Toward a Unified Model of Information Security Policy Compliance
Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a Unified Model of Information Security Policy Compliance. MIS Quarterly, 42(1), 285-311. https://doi.org/10.25300/MISQ/2018/13853
Published in
MIS QuarterlyDate
2018Copyright
© 2018 by the Management Information Systems Research Center (MISRC) of the University of Minnesota.
Information systems security (ISS) behavioral research has produced different models to explain security policy
compliance. This paper (1) reviews 11 theories that have served the majority of previous information security
behavior models, (2) empirically compares these theories (Study 1), (3) proposes a unified model, called the
unified model of information security policy compliance (UMISPC), which integrates elements across these
extant theories, and (4) empirically tests the UMISPC in a new study (Study 2), which provided preliminary
empirical support for the model. The 11 theories reviewed are (1) the theory of reasoned action, (2) neutralization
techniques, (3) the health belief model, (4) the theory of planned behavior, (5) the theory of interpersonal
behavior, (6) the protection motivation theory, (7) the extended protection motivation theory, (8) deterrence
theory and rational choice theory, (9) the theory of self-regulation, (10) the extended parallel processing model,
and (11) the control balance theory. The UMISPC is an initial step toward empirically examining the extent
to which the existing models have similar and different constructs. Future research is needed to examine to
what extent the UMISPC can explain different types of ISS behaviors (or intentions thereof). Such studies will
determine the extent to which the UMISPC needs to be revised to account for different types of ISS policy
violations and the extent to which the UMISPC is generalizable beyond the three types of ISS violations we
examined. Finally, the UMISPC is intended to inspire future ISS research to further theorize and empirically
demonstrate the important differences between rival theories in the ISS context that are not captured by current
measures.
...
Publisher
Management Information Systems Research Center, University of MinnesotaISSN Search the Publication Forum
0276-7783Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/27254366
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Social welfare professionals willing to participate in client information system development : Results from a large cross-sectional survey
Martikainen, Susanna; Salovaara, Samuel; Ylönen, Katri; Tynkkynen, Elina; Viitanen, Johanna; Tyllinen, Mari; Lääveri, Tinja (Taylor & Francis, 2022)Human-centered design methods should be implemented throughout the client information system (CIS) development process to understand social welfare professionals’ needs, tasks, and contexts of use. The aim of this study ... -
Understanding the inward emotion-focused coping strategies of individual users in response to mobile malware threats
Xin, Tong; Siponen, Mikko; Chen, Sihua (Taylor & Francis, 2022)According to coping theory, individuals cope with information system threats by adopting either problem-focused coping (PFC) or emotion-focused coping (EFC). However, little is known about EFC in the information security ... -
An information system design product theory for the class of eSourcing requirements, delivery and completion management systems for eSourcing service providers
Lu, Yikun (University of Jyväskylä, 2015)