The SEM-based results showed that perceived severity of potential information security threats, employees’ belief as to whether they can apply and adhere to information security policies, perceived vulnerability to potential security threats, employees’ attitude toward complying with information security policies, and social norms toward complying with these policies had a significant and positive effect on the employees’ intention to comply with information security policies. Intention to comply with information security policies also had a significant impact on actual compliance with these policies.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| user perceived service quality of web portals | Yang et al., 2005 | no | pretest with n=15 | pilot | unclear | ||
| service quality instrument | Siponen, 2009 | no | pretest with n=15 | pilot | unclear | ||
| Intention to comply | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| Actual compliance | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| Attitude | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| Rewards | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| normative beliefs | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| Self-efficacy | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| Perceived Severity | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| Perceived Vulnerability | NEW? | yes, in English | pretest with n=15 | pilot | unclear | ||
| Response efficacy | NEW? | yes, in English | pretest with n=15 | pilot | unclear |
Mikko Siponen, M. Adam Mahmood, and Seppo Pahnila. Employees' adherence to information security policies: An exploratory field study. Information & management, 51(2):217–224, 2014. doi:10.1016/j.im.2013.08.006.
@article{siponen_employees_2014,
author = {Siponen, Mikko and Mahmood, M. Adam and Pahnila, Seppo},
doi = {10.1016/j.im.2013.08.006},
journal = {Information \& management},
number = {2},
pages = {217--224},
shorttitle = {Employees' Adherence to Information Security Policies},
title = {Employees' Adherence to Information Security Policies: {{An}} Exploratory Field Study},
volume = {51},
year = {2014}
}