THE IMPACT OF TRAINING AND SOCIAL NORMS ON INFORMATION SECURITY COMPLIANCE: A PILOT STUDY
|
|
- Agatha French
- 5 years ago
- Views:
Transcription
1 THE IMPACT OF TRAINING AND SOCIAL NORMS ON INFORMATION SECURITY COMPLIANCE: A PILOT STUDY Research-in-Progress Mohammad I. Merhi Department of Computer Information Systems & Quantitative Methods College of Business Administration University of Texas Pan American 1201 W. University Drive Edinburg, TX mmerhi@utpa.edu Vishal Midha Department of Computer Information Systems & Quantitative Methods College of Business Administration University of Texas Pan American 1201 W. University Drive Edinburg, TX vmidha@utpa.edu Abstract Security training has been shown to be an important factor that impacts employees intentions to comply with organization s security policies. In this study, we define and then study the impact of two sub-constructs of security training, threat appraisal and policy awareness, on intentions to comply with organizational security policies. Injunctive and descriptive norms, which are standards of behavior that recommends and forbids behavior in specific circumstances, have been hypothesized as mediators between training constructs and behavioral intention to comply. We pilot-tested our proposed set of hypotheses with survey data collected from 69 employees in a higher education institute. Results supported our proposed model. Based on the findings, implications for theory and practices are discussed. Keywords: security compliance, injunctive norms, subjective, security training, policy awareness training, SETA.
2 IS Security and Privacy Introduction Employees violation and non-compliance with security policies have been frequently identified as the greatest single source of threat to organizational information systems security (Warkentin et al. 2011a). Scholars have agreed that the end users (insiders) in the organizations are the weakest link in ensuring information security and thus considered as one of the main reasons why information security incidents are present (Baskerville and Siponen 2002; Bulgurcu et al. 2010; D Arcy et al. 2009; Straub and Welke 1998; Warkentin et al a, b). Within an organizational setting, each employee represents a source of threat to the organization s security and privacy regulation compliance especially if the employee does not apply these regulations and thus behave differently (Warkentin and Willison 2009). Recently, studies have emerged to indicate the factors that may have an effect on the employees behaviors and especially their compliance with information security policies (Furnell 2008; Straub and Welke 1998; Whitman 2004). In terms of influencing individual employee behavior, it is believed that user training and awareness of the risks to information security is an essential prerequisite factor that leads employees to comply with information security policy. Warkentin et al. (2011a) state that training is usually utilized as a primary mean to influence employees behavior in the workplace. Consequently, security training was and continues to be one of the most important fundamentals to information security practices (Puhakainen and Siponen 2010). Though research on information security policy compliance has expanded in the last decade, Warkentin et al. (2011a) indicate that there are still gaps in the literature. Many researcher, such as Bulgurcu et al. (2010) and Puhakainen and Siponen (2010), mention that only few security compliance studies empirically explore the role of training and compliance, and have suggested the need for additional empirical research on information security awareness education and training (Ifinedo 2012). Similarly, Karjalainen and Siponen (2011) believe that the existing literature does not offer the characteristics of information security training that show how this type of training differs from other forms of training. Our study addresses to such call for papers and contributes to the literature of security trainings. In this paper, based on literature review, we first propose that the construct of security training should be studied as a composite of two related, yet different, sub-constructs threat appraisal and policy awareness. We, then propose four hypotheses on how two different social norms descriptive and injunctive influence the security training sub-constructs, which in turn influence employees intentions to comply with security policies. These hypotheses are then pilot tested using a survey data set collected from 68 employees in a large higher education institute. Finally, conclusions, implications, and future work avenues are presented. Security Training and Awareness Having designed an information security policy for an organization does not mean that this particular organization is safe. The reason is that employees may not comply with this policy. To achieve success in implementing information security policy, Warkentin et al. (2011b) argue that along with the policy many organizations implement formal Security Education, Training, and Awareness (SETA) programs, and seek to establish an environment that is conducive to employee motivation and intentions to comply with the information privacy policies. That is because the best way to ensure the feasibility of a security policy is to make sure employees understand it and accept necessary precautions (Whitman et al. 2001). Goodhue and Straub (1991 p. 13) suggested that since protective measures often require significant managerial vigilance, an appropriate level of awareness and concern may be a prerequisite for adequate security protection. SETA was and continues to be one of the most important fundamentals to information security practices (Puhakainen and Siponen 2010). They have been identified as a crucial and a primary mean to influence employees behavior to comply with the information security policies (Dhillon 1999; Warkentin et al. 2011a; Whitman 2004). According to Siponen (2000), the most commonly used approaches aimed at minimizing human-related faults are SETA. These approaches aim at increasing employees intentions to comply with organizations information security policy and the use of security solutions (Siponen 2000). That is because these programs have a similar deterrent effect, achieved through ongoing organizational 2 Thirty Third International Conference on Information Systems, Orlando 2012
3 Merhi & Midha / The Impact of Training and Social Norms on Information Security efforts that reinforce acceptable usage guidelines and emphasize the potential threats for misuse (D Arcy et al. 2009). In literature, SETA has been defined and measured as a single construct (e.g. Aytes and Connolly 2004; Furnell et al. 2002; Whitman and Mattord, 2004). However, thorough and careful analysis of literature reveals that security training construct consists of two interrelated constructs. For instance, Aytes and Connolly (2004) argue that information security awareness training usually aims at gaining knowledge or awareness of existing security threats and developing skills to apply proper countermeasures, whereas Bishop (2003) mentions that training programs emphasize what is and what is not allowed. Another example where training is used as regular awareness training is found in Furnell et al. (2002) who argue that training programs can be included within general organizational training strategies that promote awareness of day-to-day physical security issues within the organization. Based on these and many such similar definitions and usages for security training construct, we propose that threat appraisal and policy awareness are two different constructs. Threat appraisal construct can be defined as the portion of security training that makes employees understand and enables them to assess security threats, whereas policy awareness is the portion that educates employees on the dos and don ts of organizational IT use. These two types of training are different; threat appraisal provides the employee the power to decide on the severity of the threat, whereas policy awareness training explains what they should be done. Social Norms Social norms are standards of behavior that recommend and forbid behavior in specific circumstances. They are based on widely shared beliefs that describe how individual group members ought to behave and perform in a given situation (Ajzen and Fishbein 1980; Voss 2001). When considering normative influence on behavior, Cialdini et al. (1990; 1991) advised that it is critical to differentiate between two categories of normative beliefs: descriptive and injunctive. Descriptive norms refer to beliefs about what is actually done by most others in one s social group. Injunctive norms, on the other hand, refer to people s beliefs about what ought to be done (Cialdini et al. 1990). Each of these categories refers to a separate source of human motivation (Deutsch and Gerard 1955). The primary difference between the two is that descriptive norms typically do not involve social sanctions for noncompliance with the norm (Lapinski and Rimal 2005). Both types of normative information have been considered to be at least partly responsible for regulating individuals behavior. Researchers in different fields attempted to test and demonstrate the power of social norms in variety of different beliefs and behaviors such as recycling (Schultz 1999), littering (Cialdini et al. 1990; 1991; Kallgren et al. 2000), energy conservation (Goldstein et al., 2008; Nolan et al. 2008; Schultz et al., 2007), alcohol use (Rimal and Real 2005), tax evasion (Wenzel 2004), and student gambling (Larimer and Neighbors 2003). In the IS domain, such influences have been represented by the construct subjective norms, which is equivalent to injunctive norms (Boer and Westhoff 2006; Lapinski and Rimal 2005). However, most of the IS domain literature has ignored the differentiation between injunctive and descriptive norms. Despite support for the TRA (Fishbein and Ajzen 1975) and TPB (Ajzen 1985), research shows that subjective norms often exert only limited influence on people s intentions. In fact, researchers demonstrated that both descriptive and injunctive norms have an independent influence on intentions over and above the influence of other TPB variables (Beck and Ajzen 1991; Conner and McMillan 1999; Parker et al. 1995). In a meta-analysis study, Rivis and Sheeran s (2003) found that descriptive norms accounted for an additional five percent of the variance in intentions. In the same vein, Fishbein (2000) and Fishbein and Yzer (2003) argued that both descriptive and injunctive norms are significant sources of normative influence in attitude behavior relations and should be modeled together. In this study, we include and study the impact of both types of social norms on employees intentions towards security compliance. Information Security Compliance Model and Hypotheses Though research on information security policy compliance has expanded in the last decade, gaps in the literature still exist and there is still a room for new studies that help both practitioners and researchers to understand the factors leading to information security compliance (Warkentin et al. 2011a). Specifically, Thirty Third International Conference on Information Systems, Orlando
4 IS Security and Privacy Bulgurcu et al. (2010) and Puhakainen and Siponen (2010) highlighted the need for additional empirical research on information security awareness education and training. This study aims to contribute filling this gap. Figure 1 illustrates the proposed information security compliance model. It asserts that intention to comply with information security policies is affected directly by descriptive norm and injunctive norm. At the same time, threat appraisal training and policy awareness training affect intention to information security compliance indirectly through descriptive and injunctive norms. Below is a brief description of each of these factors along with the hypotheses. Threat appraisal training H2 Descriptive norm H1 Policy awareness training H4 Injunctive norm H3 Intention to information security compliance Figure 1: Proposed Model Descriptive Norm The descriptive norm describes what most people do, or refers to what an individual thinks others do in a particular situation. This type of norm usually motivates individuals by providing evidence as to what will likely be effective and adaptive action. In other words, descriptive norms send the message if a lot of people are doing this, it s probably a wise thing to do (Cialdini 2007). Such an assumption, in a given situation, offers individuals an information-processing advantage and a decisional shortcut when they are about to take a decision (Cialdini, 1988). In other words, individuals make their decisions on their perceptions of what most others do in similar situations (Venkatesan 1966). This type of norm focuses on the tendency that an individual may have to replicate the believed behavior of others (Sheeran and Orbell 1999). Individuals often perform (or believe in) certain actions or nonactions because many other people do (or believe) the same (Herath and Rao 2009b). Behavioral literature has recognized the significance of descriptive norms, meaning that individuals create their behavior based on others behaviors. The reason is, imitating others offers individuals an informationprocessing advantage and helps them to take the best decision when they are about to take a decision. In other words, employees in organizations change their behavior if they perceive that most of their peers are behaving in certain way. In the context of security policy compliance, we can expect that if employees perceive their peers to routinely follow the information security policies as directed by the organization they are more likely to have positive intentions to follow them as well and carry out similar behaviors. Thus, we can expect that: H.1: Descriptive norm will be positively associated with intention to comply with organizational information security policies. Threat Appraisal Training (TAT) The main goal of threat appraisal training is to empower employees to be able to assess threats, understand threats severity as well as the likelihood of its occurring. With this training, employees should get to know about the threats related to security that they may encounter and the consequences that will occur for the organization as well as for themselves in case of failing to apply the organizations security policies. After understanding the consequences of security breaches, employees fear of committing an error raises. This high level of fear leads them to search for ways that help them avoid security threats and their consequences. In the context of this study, we expect that when employees feel the threat and its consequences, they will try to search and find out a way that helps them to avoid these issues. The easiest way is to check what others are doing especially those who have not been caught committing any security problem before or those who have not been penalized because of an information security issue. As individuals, when we are fearful and unsure about how to behave in a particular situation, we tend to look 4 Thirty Third International Conference on Information Systems, Orlando 2012
5 Merhi & Midha / The Impact of Training and Social Norms on Information Security at others behaviors (Rimal and Real 2005). The reason is when others engage in a behavior, they give us social cues on how to behave in similar situations (Cialdini 2001). From these arguments, the following hypothesis is offered: H.2: Threat appraisal training will be positively associated with descriptive norm. Injunctive Norm Injunctive norms refer to rules or beliefs that describe what an individual thinks others approve or disapprove. In other words, it is not to one s own view of what constitutes appropriate behavior but to one s perception of what others believe to be appropriate behavior. This category of norms specifies what should be done. An instance of an injunctive norm is the belief that one should comply with the security policy of an organization in order to prevent data loss. Previous studies indicated that such moral evaluation strongly influences compliance decisions (Larimer and Neighbors 2003). The reason for this is explained in the behavioral literature, which suggests that individuals create their behavior based on the views of those individuals who are important to them. In other words, employees in organizations change their behavior if they perceive that important referents, such as peers and supervisors, would like them to behave in a certain way. In considering injunctive norms in organizational setting, Venkatesh et al. (2003) examined employees perceptions of the expectations of superiors, managers, and peers in relevant information systems departments. They found that if an employee believes that his/her peers, managers, or superiors expect a specific behavior from him/her, he/she will more likely do it. In the context of this study, we assume that the expectations of managers, supervisors, information security officers, IT staff, and peers will have a persuasive effect on employees intention to comply with information security policies. If those individuals, who are usually important to the employees, advise them to comply with information security policies or if the employees believe that these individuals expect them to comply, they will more likely have positive intentions to follow their peers by undertaking the appropriate security actions and thus comply with the organizational information security policies. Hence, we propose: H.3: Injunctive norm will be positively associated with intention to comply with organizational information security policies. Policy Awareness Training In literature, it has been argued that in order to ensure the feasibility of a security policy, organizations have to make sure that their employees understand it and accept necessary precautions (Whitman et al. 2001). In policy awareness training, the information security policy should be set as the foundation and thus the primary training tool (Peltier 2005). This type of security training can be included within general organizational training strategies that promote awareness of day-to-day physical security issues within the organization (Furnell et al. 2002). Good policy awareness training should focus on providing employees with general knowledge of the information security environment, along with the awareness of required security procedures (Lee and Lee 2002; Whitman et al. 2001). During training, employees are educated about the rules that clearly define what should and should not be done. The knowledge of such rules implicitly indicates and raises the shared beliefs among the employees because all employees have to agree and apply the information security policy. When employees know about the rules, they recognize that they are obliged to apply these rules because their peers know that they were trained to do so. In other words, these employees believe that their peers are expecting them to behave in the same way they were trained because otherwise they will be questioned and may be punished for not applying what they learned during training. For this reason, we expect that policy awareness training affects employees injunctive norms. From these arguments, the following hypotheses are offered: H.4: Policy awareness training will be positively associated with injunctive norm. It is worth noting that the proposed model is intentionally simplified to be parsimonious. While there might be other relationships between and among the variables included in the model, those possible relationships are not examined in this study because the focus in this current model is to investigate the proposed hypotheses. Future research might explore other relationships and extend the current model. Thirty Third International Conference on Information Systems, Orlando
6 IS Security and Privacy Pilot Study Methodology Research Method and Data Collection In order to assess the proposed model, survey methodology was utilized. The population for this pilot study included faculty and staff at a large public university in the Southern part of the United States. Using random sampling, a total of 85 individuals were invited to complete the survey instrument. Of the 85 surveys, a total of 69 usable surveys were collected and used for data analysis. Thus, the effective response rate for this pilot was about 81 percent. Measures The measures used in this study were based on previously validated measures where possible. Scale items for three constructs, intention, descriptive norm, and injunctive norm, were adopted from previous literature but adapted to our study s context. The behavioral construct intention to comply was adopted from Siponen et al. (2010) with some modifications and additions of new items. Items in this construct include I am likely to follow organizational security policies. Similarly, the social norms constructs were acquired from previous studies with some modifications and additions of new items. Descriptive norm items were adapted from Herath and Rao (2009a), and injunctive norm items were modified from Siponen et al. (2010). For instance, one of the items that were used to measure descriptive norm is I believe other employees comply with the organization IS security compliance policies. As for injunctive norm My colleagues think that I should follow organizational IS security compliance policies was one of the items that was used to assess this construct. Regarding threat appraisal training and policy awareness training, items for these two constructs were constructed in this study in order to capture and assess these two concepts. Examples of scale items that were used to assess these two constructs include My organization s security training educates how information security breaches are becoming more and more serious for threat appraisal training and My organization s security training outlines appropriate use of information technology resources (e.g. ) policies for policy awareness compliance. In this study, a total of five constructs, and a total of 25 multiple items with five Likert scale ranging from Strongly disagree to Strongly agree were employed. Data Analysis and Results Before applying statistical procedures, data abnormalities such as missing data and outliers were investigated. Violations of statistical assumptions were also checked. Missing data were checked and incomplete instruments were not included in the study. Outliers tests revealed that there was no need for a corrective treatment. Data were also checked for violations of assumptions such as normality and linearity and results indicated that these assumptions were met in the data collected. Partial least squares (PLS) was used to assess both the research models and the psychometric properties of the scales. Measurement Model Assessment In this study, PLS was used to assess the convergent validity, discriminant validity and the internal consistency (reliability) of the constructs forming the research model. Chin (1998) sets criteria for acceptable psychometric properties. These criteria require that (1) internal consistencies exceed 0.70; (2) loadings in a confirmatory factor analysis (CFA) exceed 0.70; (3) loadings are greater than cross-loadings; and (4) the square root of the average variance extracted (AVE) exceeds the inter-construct correlations (Chin 1998). To check if these criteria are met in our model, we first tested whether the items load highly (greater than 0.70) in only one construct and if these loadings are greater than cross-loadings. Two items, one from the threat appraisal training construct and one from the policy awareness training construct, were dropped and eliminated from the analysis because they violated these guidelines. After checking the loadings of the items, internal consistency was checked with composite reliabilities. All the constructs demonstrated acceptable values: the reliability coefficients of all the constructs ranged from 0.84 to 0.93 and are above This indicates that the items used are reliable measures for their perspective constructs. 6 Thirty Third International Conference on Information Systems, Orlando 2012
7 Merhi & Midha / The Impact of Training and Social Norms on Information Security Next, we checked for convergent and discriminant validity. Results demonstrated convergent validity as the AVE values of all constructs are equal or higher than the threshold of 0.5. Comparing the square root of the AVE to the correlations among the constructs, each construct was more closely related to its own construct than to the others which simply means that discriminant validity is demonstrated in this study. Thus, results suggest that the scales demonstrate adequate psychometric properties. Structural Model Assessment and Hypotheses Testing We also used PLS (SmartPLS 2.0) to assess the model and the proposed hypotheses among the five latent constructs. PLS is better suited for theory development than for theory testing and is especially useful for prediction (Urbach and Ahlemann 2010). The analysis results are graphically presented in Figure 2. Figure 2 shows the path coefficients and the significance levels for each hypothesis as well as the variances for the three dependent constructs: descriptive norm, injunctive norm, and behavioral intention to comply with information security policies. The significance of the paths was determined using the T- statistic calculated with the bootstrapping technique. All constructs were modeled as reflective. Threat appraisal training explains 43 % of the variance in descriptive norm. Policy awareness training explains 58 % of the variance in injunctive norm. Descriptive norm and injunctive norm together explain 65 % of the variance of intention to comply. Threat appraisal training 0.66*** Descriptive norm 0.35*** R 2 =.65 R 2 =.43 R 2 = *** Intention to information security compliance Policy awareness training 0.76*** Injunctive norm Note ***: Significant at level. All four hypotheses are supported. Consistent with Hypothesis 1, descriptive norm has a significant effect (at level) on intention to comply with information security policies. Also, threat appraisal training has a significant effect (at level) on descriptive norm, supporting Hypothesis 2. Consistent with the prediction, injunctive norm has a significant effect (at the level) on intention to comply with information security policies, supporting Hypothesis 3. Also, consistent with Hypothesis 4, policy awareness training has a significant effect (at level) on injunctive norm. Discussion and Implications Figure 2: Model Results This research has several key findings and offers theoretical as well as practical implications. In information security literature, SETA has been given high importance but we noticed that two different concepts are used to define and measure this construct. To our best knowledge, this study is the first to suggest this matter. In addition, this study does not only study the impact of two crucial factors - descriptive and injunctive norm, but also suggests that these two types of norm can be affected by other factors. These factors are the two types of training identified in this research. The proposed model was supported by the empirical data. All four hypotheses were supported. These two contributions add to the body of knowledge and enhance our understanding about the factors that affect employees behavior. As for practitioners, our research offers implications to them that help them to develop strategies to decrease the security breach. The results of this study show that intention to comply with information security policies is influenced by injunctive and descriptive norm (R2= 65%). The coefficients in Figure 2 show that injunctive norm has a big influence (β= 0.53; Sig. at 0.001) on intention to comply with information security policies. This result Thirty Third International Conference on Information Systems, Orlando
8 IS Security and Privacy comes in line with previous information systems studies especially those who use the TRA and TPB as their core model. In the context of information security, this result confirms previous findings (Herath and Rao, 2009a) and indicates that in organizations referents expectations do affect the employees behaviors. This finding suggest that the more employees believe that important people around them expect from them to comply with information security, the more likely they will comply. Based on this, managers and supervisors in organizations can enhance security compliance by first explaining to their employees what they expect from them regarding security compliance and then emphasizing it. The relationship between descriptive norm and intention to comply with information security policies was also found highly significant (β= 0. 35; Sig. at 0.001), supporting hypothesis 1. Descriptive norm was found to be a crucial factor that affects behavioral intention to comply. This finding speaks to practitioners and especially to those organizations that are trying to influence their employees behavior to apply the organizational information security policies. In order to increase security compliance in their organization, information security officers and IT supervisors can enhance the security climate in the organizations by offering session where employees can freely share their ideas/experiences about security related issues and the usage of the organization s security policy as a foundation to solve these problems. From this discussion, it is expected that employees will get the knowledge on how to deal with a similar cases in the future believing that this is the normal thing to do since other people are doing it. Furthermore, results indicate that the two concepts of training that we presented are valid and each one of them is a construct by itself. It is found that threat appraisal training positively affects descriptive norm (β= 0.66; Sig. at 0.001), supporting hypothesis 3. This finding suggest that in order to enhance security compliance, managers who are responsible for the security in the organizations should empower employees to be able to assess threats, understand threats severity as well as the likelihood of its occurring. During their training, employees should know about the threats related to security that they may encounter and the consequences that will occur for the organization as well as for themselves in case of failing to apply the organizations security policies. Showing case examples of employees who have not been caught committing any security problem before or those who have not been penalized because of an information security issue, will also help other employees to make these cases behaviors as a model that should follow. Venkatesan (1966) found that imitating what most others are doing influences individuals to behave similarly. Moreover, support for hypothesis 4 was found: That is, policy awareness training positively (β= 0.76; Sig. at 0.001) affects injunctive norm. This result comes to assure the importance of policy training in information security and suggests that employees in organizations should be exposed to rules that clearly define what should and should not be done. In order to enhance security compliance, organizations should promote awareness of day-to-day physical security issues within the organization. Future Research and Conclusions After we tested the model in this pilot study, we plan to take few issues into consideration. First, the sample was collected from one university located in the Southern part of the United States. In order to generalize the findings to other age groups and/or other countries/cultures, we plan to test the model proposed in this study in different areas and probably countries if possible. Re-testing this model in other countries and taking the culture into consideration and introducing moderator effects such as gender, age, etc. will definitely enrich the body of knowledge and enhance our understanding of the factors affecting the intention to comply with information security. Second, the relationships tested among the constructs in this model were simple in order to keep it parsimonious. As mentioned previously, there might be other relationships among these constructs that need to be investigated in future studies. In literature, employees non-compliance with their organization s information security policies has been identified as the greatest single source of threat to organizational information systems security. This research-in-progress is an effort to identify how different types of training affect different types of norms leading to information security compliance. For information security researchers, this study makes an important contribution in conceptualizing and measuring two concepts that have been used as one construct. Also, to our best knowledge, this study for the first time assesses social norms as dependent variables. Social norms were used in previous studies as independent variables; whereas, in this study we demonstrated that social norms can be affected by other factors. Thus, from the standpoint of information 8 Thirty Third International Conference on Information Systems, Orlando 2012
9 Merhi & Midha / The Impact of Training and Social Norms on Information Security security, this study is a crucial contribution to theory and practice. References Ajzen, I From Intentions to Actions: A Theory of Planned Behavior, in Action-Control: From Cognitions to Behavior, J. Kuhl and J. Beckman (eds.), Heidelberg, Germany: Springer, pp Ajzen, I. and Fishbein, M Understanding Attitudes and Predicting Social Behavior, Englewood Cliffs, NJ: Prentice-Hall. Aytes, K., and Connolly, T Computer Security and Risky Computing Practices: A Rational Choice Perspective, Journal of Organizational and End User Computing (16:3), pp Baskerville, R., and Siponen, M An Information Security Meta-Policy for Emergent Organizations, Logistics Information Management (15:5/6), pp Beck, L., and Ajzen, I Predicting Dishonest Actions Using the Theory of Planned Behavior, Journal of Research in Personality (25:3), pp Bishop, M., What is Computer Security? IEEE Security and Privacy (1:1), pp Boer, H., and Westhoff, Y The Role of Positive and Negative Signaling Communication by Strong and Weak Ties in the Shaping of Safe Sex Subjective Norms of Adolescents in South Africa, Communication Theory (16:1), pp Bulgurcu, B., Cavusoglu, H., and Benbasat, I Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness, MIS Quarterly (34:3), pp Chin, W Issues and Opinion on Structural Equation Modeling, MIS Quarterly (22:1), pp. vii-xvi. Cialdini, R. B Influence: Science and practice (2nd ed.), Glenview, IL: Scott, Foresman. Cialdini, R. B Descriptive Social Norms as Underappreciated Sources of Social Control, Psychometrika (72:2), pp Cialdini, R. B., Kallgren, C. A., and Reno, R. R A Focus Theory of Normative Conduct: A Theoretical Refinement and Re-evaluation, Advances in Experimental Social Psychology (24), pp Cialdini, R. B., Reno, R. R., and Kallgren, C. A A Focus Theory of Normative Conduct: Recycling the Concept of Norms to Reduce Littering in Public Places, Journal of Personality and Social Psychology (58:6), pp Conner, M., and McMillan, B Interaction Effects in the Theory of Planned Behavior: Studying Cannabis Use, British Journal of Social Psychology (38:2), pp D Arcy, J., Hovav, A., and Galletta, D User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach, Information Systems Research (20:1), pp Deutsch, M., and Gerard, H. B A Study of Normative and Informational Social Influence upon Individual Judgment, Journal of Abnormal and Social Psychology (51:3), pp Dhillon, G Managing and Controlling Computer Misuse, Information Management Computer Security (7:4), pp Fishbein, M The Role of Theory in HIV Prevention, AIDS Care (12:3), pp Fishbein, M., and Ajzen, I Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research, Reading, MA: Addison-Wesley. Fishbein, M., and Yzer, M. C Using Theory to Design Effective Health Behavior Interventions, Communication Theory (13:2), pp Furnell, S End-User Security Culture: A Lesson That Will Never Be Learnt? Computer Fraud & Security (4), pp Furnell, S., Gennatou, M. and Dowland, P A Prototype Tool for Information Security Awareness and Training, Logistics Information Management (15:5/6), pp Goldstein, N. J., Cialdini, R. B., and Griskevicius, V A Room With a Viewpoint: Using Social Norms to Motivate Environmental Conservation in Hotels, Journal of Consumer Research (35:3), pp Goodhue, D. L., and Straub, D. W Security Concerns of System Users: A Study of Perceptions of the Adequacy of Security, Information & Management (20:1), pp Herath, T., and Rao, H. R. 2009a. Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organizations, European Journal of Information Systems (18:2), pp Thirty Third International Conference on Information Systems, Orlando
10 IS Security and Privacy Herath, T., and Rao, H. R. 2009b. Encouraging Information Security Behaviors: Role of Penalties, Pressures and Perceived Effectiveness, Decision Support Systems (47:2), pp Ifinedo, P Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory, Computers & Security (31:1), pp Kallgren, C. A., Reno, R. R., and Cialdini, R. B A Focus Theory of Normative Conduct: When Norms Do and Do Not Affect Behavior, Personality and Social Psychology Bulletin (26:8), pp Karjalainen, M., and Siponen, M. T Toward a New Meta-Theory for Designing Information Systems (IS) Security Training Approaches, Journal of the Association for Information Systems (12:8), pp Lapinski, M. K., and Rimal, R. N An Explication of Social Norms, Communication Theory (15:2), pp Larimer, M. E., and Neighbors, C Normative Misperception and the Impact of Descriptive and Injunctive Norms on Student Gambling, Psychology of Addictive Behaviors (17:3), pp Lee, J., Lee. Y A Holistic Model of Computer Abuse within Organizations, Information Management Computer Security (10:2), pp Nolan, J. M., Schultz, P. W., Cialdini, R. B., Griskevicius, V., and Goldstein, N. J Normative Social Influence is Underdetected, Personality and Social Psychology Bulletin (34:7), pp Parker, D., Manstead, A. S. R., and Stradling, S. G Extending the Theory of Planned Behaviour: The Role of Personal Norm, British Journal of Social Psychology (34:2), pp Peltier, T. R Implementing an Information Security Awareness Program, Information Systems Security (14: 2), pp Puhakainen, P., and Siponen, M. T Improving Employees Compliance through Information Systems Security Training: An Action Research Study, MIS Quarterly (34:4), pp Rimal, R. N., and Real, K How Behaviors are Influenced by Perceived Norms: A Test of the Theory of Normative Social Behavior, Communication Research (32:3), pp Rivis, A., and Sheeran, P Descriptive Norms as an Additional Predictor in the Theory of Planned Behaviour: A Meta-Analysis, Current Psychology: Developmental, Learning, Personality, Social (22:3), pp Schultz, P. W Changing Behavior with Normative Feedback Interventions: A Field Experiment on Curbside Recycling, Basic and Applied Social Psychology (21:1), pp Schultz, P. W., Nolan, J. M., Cialdini, R. B., Goldstein, N. J., and Griskevicius, V The Constructive, Destructive, and Reconstructive Power of Social Norms, Psychological Science (18:5), pp Sheeran, P. and Orbell S Augmenting the Theory of Planned Behavior: Roles for Anticipated Regret and Descriptive Norms, Journal of Applied Social Psychology, (29:10), pp Siponen, M. T Critical Analysis of Different Approaches to Minimizing User-Related Faults in Information Systems Security: Implications for Research and Practice, Information Management & Computer Security (8:5), pp Siponen, M. T., Pahnila, S., and Mahmood, M. A Compliance with Information Security Policies: An Empirical Investigation, IEEE Computer (43: 2), pp Straub, D. W., and Welke, R Coping with Systems Risk: Security Planning Models for Management Decision Making, MIS Quarterly (22:4), pp Urbach, N., and Ahlemann, F Structural Equation Modeling in Information Systems Research Using Partial Least Squares, Journal of Information Technology Theory and Application (11:2), pp Venkatesan, M Experimental Study of Consumer Behavior, Conformity, and Independence, Journal of Marketing Research (3:4), pp Venkatesh, V., Morris, M. G., Davis, G. B. and Davis, F. D User Acceptance of Information Technology: Toward a Unified View, MIS Quarterly (27:3), pp Voss, T Game Theoretical Perspectives on the Emergence of Social Norms, in Social Norms, M. Hechter and K. D. Opp, (eds.), Russell Sage Foundation, pp Warkentin, M., Carter, L., and McBride, M. E. 2011a. Exploring the Role of Individual Employee Characteristics and Personality on Employee Compliance with Cybersecurity Policies, The 2011 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG Available online at: 10 Thirty Third International Conference on Information Systems, Orlando 2012
11 Merhi & Midha / The Impact of Training and Social Norms on Information Security Warkentin, M., Johnston, A. C., and Shropshire, J. 2011b. The Influence of the Informal Social Learning Environment on Information Privacy Policy Compliance Efficacy and Intention, European Journal of Information Systems (20:3), pp Warkentin, M., and Willison, R Behavioral and Policy Issues in Information Systems Security: The Insider Threat, European Journal of Information Systems (18:2), pp Wenzel, M The Social Side of Sanctions: Personal and Social Norms as Moderators of Deterrence, Law and Human Behavior (28:5), pp Whitman, M. E In Defense of the Realm: Understanding the Threats to Information Security, International Journal of Information Management (24:1), pp Whitman, M. E., and Mattord, H. J Making Users Mindful of IT Security; Awareness Training is Vital to Keeping the Idea of IT Security Uppermost in Employees Minds, Security Management (48:11), pp Whitman, M. E., Townsend, A. M., and Alberts, R. J Information Systems Security and the Need for Policy, in Information Security Management: Global Challenges in the New Millennium, M. Khosrowpour, (ed.), Idea Group Publishing, Hershey, PA, pp Wybo, M. D., Straub. D. W Protecting Organizational Information Resources, Information Resources Management Journal (2:4), pp Thirty Third International Conference on Information Systems, Orlando
Understanding Social Norms, Enjoyment, and the Moderating Effect of Gender on E-Commerce Adoption
Association for Information Systems AIS Electronic Library (AISeL) SAIS 2010 Proceedings Southern (SAIS) 3-1-2010 Understanding Social Norms, Enjoyment, and the Moderating Effect of Gender on E-Commerce
More informationSystem and User Characteristics in the Adoption and Use of e-learning Management Systems: A Cross-Age Study
System and User Characteristics in the Adoption and Use of e-learning Management Systems: A Cross-Age Study Oscar Lorenzo Dueñas-Rugnon, Santiago Iglesias-Pradas, and Ángel Hernández-García Grupo de Tecnologías
More informationPutting the Motivation in Protection Motivation Theory: An Examination of Persuasive Communication via Extrinsic and Intrinsic Means
Putting the Motivation in Protection Motivation Theory Abstract Putting the Motivation in Protection Motivation Theory: An Examination of Persuasive Communication via Extrinsic and Intrinsic Means Research-in-Progress
More informationAn Empirical Study of the Roles of Affective Variables in User Adoption of Search Engines
An Empirical Study of the Roles of Affective Variables in User Adoption of Search Engines ABSTRACT Heshan Sun Syracuse University hesun@syr.edu The current study is built upon prior research and is an
More informationUNDERSTANDING ORGANIZATION EMPLOYEE`S INFORMATION SECURITY OMISSION BEHAVIOR: AN INTEGRATED MODEL OF SOCIAL NORM AND DETERRENCE
Association for Information Systems AIS Electronic Library (AISeL) PACIS 2014 Proceedings Pacific Asia Conference on Information Systems (PACIS) 2014 UNDERSTANDING ORGANIZATION EMPLOYEE`S INFORMATION SECURITY
More informationControl-Related Motivations and Information Security Policy Compliance: The Effect of Reflective and Reactive Autonomy
Control-Related Motivations and Information Security Policy Compliance: The Effect of Reflective and Reactive Autonomy Research-in-Progress Jeffrey D. Wall University of North Carolina at Greensboro jdwall2@uncg.edu
More informationIssues in Information Systems Volume 17, Issue II, pp , 2016
CONSUMER ADOPTION AND USE OF MOBILE APPLICATIONS: DO PRIVACY AND SECURITY CONCERNS MATTER? Gary Garrison, Belmont University, gary.garrison@belmont.edu Sang Hyun Kim, Kyungpook National University, ksh@knu.ac.kr
More informationINFORMATION SECURITY AWARENESS: ITS ANTECEDENTS AND MEDIATING EFFECTS ON SECURITY COMPLIANT BEHAVIOR
INFORMATION SECURITY AWARENESS: ITS ANTECEDENTS AND MEDIATING EFFECTS ON SECURITY COMPLIANT BEHAVIOR Completed Research Paper Felix J. Haeussinger Georg-August-University Goettingen Platz der Göttinger
More informationPersonality Traits Effects on Job Satisfaction: The Role of Goal Commitment
Marshall University Marshall Digital Scholar Management Faculty Research Management, Marketing and MIS Fall 11-14-2009 Personality Traits Effects on Job Satisfaction: The Role of Goal Commitment Wai Kwan
More informationFeatured Talk: Measuring Secure Behavior: A Research Commentary
Featured Talk: Measuring Secure Behavior: A Research Commentary Merrill Warkentin a, Detmar Straub b, and Kalana Malimage a a Mississippi State University b Georgia State University T HE expansion of and
More informationExamining the efficacy of the Theory of Planned Behavior (TPB) to understand pre-service teachers intention to use technology*
Examining the efficacy of the Theory of Planned Behavior (TPB) to understand pre-service teachers intention to use technology* Timothy Teo & Chwee Beng Lee Nanyang Technology University Singapore This
More informationROLES OF ATTITUDES IN INITIAL AND CONTINUED ICT USE: A LONGITUDINAL STUDY
ROLES OF ATTITUDES IN INITIAL AND CONTINUED ICT USE: A LONGITUDINAL STUDY Ping Zhang Syracuse University pzhang@syr.edu Abstract. Attitude has been understudied in the information systems (IS) field. Research
More informationAppendix B Construct Reliability and Validity Analysis. Initial assessment of convergent and discriminate validity was conducted using factor
Appendix B Construct Reliability and Validity Analysis Reflective Construct Reliability and Validity Analysis Initial assessment of convergent and discriminate validity was conducted using factor analysis
More informationWE-INTENTION TO USE INSTANT MESSAGING FOR COLLABORATIVE WORK: THE MODERATING EFFECT OF EXPERIENCE
WE-INTENTION TO USE INSTANT MESSAGING FOR COLLABORATIVE WORK: THE MODERATING EFFECT OF EXPERIENCE Aaron X.L. Shen Department of Information Systems, University of Science and Technology of China City University
More informationFactors Influencing the Use of Privacy Settings in Location-Based Social Networks
Factors Influencing the Use of Privacy Settings in Location-Based Social Networks H. Oladimeji and J. Ophoff Dept. of Information Systems, University of Cape Town, Cape Town, South Africa e-mail: OLDHEN003@myuct.ac.za;
More informationMoral Beliefs and Organizational Information Security Policy Compliance: The Role of Gender
Association for Information Systems AIS Electronic Library (AISeL) MWAIS 2016 Proceedings Midwest (MWAIS) Spring 5-19-2016 Moral Beliefs and Organizational Information Security Policy Compliance: The Role
More informationExploring Employees Escalating Behavior as an Antecedent of Information Security Policy Noncompliance Behaviour
Association for Information Systems AIS Electronic Library (AISeL) WISP 2012 Proceedings Pre-ICIS Workshop on Information Security and Privacy (SIGSEC) Winter 12-15-2012 Exploring Employees Escalating
More informationUser Acceptance of E-Government Services
User Acceptance of E-Government Services PACIS 2007 Track (Human Computer Interaction, Social and Cultural Aspects of IS) (Full Paper) Abstract In order to provide more accessible, accurate, real-time
More informationExternal Variables and the Technology Acceptance Model
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 1995 Proceedings Americas Conference on Information Systems (AMCIS) 8-25-1995 External Variables and the Technology Acceptance Model
More informationThe Role of Punishment and Task Dissonance in Information Security Policies Compliance
The Role of Punishment and Task Dissonance The Role of Punishment and Task Dissonance in Information Security Policies Compliance Research-in-Progress Mohammad I. Merhi Department of Decision Sciences
More informationa, Emre Sezgin a, Sevgi Özkan a, * Systems Ankara, Turkey
Available online at www.sciencedirect.com Procedia - Social and Behavioral Scien ce s 8 ( 0 ) nd World Conference on Educational Technology Researches WCETR0 The role of Gender in Pharmacists Attitudes
More informationThe Effect of Social Norms and Cultural Context on Pro-environmental Behaviors
The Effect of Social Norms and Cultural Context on Pro-environmental Behaviors Yoon Hi Sung Doctoral Student The Stan Richards School of Advertising & Public Relations Moody College of Communication The
More informationMeasurement of Constructs in Psychosocial Models of Health Behavior. March 26, 2012 Neil Steers, Ph.D.
Measurement of Constructs in Psychosocial Models of Health Behavior March 26, 2012 Neil Steers, Ph.D. Importance of measurement in research testing psychosocial models Issues in measurement of psychosocial
More informationThe Impact of Rewards on Knowledge Sharing
Association for Information Systems AIS Electronic Library (AISeL) CONF-IRM 2014 Proceedings International Conference on Information Resources Management (CONF-IRM) 2014 The Impact of Rewards on Knowledge
More informationIntegrating Emotion and the Theory of Planned Behavior to Explain Consumers Activism in the Internet Web site
Integrating Emotion and the Theory of Planned Behavior to Explain Consumers Activism in the Internet Web site SEUNGHO CHO shcho72@gmail.com LAURA RICHARDSON WALTON lwalton@comm.msstate.edu Mississippi
More informationAcceptance of E-Government Service: A Validation of the UTAUT
Proceedings of the 5th WSEAS International Conference on E-ACTIVITIES, Venice, Italy, November 20-22, 2006 165 Acceptance of E-Government Service: A Validation of the UTAUT YI-SHUN WANG Department of Information
More informationDeakin Research Online Deakin University s institutional research repository DDeakin Research Online Research Online This is the published version:
Deakin Research Online Deakin University s institutional research repository DDeakin Research Online Research Online This is the published version: Taghian, Mehdi and D'Souza, Clare 2007, A cross-cultural
More informationINVESTGATING THE EFFECT OF SOCIAL INFLUENCE ON INFORMATION TECHNOLOGY ACCEPTANCE
INVESTGATING THE EFFECT OF SOCIAL INFLUENCE ON INFORMATION TECHNOLOGY ACCEPTANCE Jeoungkun Kim Graduate School of Management, Korea Advanced Institute Science and Technology, kimjk70@kgsm.kaist.ac.kr Heeseok
More informationADOPTION PROCESS FOR VoIP: THE UTAUT MODEL
ADOPTION PROCESS FOR VoIP: THE UTAUT MODEL Eduardo Esteva-Armida, Instituto Tecnológico y de Estudios Superiores de Monterrey Gral. Ramón Corona 2514, Zapopan, Jalisco, México 45120 Phone: (5233) 3669.3080
More informationTHEORY OF PLANNED BEHAVIOR: A PERSPECTIVE IN INDIA S INTERNET BANKING
THEORY OF PLANNED BEHAVIOR: A PERSPECTIVE IN INDIA S INTERNET BANKING Dr. Rajesh Bhatt Head, Department of Business Administration Bhavnagar University, Bhavnagar ABSTRACT The banking services in India
More information10 Norms and behavior. What s it about?
10 Norms and behavior What s it about? (Social Psychology pp. 351 395) Norms are effective guides for social behavior. Norms must be activated before they can guide behavior. When individuals are in a
More informationSlacking and the Internet in the Classroom: A Preliminary Investigation
Association for Information Systems AIS Electronic Library (AISeL) SIGHCI 2006 Proceedings Special Interest Group on Human-Computer Interaction 2006 Slacking and the Internet in the Classroom: A Preliminary
More informationADOPTION AND USE OF A UNIVERSITY REGISTRATION PORTAL BY UNDERGRADUATE STUDENTS OF BAYERO UNIVERSITY, KANO
Bayero Journal of Pure and Applied Sciences, 9(2): 179-185 Received: June, 2016 Accepted: November, 2016 ISSN 2006 6996 http://dx.doi.org/10.4314/bajopas.v9i2.33 ADOPTION AND USE OF A UNIVERSITY REGISTRATION
More informationPerceived usefulness. Intention Use E-filing. Attitude. Ease of use Perceived behavioral control. Subjective norm
Project Guidelines Perceived usefulness Attitude Intention Use E-filing Ease of use Perceived behavioral control Subjective norm Introduction Introduction should include support/justification why the research
More informationPLANNING THE RESEARCH PROJECT
Van Der Velde / Guide to Business Research Methods First Proof 6.11.2003 4:53pm page 1 Part I PLANNING THE RESEARCH PROJECT Van Der Velde / Guide to Business Research Methods First Proof 6.11.2003 4:53pm
More informationResearch on Software Continuous Usage Based on Expectation-confirmation Theory
Research on Software Continuous Usage Based on Expectation-confirmation Theory Daqing Zheng 1, Jincheng Wang 1, Jia Wang 2 (1. School of Information Management & Engineering, Shanghai University of Finance
More informationNormative Outcomes Scale: Measuring Internal Self Moderation
Normative Outcomes Scale: Measuring Internal Self Moderation Dr Stephen Dann Advertising Marketing and Public Relations, Queensland University Technology, Brisbane, Australia Email: sm.dann@qut.edu.au
More informationChanging manager behaviour
Changing manager behaviour August 2010. Occasional Paper Vol. 3 No. 7 Derek Mowbray Why is behaviour so important? The role of the manager is to get the job done. Normally, this involves asking someone
More informationIssues in Information Systems
ANALYZING THE ROLE OF SOME PERSONAL DETERMINANTS IN WEB 2.0 APPLICATIONS USAGE Adel M. Aladwani, Kuwait University, adel.aladwani@ku.edu.kw ABSTRACT This study examines the personal determinants of Web
More informationA study of association between demographic factor income and emotional intelligence
EUROPEAN ACADEMIC RESEARCH Vol. V, Issue 1/ April 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A study of association between demographic factor income and emotional
More information716 West Ave Austin, TX USA
Practical Ethics for Fraud Examiners GLOBAL HEADQUARTERS the gregor building 716 West Ave Austin, TX 78701-2727 USA Introduction I. INTRODUCTION Ethics as a branch of philosophy has been developing since
More informationFACTORS AFFECTING COMPUTER CRIME PROTECTION BEHAVIOR
FACTORS AFFECTING COMPUTER CRIME PROTECTION BEHAVIOR Sirirat Srisawang, Thammasat Business School, Thammasat University, Bangkok, Thailand, sirirat.sr@gmail.com Mathupayas Thongmak, Thammasat Business
More informationTechnical Specifications
Technical Specifications In order to provide summary information across a set of exercises, all tests must employ some form of scoring models. The most familiar of these scoring models is the one typically
More informationWhy Deterrence is not Enough: The Role of Endogenous Motivations on Employees Information Security Behavior
Why Deterrence is not Enough: The Role of Endogenous Motivations on Employees Information Security Behavior Completed Research Paper Johann J. Kranz Georg-August-University Goettingen Platz der Gottinger
More informationAnalysis of citizens' acceptance for e-government services: applying the utaut model
Analysis of citizens' acceptance for e-government services: applying the utaut model Author Alshehri, Mohammed, Drew, Steve, Al Ghamdi, Rayed Published 2012 Conference Title Proceedings of the IADIS Multi
More informationUnderstanding Information Security Compliance - Why Goal Setting and Rewards Might be a Bad Idea
Understanding Information Security Compliance - Why Goal Setting and Rewards Might be a Bad Idea N. Gerber 1,3, R. McDermott 1, M. Volkamer 2,3,4 and J. Vogt 1,3 1 Faculty of Human Sciences, Technische
More informationAn Empirical Study on Causal Relationships between Perceived Enjoyment and Perceived Ease of Use
An Empirical Study on Causal Relationships between Perceived Enjoyment and Perceived Ease of Use Heshan Sun Syracuse University hesun@syr.edu Ping Zhang Syracuse University pzhang@syr.edu ABSTRACT Causality
More informationSense-making Approach in Determining Health Situation, Information Seeking and Usage
DOI: 10.7763/IPEDR. 2013. V62. 16 Sense-making Approach in Determining Health Situation, Information Seeking and Usage Ismail Sualman 1 and Rosni Jaafar 1 Faculty of Communication and Media Studies, Universiti
More informationEvaluation of the. Learn2Live Road Safety Intervention for Young People. Plymouth Pavilions event. 25 th November 2011.
Evaluation of the Learn2Live Road Safety Intervention for Young People Plymouth Pavilions event 25 th November 2011 Research by Emma Dunnett, Amy Goodwin, Georgina Hobson, Claire Hubbard, Daniel Orton,
More informationBehavioral Factors Affecting Internet Abuse in the Workplace An Empirical Investigation
Behavioral Factors Affecting Internet Abuse in the Workplace An Empirical Investigation ABSTRACT Irene M.Y. Woon National University of Singapore iwoon@comp.nus.edu.sg Internet abuse in the workplace refers
More informationVIRGINIA LAW REVIEW IN BRIEF
VIRGINIA LAW REVIEW IN BRIEF VOLUME 96 JUNE 15, 2010 PAGES 35 39 REPLY GOOD INTENTIONS MATTER Katharine T. Bartlett * W HILE writing the article to which Professors Mitchell and Bielby have published responses,
More informationGET A CUE ON IS SECURITY TRAINING: EXPLAINING THE DIFFERENCE BETWEEN HOW SECURITY CUES AND SECURITY ARGUMENTS IMPROVE SECURE BEHAVIOR
GET A CUE ON IS SECURITY TRAINING: EXPLAINING THE DIFFERENCE BETWEEN HOW SECURITY CUES AND SECURITY ARGUMENTS IMPROVE SECURE BEHAVIOR Research-in-Progress Jeffrey L. Jenkins University of Arizona Tucson,
More informationEnergizing Behavior at Work: Expectancy Theory Revisited
In M. G. Husain (Ed.), Psychology and society in an Islamic perspective (pp. 55-63). New Delhi: Institute of Objective Studies, 1996. Energizing Behavior at Work: Expectancy Theory Revisited Mahfooz A.
More informationPersuading End Users to Act Cautiously Online: Initial Findings of a Fear Appeals Study on Phishing
Persuading End Users to Act Cautiously Online: Initial Findings of a Fear Appeals Study on Phishing Abstract J. Jansen 1,2 and P. van Schaik 3 1 Faculty of Humanities and Law, Open University of the Netherlands
More informationOrganizational Behaviour
Bachelor of Commerce Programme Organizational Behaviour Individual Behaviour Perception The Da Vinci Institute for Technology Management (Pty) Ltd Registered with the Department of Education as a private
More informationA Productivity Review Study on Theory of Reasoned Action Literature Using Bibliometric Methodology
0 International Conference on Management and Service Science IPEDR vol.8 (0) (0) IACSIT Press, Singapore A Productivity Review Study on Theory of Reasoned Action Literature Using Bibliometric Methodology
More informationTHE THEORY OF PLANNED BEHAVIOR TO DETERMINE THE SOCIAL NETWORK USAGE BEHAVIOR IN SAUDI ARABIA
0F USING International Journal of Research in Computer Science eissn 2249-8265 Volume 5 Issue 1 (2015) pp. 1-8, A Unit of White Globe Publications THE THEORY OF PLANNED BEHAVIOR TO DETERMINE THE SOCIAL
More informationPERCEIVED TRUSTWORTHINESS OF KNOWLEDGE SOURCES: THE MODERATING IMPACT OF RELATIONSHIP LENGTH
PERCEIVED TRUSTWORTHINESS OF KNOWLEDGE SOURCES: THE MODERATING IMPACT OF RELATIONSHIP LENGTH DANIEL Z. LEVIN Management and Global Business Dept. Rutgers Business School Newark and New Brunswick Rutgers
More informationIs entrepreneur s photo a crucial element in a crowdfunding webpage?
Second International Conference on Economic and Business Management (FEBM 2017) Is entrepreneur s photo a crucial element in a crowdfunding webpage? Xin Wang, Huaxin Wang *, Yu Zhao Department of Business
More informationIntegrating ITEP BETI across services
Integrating ITEP BETI across services Luke Mitcheson, Clinical Team, National Treatment Agency Optimising i i Treatment t Effectiveness, KCA, London 30th November 2009 Structure What is ITEP / BTEI? Why
More informationNew Research Directions in Young Adult Marijuana Use, Consequences, and Prevention
New Research Directions in Young Adult Marijuana Use, Consequences, and Prevention Jason R. Kilmer, Ph.D. University of Washington Research Assistant Professor Psychiatry & Behavioral Sciences Assistant
More informationDevelopment of a Framework for Analyzing Individual and Environmental Factors Preceding Attitude toward Information Security
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2007 Proceedings Americas Conference on Information Systems (AMCIS) December 2007 Development of a Framework for Analyzing Individual
More informationKeywords: consultation, drug-related problems, pharmacists, Theory of Planned Behavior
DEVELOPMENT OF A QUESTIONNAIRE BASED ON THE THEORY OF PLANNED BEHAVIOR TO IDENTIFY FACTORS AFFECTING PHARMACISTS INTENTION TO CONSULT PHYSICIANS ON DRUG-RELATED PROBLEMS Teeranan Charoenung 1, Piyarat
More informationAn Examination of the Effects of Self-Regulatory Focus on the Perception of the Media Richness: The Case of
An Examination of the Effects of Self-Regulatory Focus on the Perception of the Media Richness: The Case of Email Communication is a key element in organizations business success. The Media Richness Theory
More informationGender differences in condom use prediction with Theory of Reasoned Action and Planned Behaviour: the role of self-efficacy and control
Gender differences in condom use prediction with Theory of Reasoned Action and Planned Behaviour: the role of self-efficacy and control Alicia Muñoz-Silva, Manuel Sánchez-García, Cristina Nunes, Ana Martins
More informationAttitude Change Process toward ERP Systems Using the Elaboration Likelihood Model
Attitude Change Process toward ERP Systems Using the Elaboration Likelihood Model Euisung Jung University of Wisconsin-Milwaukee Lubar School of Business junge@uwm.edu William D. Haseman University of
More informationAsking and answering research questions. What s it about?
2 Asking and answering research questions What s it about? (Social Psychology pp. 24 54) Social psychologists strive to reach general conclusions by developing scientific theories about why people behave
More informationVALUES AND ENTREPRENEURIAL ATTITUDE AS PREDICTORS OF NASCENT ENTREPRENEUR INTENTIONS
VALUES AND ENTREPRENEURIAL ATTITUDE AS PREDICTORS OF NASCENT ENTREPRENEUR INTENTIONS Noel J. Lindsay 1, Anton Jordaan, and Wendy A. Lindsay Centre for the Development of Entrepreneurs University of South
More informationThe Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry
Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 2 nd, 2014 The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry Alex Alexandrou and Li-Chiou
More informationThe Effectiveness of the Modified Expanded Rational Expectations Model to Explore Adult Consumers Functional Foods Consumption Behavior ABSTRACT
The Effectiveness of the Modified Expanded Rational Expectations Model to Explore Adult Consumers Functional Foods Consumption Behavior Oak-Hee Park Linda Hoover Tim Dodd Lynn Huffman Nutrition, Hospitality,
More informationThe moderating impact of temporal separation on the association between intention and physical activity: a meta-analysis
PSYCHOLOGY, HEALTH & MEDICINE, 2016 VOL. 21, NO. 5, 625 631 http://dx.doi.org/10.1080/13548506.2015.1080371 The moderating impact of temporal separation on the association between intention and physical
More informationNational Culture Dimensions and Consumer Digital Piracy: A European Perspective
National Culture Dimensions and Consumer Digital Piracy: A European Perspective Abstract Irena Vida, irena.vida@ef.uni-lj.si Monika Kukar-Kinney, mkukarki@richmond.edu Mateja Kos Koklič, mateja.kos@ef.uni-lj.si
More information24/10/13. Surprisingly little evidence that: sex offenders have enduring empathy deficits empathy interventions result in reduced reoffending.
Professor Tony Ward Law, D. R. & Ward, T. (2011). Desistance from sexual offending: Alternatives to throwing away the keys. New York, NY: Guilford Press. Ward, T., & Durrant, R. (2011). Evolutionary behavioural
More informationChapter 8: Consumer Attitude Formation and Change
MKT 344 Faculty NNA Consumer Behavior, Ninth Edition Schiffman & Kanuk Chapter 8: Consumer Attitude Formation and Change Attitude A learned tendency to behave in a consistently favorable or unfavorable
More informationREPORT ON EMOTIONAL INTELLIGENCE QUESTIONNAIRE: GENERAL
REPORT ON EMOTIONAL INTELLIGENCE QUESTIONNAIRE: GENERAL Name: Email: Date: Sample Person sample@email.com IMPORTANT NOTE The descriptions of emotional intelligence the report contains are not absolute
More informationThe Influence of Psychological Empowerment on Innovative Work Behavior among Academia in Malaysian Research Universities
DOI: 10.7763/IPEDR. 2014. V 78. 21 The Influence of Psychological Empowerment on Innovative Work Behavior among Academia in Malaysian Research Universities Azra Ayue Abdul Rahman 1, Siti Aisyah Panatik
More informationPluralistic Ignorance in the Personal Use of the Internet and System Monitoring
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2005 Proceedings Americas Conference on Information Systems (AMCIS) 2005 Pluralistic Ignorance in the Personal Use of the Internet
More informationSocial Factors in Policy Compliance Evidence found in Literature to Assist the Development of Policies in Information Security Management.
2013 46th Hawaii International Conference on System Sciences Social Factors in Policy Compliance Evidence found in Literature to Assist the Development of Policies in Information Security Management. Danijel
More informationUnderstanding Tourist Environmental Behavior An Application of the Theories on Reasoned Action Approach
University of Massachusetts Amherst ScholarWorks@UMass Amherst Tourism Travel and Research Association: Advancing Tourism Research Globally 2012 ttra International Conference Understanding Tourist Environmental
More informationThinking Like a Researcher
3-1 Thinking Like a Researcher 3-3 Learning Objectives Understand... The terminology used by professional researchers employing scientific thinking. What you need to formulate a solid research hypothesis.
More informationMust be the music: Validation of a theory-based survey
Must be the music: Validation of a theory-based survey Brian C. Gordon, PhD, 1 Michael A. Perko, PhD, 2 Lori W. Turner, PhD, 1 James D. Leeper, PhD, 3 Samory T. Pruitt, PhD, 4 and Stuart L. Usdan, PhD
More informationA STUDY ON TEACHER CANDIDATES RECYCLING BEHAVIORS: A MODEL APPROACH WITH THE THEORY OF PLANNED BEHAVIOR
ISSN 1308 8971 Special Issue: Selected papers presented at WCNTSE A STUDY ON TEACHER CANDIDATES RECYCLING BEHAVIORS: A MODEL APPROACH WITH THE THEORY OF PLANNED BEHAVIOR a Ceren TEKKAYA, b Dilek S. KILIC
More informationRong Quan Low Universiti Sains Malaysia, Pulau Pinang, Malaysia
International Journal of Accounting & Business Management Vol. 1 (No.1), April, 2013 Page: 99-106 ISSN: 2289-4519 This work is licensed under a Creative Commons Attribution 4.0 International License. www.ftms.edu.my/journals/index.php/journals/ijabm
More informationDoing Quantitative Research 26E02900, 6 ECTS Lecture 6: Structural Equations Modeling. Olli-Pekka Kauppila Daria Kautto
Doing Quantitative Research 26E02900, 6 ECTS Lecture 6: Structural Equations Modeling Olli-Pekka Kauppila Daria Kautto Session VI, September 20 2017 Learning objectives 1. Get familiar with the basic idea
More informationTHE MEDIATING EFFECT OF EMOTIONS ON THE COMPARISON BETWEEN DESCRIPTIVE NORM INFORMATION AND BEHAVIORS: THE CASE OF RECYCLING. Hye Seung Koh A THESIS
THE MEDIATING EFFECT OF EMOTIONS ON THE COMPARISON BETWEEN DESCRIPTIVE NORM INFORMATION AND BEHAVIORS: THE CASE OF RECYCLING By Hye Seung Koh A THESIS Submitted to Michigan State University in partial
More informationThe reversal effect of prohibition signs
Article Group Processes & Intergroup Relations G P I R The reversal effect of prohibition signs Group Processes & Intergroup Relations 14(5) 681 688 The Author(s) 2011 Reprints and permission: sagepub.
More informationAt the Israel Electric Company: Israel Railways
Evaluation of the outcomes of an intervention to reduce the use of drugs and alcohol in the workplace in Israel Navy Shipyards, the Israel Electric Company, and Israel Railways Executive Summary Background:
More informationTitle: The Theory of Planned Behavior (TPB) and Texting While Driving Behavior in College Students MS # Manuscript ID GCPI
Title: The Theory of Planned Behavior (TPB) and Texting While Driving Behavior in College Students MS # Manuscript ID GCPI-2015-02298 Appendix 1 Role of TPB in changing other behaviors TPB has been applied
More informationCan We Assess Formative Measurement using Item Weights? A Monte Carlo Simulation Analysis
Association for Information Systems AIS Electronic Library (AISeL) MWAIS 2013 Proceedings Midwest (MWAIS) 5-24-2013 Can We Assess Formative Measurement using Item Weights? A Monte Carlo Simulation Analysis
More informationPhysicians' Acceptance of Web-Based Medical Assessment Systems: Findings from a National Survey
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2003 Proceedings Americas Conference on Information Systems (AMCIS) 12-31-2003 Physicians' Acceptance of Web-Based Medical Assessment
More informationReliability and Validity of the Hospital Survey on Patient Safety Culture at a Norwegian Hospital
Paper I Olsen, E. (2008). Reliability and Validity of the Hospital Survey on Patient Safety Culture at a Norwegian Hospital. In J. Øvretveit and P. J. Sousa (Eds.), Quality and Safety Improvement Research:
More informationDescription of intervention
Helping to Overcome PTSD through Empowerment (HOPE) Johnson, D., Zlotnick, C. and Perez, S. (2011) Johnson, D. M., Johnson, N. L., Perez, S. K., Palmieri, P. A., & Zlotnick, C. (2016) Description of Helping
More informationEmotion Regulation Strategy, Emotional Contagion and Their Effects on Individual Creativity: ICT Company Case in South Korea
Emotion Regulation Strategy, Emotional Contagion and Their Effects on Individual Creativity: ICT Company Case in South Korea Dae Sung Lee 1 and Kun Chang Lee 2* 1 Researcher, SKKU Business School Creativity
More informationTHE ROLE OF PERCEIVED CRITICAL MASS IN EXPLAINING WE-INTENTION TO USE INSTANT MESSAGING FOR TEAM COLLABORATION
THE ROLE OF PERCEIVED CRITICAL MASS IN EXPLAINING WE-INTENTION TO USE INSTANT MESSAGING FOR TEAM COLLABORATION Aaron X.L. Shen 1, Matthew K.O. Lee 2, Christy M.K. Cheung 3, and Huaping Chen 4 1 Department
More informationThe Antecedents of Students Expectation Confirmation Regarding Electronic Textbooks
Computer Communication & Collaboration (Vol. 2, Issue 3, 2014) The Antecedents of Students Expectation Confirmation Regarding Electronic Textbooks Robert W. Stone (corresponding author) Department of Accounting,
More informationFORTH VALLEY ADP PREVENTATIVE AGENDA SUBSTANCE MISUSE INTRODUCTION
FORTH VALLEY ADP PREVENTATIVE AGENDA SUBSTANCE MISUSE INTRODUCTION Forth Valley ADP invests in a tiered approach to prevention. The approach is summarised here in three main programmes of work which extend
More informationMorality and Green Consumer Behaviour: A Psychological Perspective
Seminar: Consumption Ethics and the Individual Royal Holloway, University of London, 5 February 2015 Morality and Green Consumer Behaviour: A Psychological Perspective Judith I. M. de Groot John Thøgersen
More informationOutline. Bioethics in Research and Publication. What is ethics? Where do we learn ethics? 6/19/2015
Outline Bioethics in Research and Publication Gertrude Night, PhD Rwanda Agriculture Board What is ethics? History. The purpose of training in research ethics Some ethical principles addressed by research
More informationTwinsburg City Schools Standards-Based Health Course of Study. Health
Course Name: () Rationale: The acquisition of basic health concepts and functional health knowledge provides a foundation for promoting health-enhancing behaviors among youth. This standard includes essential
More informationType of Education, Locus of Control and Optimistic - Pessimistic. Attitude among Undergraduate College Students
The International Journal of Indian Psychology ISSN 2348-5396 (e) ISSN: 2349-3429 (p) Volume 2, Issue 4, DIP: B00352V2I42015 http://www.ijip.in July September, 2015 Type of Education, Locus of Control
More information