S. Pahnila, M. Siponen, and A. Mahmood. Employees' Behavior towards IS Security Policy Compliance. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference On, 156b–156b. January 2007. doi:10.1109/HICSS.2007.206.
@inproceedings{pahnila_employees_2007,
abstract = {The literature agrees that the major threat to IS security is constituted by careless employees who do not comply with organizations' IS security policies and procedures. To address this concern, different approaches for ensuring employees' IS security policy compliance have been proposed. Prior research on IS security compliance has criticized these extant IS security awareness approaches as lacking theoretically and empirically grounded principles to ensure that employees comply with IS security policies. To fill this gap, this study proposes a theoretical model that contains the factors that explain employees' IS security policy compliance. Data (N=245) from a Finnish company provides empirical support for the model. The results suggest that information quality has a significant effect on actual IS security policy compliance. Employees' attitude, normative beliefs and habits have significant effect on intention to comply with IS security policy. Threat appraisal and facilitating conditions have significant impact on attitude towards complying, while coping appraisal does not have a significant effect on employees' attitude towards complying. Sanctions have insignificant effect on intention to comply with IS security policy and awards do not have a significant effect on actual compliance with IS security policy},
author = {Pahnila, S. and Siponen, M. and Mahmood, A.},
booktitle = {System {{Sciences}}, 2007. {{HICSS}} 2007. 40th {{Annual Hawaii International Conference}} On},
doi = {10.1109/HICSS.2007.206},
keywords = {Computer security,human factors,security of data,social aspects of automation,Data security,IS security policy,information systems,Information security,Appraisal,Context awareness,employee behavior,Ground support,Guidelines,Information processing,Information systems,Software measurement,statistical analysis,threat appraisal},
month = {January},
pages = {156b-156b},
title = {Employees' {{Behavior}} towards {{IS Security Policy Compliance}}},
year = {2007}
}