Show simple item record

dc.contributor.authorMoody, Gregory D.
dc.contributor.authorSiponen, Mikko
dc.contributor.authorPahnila, Seppo
dc.date.accessioned2018-11-16T12:44:28Z
dc.date.available2022-09-26T21:35:07Z
dc.date.issued2018
dc.identifier.citationMoody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a Unified Model of Information Security Policy Compliance. <i>MIS Quarterly</i>, <i>42</i>(1), 285-311. <a href="https://doi.org/10.25300/MISQ/2018/13853" target="_blank">https://doi.org/10.25300/MISQ/2018/13853</a>
dc.identifier.otherCONVID_27254366
dc.identifier.otherTUTKAID_75170
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/60225
dc.description.abstractInformation systems security (ISS) behavioral research has produced different models to explain security policy compliance. This paper (1) reviews 11 theories that have served the majority of previous information security behavior models, (2) empirically compares these theories (Study 1), (3) proposes a unified model, called the unified model of information security policy compliance (UMISPC), which integrates elements across these extant theories, and (4) empirically tests the UMISPC in a new study (Study 2), which provided preliminary empirical support for the model. The 11 theories reviewed are (1) the theory of reasoned action, (2) neutralization techniques, (3) the health belief model, (4) the theory of planned behavior, (5) the theory of interpersonal behavior, (6) the protection motivation theory, (7) the extended protection motivation theory, (8) deterrence theory and rational choice theory, (9) the theory of self-regulation, (10) the extended parallel processing model, and (11) the control balance theory. The UMISPC is an initial step toward empirically examining the extent to which the existing models have similar and different constructs. Future research is needed to examine to what extent the UMISPC can explain different types of ISS behaviors (or intentions thereof). Such studies will determine the extent to which the UMISPC needs to be revised to account for different types of ISS policy violations and the extent to which the UMISPC is generalizable beyond the three types of ISS violations we examined. Finally, the UMISPC is intended to inspire future ISS research to further theorize and empirically demonstrate the important differences between rival theories in the ISS context that are not captured by current measures.fi
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherManagement Information Systems Research Center, University of Minnesota
dc.relation.ispartofseriesMIS Quarterly
dc.rightsIn Copyright
dc.subject.otherinformation system security
dc.subject.otherunified theory
dc.subject.othersurvey
dc.titleToward a Unified Model of Information Security Policy Compliance
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-201811164752
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.contributor.oppiaineTietojärjestelmätiedefi
dc.contributor.oppiaineInformation Systems Scienceen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.date.updated2018-11-16T10:15:10Z
dc.description.reviewstatuspeerReviewed
dc.format.pagerange285-311
dc.relation.issn0276-7783
dc.relation.numberinseries1
dc.relation.volume42
dc.type.versionpublishedVersion
dc.rights.copyright© 2018 by the Management Information Systems Research Center (MISRC) of the University of Minnesota.
dc.rights.accesslevelopenAccessfi
dc.subject.ysotietojärjestelmät
dc.subject.ysoturvallisuus
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p3927
jyx.subject.urihttp://www.yso.fi/onto/yso/p7349
dc.rights.urlhttp://rightsstatements.org/page/InC/1.0/?language=en
dc.relation.doi10.25300/MISQ/2018/13853


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

In Copyright
Except where otherwise noted, this item's license is described as In Copyright