https://doi.org/10.7763/IJIET.2015.V5.522.CrossRef

Humaidi, N., Balakrishnan, V., & Shahrom, M. (2014). Exploring user’s compliance behavior towards health information system security policies based on extended health belief model. 2014 IEEE Conference on e-Learning, e-Management and e-Services (IC3e), 30–35. https://doi.org/10.1109/IC3e.2014.7081237.

Hunter, J. E., & Schmidt, F. L. (2004). Methods of meta-analysis: Correcting error and bias in research findings (2nd ed.). Newbury Park: SAGE Publications.CrossRef

Hwang, Y., & Lee, K. C. (2012). Investigating the moderating role of uncertainty avoidance cultural values on multidimensional online trust. Information & Management, 49(3–4), 171–176. https://doi.org/10.1016/j.im.2012.02.003.CrossRef

ISO/IEC. (2013a). ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements (Vol. 2013).

ISO/IEC. (2013b). ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls (Vol. 2013).

Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113–134. https://doi.org/10.25300/MISQ/2015/39.1.06.CrossRef

Kahneman, D., & Tversky, A. (1979). Prospect theory: An analysis of decision under risk. Econometrica, 47(2), 263–291.CrossRef

King, W. R., & He, J. (2015). Understanding the role and methods of meta-analysis in IS research. Communications of the Association for Information Systems, 16(1), 665–686. https://doi.org/10.17705/1cais.01632.CrossRef

Kirkman, B. L., Chen, G., Farh, J.-L., Chen, Z. X., & Lowe, K. B. (2009). Individual power distance orientation and follower reactions to transformational leaders: A cross-level, cross-cultural examination. Academy of Management Journal, 52(4), 744–764.CrossRef

Kuo, K., Talley, P. C., Hung, M., & Chen, Y. (2017). A deterrence approach to regulate nurses’ compliance with electronic medical records privacy policy. Journal of Medical Systems, 41(12), 198–208.CrossRef

Ladbury, J. L., & Hinsz, V. B. (2009). Uncertainty avoidance influences choices for potential gains but not losses. Current Psychology, 28(3), 187–193. https://doi.org/10.1007/s12144-009-9056-z.CrossRef

Lee, S. M., Lee, S. G., & Yoo, S. (2004). An integrative model of computer abuse based on social control and general deterrence theories. Information and Management, 41(6), 707–718. https://doi.org/10.1016/j.im.2003.08.008.CrossRef

Lee, H., Jeon, S., & Zeelim-Hovav, A. (2016). Impact of psychological empowerment, position and awareness of audit on information security policy compliance intention. In Proceedings of the Pacific Asia Conference on Information Systems 2016 (p. 62).

Li, W., & Cheng, L. (2013). Effects of neutralization techniques and rational choice theory on internet abuse in the workplace. In Proceedings of the Pacific Asia Conference on Information Systems 2013 (p. 169).

Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635–645. https://doi.org/10.1016/j.dss.2009.12.005.CrossRef

Li, H., Sarathy, R., Zhang, J., & Luo, X. (2014). Exploring the effects of organizational justice, personal ethics and sanction on internet use policy compliance. Information Systems Journal, 24(6), 479–502. https://doi.org/10.1111/isj.12037.CrossRef

Lian, H., Ferris, D. L., & Brown, D. J. (2012). Does power distance exacerbate or mitigate the effects of abusive supervision? It depends on the outcome. Journal of Applied Psychology, 97(1), 107–123. https://doi.org/10.1037/a0024610.CrossRef

Liao, Q., Gurung, A., Luo, X., Li, L., Gurung, A., & Li, L. (2009). Workplace management and employee misuse : Does punishment matter ? Workplace management and employee misuse : Does punishment matter ? Journal of Computer Information Systems, 50(2), 49–59. https://doi.org/10.1080/08874417.2009.11645384.CrossRef

Lowry, P. B., Posey, C., Bennett, R., Becky, J., & Roberts, T. L. (2015). Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal, 25(3), 193–273. https://doi.org/10.1111/isj.12063.CrossRef

Mahmood, M. A., Siponen, M., Straub, D., Rao, H. R., & Raghu, T. S. (2010). Moving toward black hat research in information systems security: An editorial introduction to the special issue. MIS Quarterly, 34(3), 431–433.CrossRef

Menard, P., Warkentin, M., & Lowry, P. B. (2018). The impact of collectivism and psychological ownership on protection motivation: A cross-cultural examination. Computers and Security, 75, 147–166. https://doi.org/10.1016/j.cose.2018.01.020.CrossRef

Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285–312. https://doi.org/10.25300/MISQ/2018/13853.CrossRef

Moquin, R., & Wakefield, R. L. (2016). The roles of awareness, sanctions, and ethics in software compliance. Journal of Computer Information Systems, 56(3), 261–270.CrossRef

Mou, J., Cohen, J., & Kim, J. (2017). A meta-analytic structural equation modeling test of protection motivation theory in information security literature. In Thirty Eighth International Conference on Information Systems (pp. 1–20).

Naor, M., Linderman, K., & Schroeder, R. (2010). The globalization of operations in eastern and Western countries: Unpacking the relationship between national and organizational culture and its impact on manufacturing performance. Journal of Operations Management, 28(3), 194–205. https://doi.org/10.1016/j.jom.2009.11.001.CrossRef

Pahnila, S., Siponen, M., & Mahmood, M. A. (2007). Employees’ behavior towards IS security policy compliance. In Proceedings of the Annual Hawaii International Conference on System Sciences (pp. 156–166). https://doi.org/10.1109/HICSS.2007.206.

Park, E. H., Kim, J., & Park, Y. S. (2017). The role of information security learning and individual factors in disclosing patients ’ health information. Computers & Security, 65, 64–76. https://doi.org/10.1016/j.cose.2016.10.011.CrossRef

Paternoster, R. (1989). Decisions to participate in and desist from four types of common delinquency: Deterrence and the rational choice Perspective. Law & Society Review, 23(1), 7–40. https://doi.org/10.2307/3053879.CrossRef

Paternoster, R. (2010). How much do we really know about criminal deterrence. Journal of Criminal Law and Criminology, 100(3), 765–824.

Paternoster, R., & Simpson, S. (1993). A rational choice theory of corporate crime. In R. V. Clarke & M. Felson (Eds.), Advances in criminological theory volume 5: Routine activity and rational choice (pp. 37–58). New Brunswick: Transaction Books.

Paternoster, R., & Simpson, S. (1996). Sanction threats and appeals to morality: Testing a rational choice model of corporate crime. Law & Society Review, 30(3), 549–584.CrossRef

Peace, A. G., Galletta, D. F., & Thong, J. Y. L. (2003). Software piracy in the workplace: A model and empirical test. Journal of Management Information Systems, 20(1), 153–177. https://doi.org/10.1080/07421222.2003.11045759.CrossRef

Posey, C., Bennett, R. J., Roberts, T. L., & Lowry, P. B. (2011). When computer monitoring backfires: Invasion of privacy and organizational injustice as precursors to computer abuse. Journal of Information System Security, 7(1), 24–47.

Pratt, T. C., Cullen, F. T., Blevins, K. R., Daigle, L. E., & Madensen, T. D. (2006). The empirical status of deterrence theory: A meta-analysis. In F. T. Cullen, J. P. Wright, & K. R. Blevins (Eds.), Taking stock: The status of criminological theory (pp. 367–395). Piscataway: Transaction Publishers.

Puhakainen, P., & Siponen, M. (2010). Improving Employee’s compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757–778.CrossRef

Rocha Flores, W., Holm, H., Nohlberg, M., & Ekstedt, M. (2015). Investigating personal determinants of phishing and the effect of national culture. Information and Computer Security, 23(2), 178–199. https://doi.org/10.1108/ICS-05-2014-0029.CrossRef

Rosenthal, R. (1979). The file drawer problem and tolerance for null results. Psychological Bulletin, 86(3), 638–641.CrossRef

Rosenthal, R. (1991). Metaanalytic procedures for social research (2nd ed.). California: SAGE Publications.CrossRef

Schatz, D., & Bashroush, R. (2017). Economic valuation for information security investment: A systematic literature review. Information Systems Frontiers, 19(5), 1205–1228. https://doi.org/10.1007/s10796-016-9648-8.CrossRef

Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487–502.CrossRef

Siponen, M., & Vance, A. (2014). Guidelines for improving the contextual relevance of field surveys: The case of information security policy violations. European Journal of Information Systems, 23(3), 289–305. https://doi.org/10.1057/ejis.2012.59.CrossRef

Siponen, M., Pahnila, S., & Mahmood, M. A. (2007). Employees’ adherence to information security policies: An empirical study. In Proceedings of the IFIP SEC (pp. 133–144). https://doi.org/10.1007/978-0-387-72367-9_12.CrossRef

Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing information security policy compliance. Information Management & Computer Security, 22(1), 42–75. https://doi.org/10.1108/IMCS-08-2012-0045.CrossRef

Sommestad, T., Karlzén, H., & Hallberg, J. (2015). A meta-analysis of studies on protection motivation theory and information security behaviour. International Journal of Information Security and Privacy, 9(1), 26–46. https://doi.org/10.4018/IJISP.2015010102.CrossRef

Son, J.-Y. (2011). Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Information and Management, 48(7), 296–302. https://doi.org/10.1016/j.im.2011.07.002.CrossRef

Son, J.-Y., & Park, J. (2016). Procedural justice to enhance compliance with non-work-related computing (NWRC) rules: Its determinants and interaction with privacy concerns. International Journal of Information Management, 36(3), 309–321. https://doi.org/10.1016/j.ijinfomgt.2015.12.005.CrossRef

Straub, D. (1990). Effective IS Securty: An empirical study. Information Systems Research, 1(3), 255–276. https://doi.org/10.1287/isre.1.3.255.CrossRef

Switzer, F. S., Paese, P. W., & Drasgow, F. (1992). Bootstrap estimates of standard errors in validity generalization. Journal of Applied Psychology, 77(2), 123–129.CrossRef

Ugrin, J. C., Pearson, J. M., & Odom, M. D. (2011). Cyber-slacking: Self-control, prior behavior and the impact of deterrence measures. Review of Business Information Systems, 12(1), 75. https://doi.org/10.19030/rbis.v12i1.4399.CrossRef

Willison, R., Lowry, P. B., & Paternoster, R. (2018a). A tale of two deterrents: Considering the role of absolute and restrictive deterrence to inspire new directions in behavioral and organizational security research. Journal of the Association for Information Systems, 19(12), 1187–1216 http://www.ncl.ac.uk/business-school/staff/profile/robertwillison.html%0Ahttps://seanacademic.qualtrics.com/SE/?SID=SV_7WCaP0V7FA0GWWx%0Ahttps://ssrn.com/abstract=3099392.CrossRef

Willison, R., Warkentin, M., & Johnston, A. C. (2018b). Examining employee computer abuse intentions: Insights from justice, deterrence and neutralization perspectives. Information Systems Journal, 28(2), 266–293. https://doi.org/10.1111/isj.12129.CrossRef

Workman, M. (2009). A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions. Information and Organization, 19(4), 218–232. https://doi.org/10.1016/j.infoandorg.2009.06.001.CrossRef

Wu, J., & Lederer, A. (2009). A meta-analysis of the role of environment based voluntariness in information technology acceptance. Management Information Systems Quarterly, 33(2), 419–432.CrossRef

Xu, F., Luo, X. R., Zhang, H., Liu, S., & Huang, W. W. (2017). Do strategy and timing in IT security investments matter? An empirical investigation of the alignment effect. Information Systems Frontiers, 1–15. https://doi.org/10.1007/s10796-017-9807-6.CrossRef

Xue, Y., Liang, H., & Wu, L. (2011). Punishment, justice, and compliance in mandatory IT settings. Information Systems Research, 22(2), 400–414. https://doi.org/10.1287/isre.1090.0266.CrossRef

Yoon, C., & Kim, H. (2013). Understanding computer security behavioral intention in the workplace. Information Technology & People, 26(4), 401–419. https://doi.org/10.1108/ITP-12-2012-0147.CrossRef

Titel: A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research
verfasst von: Simon Trang
Benedikt Brendel
Publikationsdatum: 25.10.2019
Verlag: Springer US
Erschienen in: Information Systems Frontiers / Ausgabe 6/2019
Print ISSN: 1387-3326
Elektronische ISSN: 1572-9419
DOI: https://doi.org/10.1007/s10796-019-09956-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 6/2019

How Data Protection Regulation Affects Startup Innovation

Antecedents and Outcome of Deficient Self-Regulation in Unknown Wireless Networks Use Context: An Exploratory Study

Data Governance, Consumer Privacy, and Project Status Reporting: Remembering H. Jeff Smith

Assimilation of Big Data Innovation: Investigating the Roles of IT, Social Media, and Relational Capital

Fear of Online Consumer Identity Theft: Cross-Country Application and Short Scale Development

An AHP-IFT Integrated Model for Performance Evaluation of E-Commerce Web Sites