This study showed that factors such as self-efficacy, attitude toward compliance, subjective norms, response efficacy and perceived vulnerability positively influence ISSP behavioral compliance intentions of employees. The data analysis did not support perceived severity and response cost as being predictors of ISSP behavioral compliance intentions.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| Perceived severity | Milne et al., 2000, Woon et al., 2005, Workman et al., 2008 | yes | None | pilot | 7-point Likert scales with various endpoints | ||
| Perceived vulnerability | Milne et al., 2000, Woon et al., 2005, Workman et al., 2008 | yes | None | pilot | 7-point Likert scales with various endpoints | ||
| Response cost | Milne et al., 2000, Woon et al., 2005, Workman et al., 2008 | yes | None | pilot | 7-point Likert scales with various endpoints | ||
| Response efficacy | Milne et al., 2000, Woon et al., 2005, Workman et al., 2008 | yes | None | pilot | 7-point Likert scales with various endpoints | ||
| Attitude toward ISSP compliance | Woon, 2007, Bulgurcu et al., 2010, Herath, 2009, Herath, 2009 | yes | None | pilot | 7-point Likert scales with various endpoints | ||
| Subjective norms | Woon, 2007, Bulgurcu et al., 2010, Herath, 2009, Herath, 2009 | yes | None | pilot | 7-point Likert scales with various endpoints | ||
| Self-efficacy | Compeau, 1995, Woon, 2007, Workman et al., 2008 | yes | None | pilot | 7-point Likert scales with various endpoints | ||
| ISSP compliance behavioral intentions | Woon, 2007, Herath, 2009, Herath, 2009 | yes | None | pilot | 7-point Likert scales with various endpoints |
Princely Ifinedo. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1):83–95, February 2012. doi:10.1016/j.cose.2011.10.007.
@article{ifinedo_understanding_2012,
abstract = {This research investigated information systems security policy (ISSP) compliance by drawing upon two relevant theories i.e. the theory of planned behavior (TPB) and the protection motivation theory (PMT). A research model that fused constituents of the aforementioned theories was proposed and validated. Relevant hypotheses were developed to test the research conceptualization. Data analysis was performed using the partial least squares (PLS) technique. Using a survey of 124 business managers and IS professionals, this study showed that factors such as self-efficacy, attitude toward compliance, subjective norms, response efficacy and perceived vulnerability positively influence ISSP behavioral compliance intentions of employees. The data analysis did not support perceived severity and response cost as being predictors of ISSP behavioral compliance intentions. The study's implications for research and practice are discussed.},
author = {Ifinedo, Princely},
doi = {10.1016/j.cose.2011.10.007},
issn = {0167-4048},
journal = {Computers \& Security},
month = {February},
number = {1},
pages = {83-95},
shorttitle = {Understanding Information Systems Security Policy Compliance},
title = {Understanding Information Systems Security Policy Compliance: {{An}} Integration of the Theory of Planned Behavior and the Protection Motivation Theory},
volume = {31},
year = {2012}
}