Effective IS Security: An Empirical Study

Detmar W. Straub, Jr.
Detmar W. Straub, Jr.
Curtis L Carlson School of Management, University of Minnesota, 271 19th Avenue South, Minneapolis, MN 55455
Search for more papers by this author

Curtis L Carlson School of Management, University of Minnesota, 271 19th Avenue South, Minneapolis, MN 55455

Published Online:1 Sep 1990https://doi.org/10.1287/isre.1.3.255

Abstract

Information security has not been a high priority for most managers. Many permit their installations to be either lightly protected or wholly unprotected, apparently willing to risk major losses from computer abuse. This study, based on the criminological theory of general deterrence, investigates whether a management decision to invest in IS security results in more effective control of computer abuse. Data gathered through a survey of 1,211 randomly selected organizations indicates that security countermeasures that include deterrent administrative procedures and preventive security software will result in significantly lower computer abuse. Knowledge about these relationships is useful for making key decisions about the security function.

Cited by
- The power of persuasive messaging on improving password-change behavior in university information systems: Evidence from a large-scale field experiment
  Computers & Security, Vol. 169
- A Review of Cybercrime Research: Synthesis and Future Directions
  Information & Management, Vol. 36
- Barking Up the Wrong Tree? Reconsidering Policy Compliance as a Dependent Variable Within Behavioral Cybersecurity Research
  28 April 2025 | Information Systems Frontiers, Vol. 28, No. 2
- The Value of an Early Warning from Crowdsourced Cybersecurity Vulnerabilities
  13 March 2026 | Journal of Computer Information Systems
- Unraveling trust management in cybersecurity: insights from a systematic literature review
  27 August 2024 | Information Technology and Management, Vol. 27, No. 1
- Network Structures, Audit Policies and the Cost of Security Breaches
  11 July 2025 | Production and Operations Management, Vol. 35, No. 3
- Turn conflict into contribution: Understanding employees’ information security extra-role behavior under conflicts
  Computers & Security, Vol. 160
- Behavioral Approach to Security Risk Management: Empirical Research Results
  1 November 2025 | Poslovna izvrsnost - Business Excellence, Vol. 19, No. 2
- Exploring the Drivers of Content Entrepreneurs’ Compliance with Generative AI Policies: A Mixed-Methods Approach
  13 October 2025 | Journal of Theoretical and Applied Electronic Commerce Research, Vol. 20, No. 4
- A structured review of insider cybersecurity behaviour studies
  4 September 2025 | Information Security Journal: A Global Perspective, Vol. 34, No. 6
- Beyond the direct impact of sanctions and subjective norms in cybersecurity
  24 June 2025 | Information & Computer Security, Vol. 33, No. 5
- Privacy perceptions and the role of countermeasures on the usage of in-app commerce
  28 February 2025 | Behaviour & Information Technology, Vol. 44, No. 16
- The Illusion of Control in Smart Homes: How IoT App Privacy Statement and Device Interaction Complexity Impact User Security Practices
- Unveiling Insider Threats in South Korean Companies: Causes and Countermeasures Through Convenience Theory and Perceived Punishment
  12 August 2025 | Deviant Behavior, Vol. 15
- Conceptual inconsistencies in variable definitions and measurement items within ISP non-/compliance research: A systematic literature review
  Computers & Security, Vol. 152
- From usable design characteristics to usable information security policies: a reconceptualisation
  26 March 2025 | i-com, Vol. 24, No. 1
- Internal Audit and Accounting Information Security in Listed Companies: Enhancing Governance for Sustainable Development Goals
  20 March 2025 | Journal of Lifestyle and SDGs Review, Vol. 5, No. 4
- Reconsidering neutralization techniques in behavioral cybersecurity as cybersecurity hygiene discounting
  Computers & Security, Vol. 150
- Promoting employees’ information security vigilance by enhancing awareness: the roles of organizational climate and deterrence measures
  6 January 2025 | Security Journal, Vol. 38, No. 1
- The social media discontinuance model: the trio of dark side, regret, and privacy control
  15 March 2024 | Behaviour & Information Technology, Vol. 44, No. 3
- Information security policy effectiveness: a managerial perspective of the financial industry in Vietnam
  30 April 2024 | Information & Computer Security, Vol. 33, No. 1
- From awareness to behaviour: understanding cybersecurity compliance in Vietnam
  7 May 2024 | International Journal of Organizational Analysis, Vol. 33, No. 1
- Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking
  Malte Greulich; ,
  Sebastian Lins; ,
  Daniel Pienta; ,
  Jason Bennett Thatcher; ; ,
  Ali Sunyaev;
  8 January 2024 | Information Systems Research, Vol. 35, No. 4
- Exploration of Factors Affecting Pro-social Intention to Disclose Information in Healthcare Settings
  Korean Medical Education Review, Vol. 26, No. 3
- Employees as a Source of Security Issues in Times of Change and Stress: A Longitudinal Examination of Employees’ Security Violations during the COVID-19 Pandemic
  28 October 2023 | Journal of Business and Psychology, Vol. 39, No. 5
- What goes around comes around: an in-depth analysis of how respondents interpret ISP non-/compliance questionnaire items
  26 April 2024 | Information & Computer Security, Vol. 32, No. 4
- The relationship between the dark triad personality and cybersecurity
  12 September 2024
- Predicting Compliance of Security Policies: Norms and Sanctions
  7 August 2023 | Journal of Computer Information Systems, Vol. 64, No. 5
- Reducing fraud in organizations through information security policy compliance: An information security controls perspective
  Computers & Security, Vol. 144
- Bureaucracies in information securing: Transitioning from iron cages to iron shields
  Information and Organization, Vol. 34, No. 3
- Evaluating the effects of safety incentives on worker safety behavior control through image-based activity classification
  12 August 2024 | Frontiers in Public Health, Vol. 12
- Information Security Research in the Information Systems Discipline: A Thematic Review and Future Research Directions
  31 July 2024 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 55, No. 3
- Inconsistencies Between Information Security Policy Compliance and Shadow IT Usage
  19 July 2023 | Journal of Computer Information Systems, Vol. 64, No. 4
- The defining features of a robust information security climate
  Computers & Security, Vol. 142
- Fiends and Fools: A Narrative Review and Neo-socioanalytic Perspective on Personality and Insider Threats
  9 May 2023 | Journal of Business and Psychology, Vol. 39, No. 3
- Renforcer la sensibilisation à la sécurité de l’information dans un environnement de travail à distance : une exploration quantitative
  Management & Prospective, Vol. Volume 40, No. 3
- Enhancing Information Security Awareness in the Remote Work Environment: A Quantitative Exploration
  Management & Prospective, Vol. Volume 40, No. 3
- Shedding Light on the Dark: The Impact of Legal Enforcement on Darknet Transactions
  Jason Chan,
  Shu He,
  Dandan Qiao,
  Andrew Whinston
  4 May 2023 | Information Systems Research, Vol. 35, No. 1
- Time Will Tell: The Case for an Idiographic Approach to Behavioral Cybersecurity Research
  1 March 2024 | MIS Quarterly, Vol. 48, No. 1
- Understanding the deterrence effect of punishment for marine information security policies non-compliance
  Journal of Ocean Engineering and Science, Vol. 9, No. 1
- Facilitating and impeding factors to insiders’ prosocial rule breaking in South Korea
  Computers & Security, Vol. 136
- Chief Information Officers (CIOs) Joining Outside Boards of Directors: Impact on Their Home Firms’ Cybersecurity
  1 January 2024 | SSRN Electronic Journal, Vol. 41
- Identifying the idiosyncrasies of behavioral information security discourse and proposing future research directions: A Foucauldian perspective
  8 June 2023 | Journal of Information Technology, Vol. 38, No. 4
- The influence of familiarity with Information Technology on the effects of deterrence
  23 November 2022 | Current Psychology, Vol. 42, No. 33
- Employees' in-role and extra-role information security behaviors from the P-E fit perspective
  Computers & Security, Vol. 133
- Designing an incentive mechanism for information security policy compliance: An experiment
  Journal of Economic Behavior & Organization, Vol. 212
- The impact of work pressure and work completion justification on intentional nonmalicious information security policy violation intention
  Computers & Security, Vol. 130
- The role of collectivism and moderating effect of IT proficiency on intention to disclose protected health information
  16 March 2022 | Information Technology and Management, Vol. 24, No. 2
- The influence of organizational values on employee attitude and information security behavior: the mediating role of psychological capital
  15 May 2023 | Information & Computer Security, Vol. 31, No. 2
- Can peers help reduce violations of information security policies? The role of peer monitoring
  21 September 2021 | European Journal of Information Systems, Vol. 32, No. 3
- Where authorities fail and experts excel: Influencing internet users’ compliance intentions
  Computers & Security, Vol. 128
- What are the trend and core knowledge of information security? A citation and co-citation analysis
  Information & Management, Vol. 60, No. 3
- Computer crime motives: Do we have it right?
  18 February 2023 | Sociology Compass, Vol. 17, No. 4
- Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse
  A. J. Burns,
  Tom L. Roberts,
  Clay Posey,
  Paul Benjamin Lowry,
  Bryan Fuller
  10 May 2022 | Information Systems Research, Vol. 34, No. 1
- Social media discontinuance: the salient roles of dark side and regret
  31 March 2023 | Journal of Information Technology Case and Application Research, Vol. 25, No. 1
- Research on Personal Information Security Protection of Social Networks in the Era of Big Data
  26 July 2023
- Detecting and Rectifying the Non-Malicious Insider Threat in a Healthcare Setting
  International Journal of Systems and Software Security and Protection, Vol. 13, No. 1
- Cyber-Resiliency for Digital Enterprises: A Strategic Leadership Perspective
  IEEE Transactions on Engineering Management, Vol. 69, No. 6
- Information Privacy Assimilation in IT Organizations
  22 June 2021 | Information Systems Frontiers, Vol. 24, No. 5
- Employees' intentions toward complying with information security controls in Saudi Arabia's public organisations
  Government Information Quarterly, Vol. 39, No. 4
- Cultivating proactive information security behavior and individual creativity: The role of human relations culture and IT use governance
  Information & Management, Vol. 59, No. 6
- That's interesting: An examination of interest theory and self‐determination in organisational cybersecurity training
  30 December 2021 | Information Systems Journal, Vol. 32, No. 4
- Security quality of KMS and KMS adoption: The context of SMEs
  7 September 2021 | Human Systems Management, Vol. 41, No. 3
- A Cyber-Security Culture Framework for Assessing Organization Readiness
  23 November 2020 | Journal of Computer Information Systems, Vol. 62, No. 3
- Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement
  Debabrata Dey,
  Abhijeet Ghoshal,
  Atanu Lahiri
  11 August 2021 | Management Science, Vol. 68, No. 4
- Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios
  9 February 2021 | Information Systems Frontiers, Vol. 24, No. 2
- Rumor recognition behavior of social media users in emergencies
  Journal of Management Science and Engineering, Vol. 7, No. 1
- Antecedent factors of violation of information security rules
  17 December 2021 | RAUSP Management Journal, Vol. 57, No. 1
- Voluntary and instrumental information security policy compliance: an integrated view of prosocial motivation, self-regulation and deterrence
  Computers & Security, Vol. 113
- Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions
  24 January 2022 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 53, No. 1
- Motivating Information Security Policy Compliance: Insights from Perceived Organizational Formalization
  21 November 2019 | Journal of Computer Information Systems, Vol. 62, No. 1
- A Configurational Analysis of the Causes of Consumer Indirect Misbehaviors in Access-Based Consumption
  6 October 2020 | Journal of Business Ethics, Vol. 175, No. 1
- The explanatory power of citations: a new approach to unpacking impact in science
  5 August 2021 | Scientometrics, Vol. 126, No. 12
- From awareness to influence: toward a model for improving employees’ security behaviour
  15 March 2021 | Personal and Ubiquitous Computing, Vol. 25, No. 5
- Can It Clean Up Your Inbox? Evidence from South Korean Anti‐spam Legislation
  1 August 2021 | Production and Operations Management, Vol. 30, No. 8
- Enhancing employees information security awareness in private and public organisations: A systematic literature review
  Computers & Security, Vol. 106
- Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model
  23 June 2021 | International Journal of Environmental Research and Public Health, Vol. 18, No. 13
- Assessing the Moderating Effect of Security Technologies on Employees Compliance with Cybersecurity Control Procedures
  3 February 2021 | ACM Transactions on Management Information Systems, Vol. 12, No. 2
- Revolution and stability in the study of the human factor in the security of information systems field : A systematic literature review over 30 years of publication
- Does Technostress Trigger Insider Threat? A Conceptual Model and Mitigation Solutions
- Can financial incentives help with the struggle for security policy compliance?
  Information & Management, Vol. 58, No. 4
- SoK: Quantifying Cyber Risk
- The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence
  11 December 2019 | Information Systems Frontiers, Vol. 23, No. 2
- The role of deterrability for the effect of multi-level sanctions on information security policy compliance: Results of a multigroup analysis
  Information & Management, Vol. 58, No. 3
- Curbing cyberloafing: studying general and specific deterrence effects with field evidence
  3 May 2020 | European Journal of Information Systems, Vol. 30, No. 2
- College students information security awareness: a comparison between smartphones and computers
  16 September 2020 | Education and Information Technologies, Vol. 26, No. 2
- Cyber risk management: History and future research directions
  9 March 2021 | Risk Management and Insurance Review, Vol. 24, No. 1
- Information system security policy noncompliance: the role of situation-specific ethical orientation
  6 April 2020 | Information Technology & People, Vol. 34, No. 1
- Toward a Unified View of Dynamic Information Security Behaviors
  22 January 2021 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 52, No. 1
- Gestion des usages des technologies numériques dans les organisations : une approche qualitative par le contrôle organisationnel et les chartes informatiques
  Systèmes d'information & management, Vol. Volume 25, No. 3
- An Institutional Repository in a Developing Country: security and Ethical Encounters at the Bindura University of Science Education, Zimbabwe
  16 October 2020 | New Review of Academic Librarianship, Vol. 27, No. 1
- Bibliometric Analysis of Economic, Social and Information Security Research
  1 January 2021 | SocioEconomic Challenges, Vol. 5, No. 2
- Intellectual Property Regulation, and Software Piracy, a Predictive Model
- Coping Strategies and Paradoxes Related to BYOD Information Security Threats in France
- The Cultural Foundation of Information Security Behavior
- Too Good to Be True: Firm Social Performance and the Risk of Data Breach
  John D’Arcy,
  Idris Adjerid,
  Corey M. Angst,
  Ante Glavas
  18 September 2020 | Information Systems Research, Vol. 31, No. 4
- The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context
  Sumantra Sarkar,
  Anthony Vance,
  Balasubramaniam Ramesh,
  Menelaos Demestihas,
  Daniel Thomas Wu
  17 September 2020 | Information Systems Research, Vol. 31, No. 4
- A Semiotic Examination of the Security Policy Lifecycle
- Non-Compliant Mobile Device Usage and Information Systems Security: A Bystander Theory Perspective
- Dimensions that characterize and mechanisms that cause the misuse of information systems for corrupt practices in the Nigerian public sector
  13 April 2020 | THE ELECTRONIC JOURNAL OF INFORMATION SYSTEMS IN DEVELOPING COUNTRIES, Vol. 86, No. 6
- WITHDRAWN: Time pressure in human cybersecurity behavior: Theoretical framework and countermeasures
  Computers & Security, Vol. 97
- Time pressure in human cybersecurity behavior: Theoretical framework and countermeasures
  Computers & Security, Vol. 97
- Implementing Data-Based Bank Loan Application via MS Access
  10 December 2020
- Appealing to Sense and Sensibility: System 1 and System 2 Interventions for Fake News on Social Media
  Patricia L. Moravec,
  Antino Kim,
  Alan R. Dennis
  13 August 2020 | Information Systems Research, Vol. 31, No. 3
- A meta-analysis of the deterrence theory in security-compliant and security-risk behaviors
  Computers & Security, Vol. 96
- Peers matter: The moderating role of social influence on information security policy compliance
  7 February 2020 | Information Systems Journal, Vol. 30, No. 5
- Factors influencing the information security behaviour of IT employees
  29 May 2019 | Behaviour & Information Technology, Vol. 39, No. 8
- Toward a stage theory of the development of employees’ information security behavior
  Computers & Security, Vol. 93
- Technical codes’potentialities in cybersecurity. A contextual approach on the ethics of small digital organizations in France
- Organizational Adoption of Information Security Solutions
  18 May 2020 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 51, No. 2
- The role of abusive supervision and organizational commitment on employees' information security policy noncompliance intention
  Internet Research, Vol. 30, No. 5
- SoK: Cyber Insurance – Technical Challenges and a System Security Roadmap
- Decreasing the problematic use of an information system: An empirical investigation of smartphone game players
  28 October 2019 | Information Systems Journal, Vol. 30, No. 3
- Anger or fear? Effects of discrete emotions on employee’s computer-related deviant behavior
  Information & Management, Vol. 57, No. 3
- Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective
  14 April 2020 | Sustainability, Vol. 12, No. 8
- The Cultural Foundation of Information Security Behavior
  Journal of Database Management, Vol. 31, No. 2
- Coping Strategies and Paradoxes Related to BYOD Information Security Threats in France
  Journal of Global Information Management, Vol. 28, No. 2
- Information security policy noncompliance: An integrative social influence model
  13 August 2019 | Information Systems Journal, Vol. 30, No. 2
- The Impact of Awareness of Being Monitored on Computer Usage Policy Compliance: An Agency View
  29 August 2019 | Journal of Information Systems, Vol. 34, No. 1
- Do Reputational Sanctions Deter Negligence in Information Security Management? A Field Quasi‐Experiment
  1 February 2020 | Production and Operations Management, Vol. 29, No. 2
- Cybersicherheit als Führungsaufgabe in Schweizer KMU
  2 November 2019
- State of the art in information security policy development
  Computers & Security, Vol. 88
- A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research
  25 October 2019 | Information Systems Frontiers, Vol. 21, No. 6
- Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments
  9 November 2019 | Information Systems Frontiers, Vol. 21, No. 6
- Perceived argument quality's effect on threat and coping appraisals in fear appeals: An experiment and exploration of realism check heuristics
  Information & Management, Vol. 56, No. 8
- Deterrence approach on the compliance with electronic medical records privacy policy: the moderating role of computer monitoring
  4 December 2019 | BMC Medical Informatics and Decision Making, Vol. 19, No. 1
- Security Organizing
  1 November 2019 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 50, No. 4
- Organizational practices as antecedents of the information security management performance
  Information Technology & People, Vol. 32, No. 5
- Nudging with construal level theory to improve online password use and intended password choice
  Information Technology & People, Vol. 32, No. 4
- Investigating power styles and behavioural compliance for effective hospital administration
  International Journal of Health Care Quality Assurance, Vol. 32, No. 6
- Organizational Control Policy, Information Security Deviance, and Moderating Effect of Power Distance Orientation
  International Journal of Cyber Behavior, Psychology and Learning, Vol. 9, No. 3
- Information Securing in Organizations
  12 June 2019
- Organizational cloud security and control: a proactive approach
  Information Technology & People, Vol. 32, No. 3
- Organizational formalization and employee information security behavioral intentions based on an extended TPB model
- Analysis of Information Security News Content and Abnormal Returns of Enterprises
  27 April 2019 | Big Data and Cognitive Computing, Vol. 3, No. 2
- Examining the impact of deterrence factors and norms on resistance to Information Systems Security
  Computers in Human Behavior, Vol. 92
- Cybercrime: an emerging threat to the banking sector of Pakistan
  Journal of Financial Crime, Vol. 26, No. 1
- Critical impact of organizational and individual inertia in explaining non-compliant security behavior in the Shadow IT context
  Computers & Security, Vol. 80
- Cognitive‐affective drivers of employees' daily compliance with information security policies: A multilevel, longitudinal study
  8 November 2017 | Information Systems Journal, Vol. 29, No. 1
- The interstitiality of IT risk: An inquiry into information systems development practices
  28 February 2018 | Information Systems Journal, Vol. 29, No. 1
- Why Employees (Still) Click on Phishing Links: An Investigation in Hospitals
  SSRN Electronic Journal, Vol. 50
- Shedding Light on the Dark: The Impact of Legal Enforcement on Darknet Transactions
  SSRN Electronic Journal, Vol. 72
- Security and Privacy Issues in Cloud-Based E-Government
- Understanding Information Security Behaviours of Tanzanian Government Employees
  International Journal of Technology and Human Interaction, Vol. 15, No. 1
- Cybersecurity Research: A Review of Current Research Topics
  8 November 2018 | Journal of Industrial Integration and Management, Vol. 03, No. 04
- From improper to acceptable: How perpetrators neutralize workplace bullying behaviors in the cyber world
  Information & Management, Vol. 55, No. 7
- Social control through deterrence on the compliance with information security policy
  3 July 2018 | Soft Computing, Vol. 22, No. 20
- A Study on the Prevention of Cyberbullying in Workplaces
- Applying the Randomized Response Technique in Business Ethics Research: The Misuse of Information Systems Resources in the Workplace
  1 July 2016 | Journal of Business Ethics, Vol. 151, No. 1
- Strategic value alignment for information security management: a critical success factor analysis
  Information & Computer Security, Vol. 26, No. 2
- Factors associated with security/cybersecurity audit by internal audit function
  3 April 2018 | Managerial Auditing Journal, Vol. 33, No. 4
- The impact of relational leadership and social alignment on information security system effectiveness in Korean governmental organizations
  International Journal of Information Management, Vol. 40
- Investigating Knowledge Flows between Information Systems and Other Disciplines:
  25 May 2018 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 49, No. 2
- Navigating Rumsfeld's quadrants: A performative perspective on IT risk management
  Technology in Society, Vol. 53
- Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism
  14 May 2018 | Sustainability, Vol. 10, No. 5
- Disentangling the Motivations for Organizational Insider Computer Abuse through the Rational Choice and Life Course Perspectives
  25 April 2018 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 49, No. SI
- Definition and Multidimensionality of Security Awareness
  25 April 2018 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 49, No. SI
- Self-control, organizational context, and rational choice in Internet abuses at work
  Information & Management, Vol. 55, No. 3
- Making information security research great again: Assumptions and practical aspects of case-study research in information security
- Information security policy compliance: a higher education case study
  Information & Computer Security, Vol. 26, No. 1
- To Tell or Not to Tell
  CIN: Computers, Informatics, Nursing, Vol. 36, No. 3
- Examining employee computer abuse intentions: insights from justice, deterrence and neutralization perspectives
  2 December 2016 | Information Systems Journal, Vol. 28, No. 2
- Toward a Unified Model of Information Security Policy Compliance1
  1 March 2018 | MIS Quarterly, Vol. 42, No. 1
- Les questionnements éthiques en systèmes d’information
  27 June 2018 | Revue Française de Gestion, Vol. 44, No. 271
- Integration of Information Systems and Cybersecurity Countermeasures
  1 February 2018 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 49, No. 1
- Employee Security Behaviour: The Importance of Education and Policies in Organisational Settings
  28 March 2018
- A Visual Analysis of Research on Information Security Risk by Using CiteSpace
  IEEE Access, Vol. 6
- Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement
  SSRN Electronic Journal, Vol. 19
- Information Security Policy Compliance
  SSRN Electronic Journal, Vol. 42
- A Semiotic Examination of the Security Policy Lifecycle
- Non-Compliant Mobile Device Usage and Information Systems Security: A Bystander Theory Perspective
  International Journal of Information Systems and Social Change, Vol. 9, No. 1
- A Study on the Prevention of Cyberbullying in Workplaces
  International Journal of Technoethics, Vol. 9, No. 1
- Beyond Cybersecurity Awareness
  28 December 2017
- A Deterrence Approach to Regulate Nurses’ Compliance with Electronic Medical Records Privacy Policy
  3 November 2017 | Journal of Medical Systems, Vol. 41, No. 12
- Workplace Cyberdeviance
  28 August 2017
- Determinants of early conformance with information security policies
  Information & Management, Vol. 54, No. 7
- Which phish get caught? An exploratory study of individuals′ susceptibility to phishing
  15 February 2018 | European Journal of Information Systems, Vol. 26, No. 6
- Organizational information security policies: a review and research framework
  15 February 2018 | European Journal of Information Systems, Vol. 26, No. 6
- Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda
  15 February 2018 | European Journal of Information Systems, Vol. 26, No. 6
- Deterrence and punishment experience impacts on ISP compliance attitudes
  Information & Computer Security, Vol. 25, No. 4
- When Do IT Security Investments Matter? Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches1
  1 September 2017 | MIS Quarterly, Vol. 41, No. 3
- Review of IS Security Policy Compliance
  2 August 2017 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 48, No. 3
- Enabling Effective Operational Risk Management in a Financial Institution: An Action Research Study
  7 November 2017 | Journal of Management Information Systems, Vol. 34, No. 3
- Organisational culture, procedural countermeasures, and employee security behaviour
  Information & Computer Security, Vol. 25, No. 2
- Organizational information security as a complex adaptive system: insights from three agent-based models
  4 November 2015 | Information Systems Frontiers, Vol. 19, No. 3
- Exploring behavioral information security networks in an organizational context: An empirical case study
  Journal of Information Security and Applications, Vol. 34
- The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data
  18 July 2017 | Journal of Information Privacy and Security, Vol. 13, No. 2
- Effects of innovation-supportive culture and organizational citizenship behavior on e-government information system security stemming from mimetic isomorphism
  Government Information Quarterly, Vol. 34, No. 2
- The role of information security learning and individual factors in disclosing patients' health information
  Computers & Security, Vol. 65
- Towards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method
  The Journal of Strategic Information Systems, Vol. 26, No. 1
- To Cyberloaf or Not to Cyberloaf: The Impact of the Announcement of Formal Organizational Controls
  20 April 2017 | Journal of Management Information Systems, Vol. 34, No. 1
- Behavior Change Interventions for Cybersecurity
- An Exploration Regarding Issues in Insider Threat
- Strategic Approach towards Clinical Information Security
- Resistance and power in a security certification scheme: The case of c:cure
  Decision Support Systems, Vol. 92
- Theorising on risk homeostasis in the context of information security behaviour
  Information and Computer Security, Vol. 24, No. 5
- The Impact of the Security Competency on “Self-Efficacy in Information Security” for Effective Health Information Security in Iran
  28 September 2016 | Journal of Medical Systems, Vol. 40, No. 11
- A theory-based review of information security behavior in the organization and home context
- The Effect of Information Security Certification Announcement on the Market Value of Firms
  Journal of the Korea society of IT services, Vol. 15, No. 3
- Leadership of Information Security Manager on the Effectiveness of Information Systems Security for Secure Sustainable Computing
  7 July 2016 | Sustainability, Vol. 8, No. 7
- Business Process and Information Security: A Cross-Listing Perspective
  19 October 2016 | Journal of Industrial Integration and Management, Vol. 01, No. 02
- Factors influencing the intention to comply with data protection regulations in hospitals: based on gender differences in behaviour and deterrence
  19 December 2017 | European Journal of Information Systems, Vol. 25, No. 2
- SECURQUAL: An Instrument for Evaluating the Effectiveness of Enterprise Information Security Programs
  1 August 2015 | Journal of Information Systems, Vol. 30, No. 1
- Friend or Foe
  19 February 2016 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 47, No. 1
- The influence of information security on the adoption of web-based integrated information systems: an e-government study in Peru
  13 January 2015 | Information Technology for Development, Vol. 22, No. 1
- Critical Times for Organizations: What Should Be Done to Curb Workers’ Noncompliance With IS Security Policy Guidelines?
  30 November 2015 | Information Systems Management, Vol. 33, No. 1
- Institutionalizing Operational Risk Management: An Empirical Study
- The Impact of the Security Competency on “Self-efficacy in Information Security” for Effective Health Information Security in Iran
  3 March 2016
- A model of emotion and computer abuse
  Information & Management, Vol. 53, No. 1
- Security and Privacy Issues in Cloud-Based E-Government
- Strategic Approach towards Clinical Information Security
- Potential Problems with Information Security Risk Assessments
  27 October 2015 | Information Security Journal: A Global Perspective, Vol. 24, No. 4-6
- The Causal Relationship between Information Security Countermeasures and Information System Misuse
  Journal of the Korea society of IT services, Vol. 14, No. 4
- The Role of the Decision-Making Regime on Cooperation in a Workgroup Social Dilemma: An Examination of Cyberloafing
  5 November 2015 | Games, Vol. 6, No. 4
- The Effect of a Surveillance Banner in an Attacked Computer System
  13 June 2015 | Journal of Research in Crime and Delinquency, Vol. 52, No. 6
- A study on the Relationship between Cyberloafing Characteristic and Cognitive Dissonance
  Journal of the Korea Society of Computer and Information, Vol. 20, No. 9
- Explaining the Misuse of Information Systems Resources in the Workplace: A Dual-Process Approach
  15 July 2014 | Journal of Business Ethics, Vol. 131, No. 1
- Game of information security investment: Impact of attack types and network vulnerability
  Expert Systems with Applications, Vol. 42, No. 15-16
- Knowing about your food from the farm to the table: Using information systems that reduce information asymmetry and health risks in retail contexts
  Information & Management, Vol. 52, No. 6
- Proposing the control‐reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies
  8 July 2014 | Information Systems Journal, Vol. 25, No. 5
- Does Device Matter? Understanding How User, Device, and Usage Characteristics Influence Risky IT Behaviors of Individuals
- Factors Affecting Individual Information Security Practices
  4 June 2015
- The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness
  Jack Shih-Chieh Hsu,
  Sheng-Pao Shih,
  Yu Wen Hung,
  Paul Benjamin Lowry
  19 June 2015 | Information Systems Research, Vol. 26, No. 2
- Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources
  Information & Management, Vol. 52, No. 4
- The Influence of Organizational Information Security Culture on Information Security Decision Making
  18 May 2015 | Journal of Cognitive Engineering and Decision Making, Vol. 9, No. 2
- Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust
  24 February 2015 | Information Systems Journal, Vol. 25, No. 3
- Estimating the Contextual Risk of Data Breach: An Empirical Approach
  28 August 2015 | Journal of Management Information Systems, Vol. 32, No. 2
- Improving the information security culture through monitoring and implementation actions illustrated through a case study
  Computers & Security, Vol. 49
- Insider Threats in a Financial Institution: Analysis of Attack-Proneness of Information Systems Applications1
  1 March 2015 | MIS Quarterly, Vol. 39, No. 1
- An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning RhetoriC1
  1 March 2015 | MIS Quarterly, Vol. 39, No. 1
- Information Systems Security
  21 January 2015
- A system dynamics model for information security management
  Information & Management, Vol. 52, No. 1
- The Role of Self-Control in Information Security Violations: Insights from a Cognitive Neuroscience Perspective
  15 April 2015 | Journal of Management Information Systems, Vol. 31, No. 4
- Assessing the Role of Security Education, Training, and Awareness on Insiders' Security-Related Behavior: An Expectancy Theory Approach
- Evolvement of Information Security Research on Employees' Behavior: A Systematic Review and Future Direction
- Composition of the Top Management Team and Information Security Breaches
- Information Security Program Effectiveness in Organizations
- Composition of the Top Management Team and Information Security Breaches
- A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate
  IEEE Transactions on Professional Communication, Vol. 57, No. 4
- I'm Game, are You? Reducing Real-World Security Threats by Managing Employee Activity in Online Social Networks
  1 April 2014 | Journal of Information Systems, Vol. 28, No. 2
- Information security awareness and behavior: a theory-based literature review
  Management Research Review, Vol. 37, No. 12
- Information security awareness through the use of social media
- Exploring the effects of organizational justice, personal ethics and sanction on internet use policy compliance
  27 March 2014 | Information Systems Journal, Vol. 24, No. 6
- The Impact of Information Security Awareness on Compliance with Information Security Policies: a Phishing Perspective
- Information security
  Information Management & Computer Security, Vol. 22, No. 3
- Understanding the Drivers of Unethical Programming Behavior: The Inappropriate Reuse of Internet-Accessible Code
  9 March 2015 | Journal of Management Information Systems, Vol. 31, No. 3
- An economic mechanism to manage operational security risks for inter-organizational information systems
  28 March 2012 | Information Systems Frontiers, Vol. 16, No. 3
- Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders
  Information & Management, Vol. 51, No. 5
- Explaining Users' Security Behaviors with the Security Belief Model
  Journal of Organizational and End User Computing, Vol. 26, No. 3
- An exploratory investigation of message-person congruence in information security awareness campaigns
  Computers & Security, Vol. 43
- Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture
  Computers & Security, Vol. 43
- An emote opportunity model of computer abuse
  Information Technology & People, Vol. 27, No. 2
- Behavioral Information Security Management
  1 May 2014
- Privacy, Accuracy and Accessibility of Digital Business
  1 May 2014
- Is Your Banker Leaking Your Personal Information? The Roles of Ethics and Individual-Level Cultural Characteristics in Predicting Organizational Computer Abuse
  25 April 2013 | Journal of Business Ethics, Vol. 121, No. 3
- Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations
  19 December 2017 | European Journal of Information Systems, Vol. 23, No. 3
- Information security strategies: towards an organizational multi-strategy perspective
  22 July 2012 | Journal of Intelligent Manufacturing, Vol. 25, No. 2
- Exploring the Effect of Knowledge Transfer Practices on User Compliance to IS Security Practices
  International Journal of Knowledge Management, Vol. 10, No. 2
- Intrinsic and Extrinsic Factors Impacting Individuals' Cyber Ethics Awareness and Behavior Intention
  The Journal of Information Systems, Vol. 23, No. 1
- Recommendations for information security awareness training for college students
  Information Management & Computer Security, Vol. 22, No. 1
- Institutionalizing Operational Risk Management: An Empirical Study
  1 March 2014 | Journal of Information Technology, Vol. 29, No. 1
- A Conceptual Interdisciplinary Plug-and-Play Cyber Security Framework
  8 April 2014
- Designing Effective Knowledge Transfer Practices to Improve IS Security Awareness and Compliance
- Bridging the Divide: A Qualitative Comparison of Information Security Thought Patterns between Information Security Professionals and Ordinary Organizational Insiders
  SSRN Electronic Journal, Vol. 63
- Information Security Program Effectiveness in Organizations
  Journal of Organizational and End User Computing, Vol. 26, No. 1
- Music as a Service als Alternative für Musikpiraten?
  31 October 2013 | WIRTSCHAFTSINFORMATIK, Vol. 55, No. 6
- Music as a Service as an Alternative to Music Piracy?
  31 October 2013 | Business & Information Systems Engineering, Vol. 5, No. 6
- Insiders’ Protection of Organizational Information Assets: Development of a Systematics-Based Taxonomy and Theory of Diversity for Protection-Motivated Behaviors1
  1 December 2013 | MIS Quarterly, Vol. 37, No. 4
- Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory
  Computers & Security, Vol. 39
- A novel approach to evaluate software vulnerability prioritization
  Journal of Systems and Software, Vol. 86, No. 11
- Social action theory for understanding information security non-compliance in hospitals
  Information Management & Computer Security, Vol. 21, No. 4
- Using the theory of interpersonal behavior to explain non-work-related personal use of the Internet at work
  Information & Management, Vol. 50, No. 6
- The Textual Contents of Media Reports of Information Security Breaches and Profitable Short-Term Investment Opportunities
  Journal of Organizational Computing and Electronic Commerce, Vol. 23, No. 3
- The Drivers in the Use of Online Whistle-Blowing Reporting Systems
  8 December 2014 | Journal of Management Information Systems, Vol. 30, No. 1
- Risk Mitigation in Supply Chain Digitization: System Modularity and Information Technology Governance
  8 December 2014 | Journal of Management Information Systems, Vol. 30, No. 1
- Today’s Action is Better than Tomorrow’s Cure - Evaluating Information Security at a Premier Indian Business School
  Journal of Cases on Information Technology, Vol. 15, No. 3
- A Composite Framework for Behavioral Compliance with Information Security Policies
  Journal of Organizational and End User Computing, Vol. 25, No. 3
- The Association Between the Disclosure and the Realization of Information Security Risk Factors
  Tawei Wang,
  Karthik N. Kannan,
  Jackie Rees Ulmer,
  5 October 2012 | Information Systems Research, Vol. 24, No. 2
- Determining the antecedents of digital security practices in the general public dimension
  8 June 2013 | Information Technology and Management, Vol. 14, No. 2
- An Empirical Study on Influential Factors of the Development and Implementation in Firm Security Management
  Management & Information Systems Review, Vol. 32, No. 2
- The effects of sanctions and stigmas on cyberloafing
  Computers in Human Behavior, Vol. 29, No. 3
- Taking value-networks to the cloud services: security services, semantics and service level agreements
  31 December 2011 | Information Systems and e-Business Management, Vol. 11, No. 1
- Organizational power and information security rule compliance
  Computers & Security, Vol. 33
- A Study of the Factors that Influence the Information Security Policy Compliance of Employees in Financial Firms
  Journal of Korea Service Management Society, Vol. 14, No. 1
- Beyond Deterrence: An Expanded View of Employee Computer Abuse1
  1 March 2013 | MIS Quarterly, Vol. 37, No. 1
- Security-related behavior in using information systems in the workplace: A review and synthesis
  Computers & Security, Vol. 32
- Macroeconomics of privacy and security for identity management and surveillance
  Kybernetes, Vol. 42, No. 1
- Constructing Conceptual Model for Security Culture in Health Information Systems Security Effectiveness
- An Empirical Study on Information Security Behaviors and Awareness
  8 October 2013
- Employees' Information Security Awareness and Behavior: A Literature Review
- Information Security Policy Compliance: An Empirical Study of Ethical Ideology
- Social Factors in Policy Compliance -- Evidence Found in Literature to Assist the Development of Policies in Information Security Management
- Risk-Mitigation in Supply Chain Digitization: A Study of System Modularity and IT Governance
  SSRN Electronic Journal, Vol. 10
- Employee Misuse of Information Technology Resources: Testing a Contemporary Deterrence Model
  22 October 2012 | Decision Sciences, Vol. 43, No. 6
- Organizations' Information Security Policy Compliance: Stick or Carrot Approach?
  9 December 2014 | Journal of Management Information Systems, Vol. 29, No. 3
- Improving information security management: An analysis of ID–password usage and a new login vulnerability measure
  International Journal of Information Management, Vol. 32, No. 5
- A Firm's Environmental Determinants Impacting the Information Security Management and the Moderating Effects of Regulatory Influence
  Journal of the Korean Operations Research and Management Science Society, Vol. 37, No. 3
- Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture*
  28 May 2012 | Decision Sciences, Vol. 43, No. 4
- Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks
  4 July 2012 | Decision Sciences, Vol. 43, No. 4
- WITHDRAWN: The effects of multilevel sanctions on information security violations: A mediating model
  Information & Management, Vol. 50
- Analyzing Information Systems Security Research to Find Key Topics, Trends, and Opportunities
  7 July 2014 | Journal of Information Privacy and Security, Vol. 8, No. 3
- Style Composition in Action Research Publication1
  1 June 2012 | MIS Quarterly, Vol. 36, No. 2
- Did IT consulting firms gain when their clients were breached?
  Computers in Human Behavior, Vol. 28, No. 2
- Unrealistic optimism on information security management
  Computers & Security, Vol. 31, No. 2
- A Conceptual Analysis about the Organizational Impact of Compliance on Information Security Policy
- Cognitive Elaboration on Potential Outcomes and Its Effects on Employees’ Information Security Policy Compliance Intention–Exploring the Key Antecedents
- Towards Understanding Deterrence: Information Security Managers’ Perspective
  7 December 2011
- Investigating the Effectiveness of IS Security Countermeasures towards Cyber Attacker Deterrence
- A Composite Framework for Behavioral Compliance with Information Security Policies
- Reducing Unauthorized Access by Insiders through User Interface Design: Making End Users Accountable
- Security Policy Compliance: User Acceptance Perspective
- The Development of a Model for Information Systems Security Success
- Examining an Individual’s Perceived Need for Privacy and Security
- Online Social Networking
  International Journal of Cyber Warfare and Terrorism, Vol. 2, No. 1
- IS Security Policy Violations
  Journal of Organizational and End User Computing, Vol. 24, No. 1
- Value conflicts for information security management
  The Journal of Strategic Information Systems, Vol. 20, No. 4
- A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings
  19 December 2017 | European Journal of Information Systems, Vol. 20, No. 6
- Security Risk Management at a Fortune 500 Firm: A Case Study
  10 September 2014 | Journal of Information Privacy and Security, Vol. 7, No. 4
- Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
  8 December 2014 | Journal of Management Information Systems, Vol. 28, No. 2
- Information systems resources and information security
  27 April 2010 | Information Systems Frontiers, Vol. 13, No. 4
- Understanding the mindset of the abusive insider: An examination of insiders’ causal reasoning following internal security changes
  Computers & Security, Vol. 30, No. 6-7
- Moderating effect between information systems resources and information security: A conceptual framework
- An Empirical Study on Motivational Factors Influencing Information Security Policy Compliance and Security Behavior of End-Users(Employees) in Organizations
  The e-Business Studies, Vol. 12, No. 3
- Impacts of organizational capabilities in information security
  Information Management & Computer Security, Vol. 19, No. 3
- Individual Trust and Consumer Risk Perception
  10 September 2014 | Journal of Information Privacy and Security, Vol. 7, No. 3
- Punishment, Justice, and Compliance in Mandatory IT Settings
  Yajiong Xue,
  Huigang Liang,
  Liansheng Wu,
  19 February 2010 | Information Systems Research, Vol. 22, No. 2
- The influence of the informal social learning environment on information privacy policy compliance efficacy and intention
  19 December 2017 | European Journal of Information Systems, Vol. 20, No. 3
- Detecting complex account fraud in the enterprise: The role of technical and non-technical controls
  Decision Support Systems, Vol. 50, No. 4
- Surveillance, Privacy and the Law of Requisite Variety
- Securing Health Care: Assessing Factors That Affect HIPAA Security Compliance in Academic Medical Centers
- A Confirmatory Analysis of Information Systems Security Success Factors
- Examining an Individual’s Perceived Need for Privacy and Security
- Knowledge for Managing Information Systems Security
- Social Network Analysis of a Criminal Hacker Community
  11 December 2015 | Journal of Computer Information Systems, Vol. 51, No. 2
- Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study1
  1 December 2010 | MIS Quarterly, Vol. 34, No. 4
- Impact of Negative Message Framing on Security Adoption
  11 December 2015 | Journal of Computer Information Systems, Vol. 51, No. 1
- Moving Toward Black Hat Research in Information Systems Security: An Editorial Introduction to the Special Issue
  1 September 2010 | MIS Quarterly, Vol. 34, No. 3
- Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations1
  1 September 2010 | MIS Quarterly, Vol. 34, No. 3
- Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness1
  1 September 2010 | MIS Quarterly, Vol. 34, No. 3
- The Impact of Malicious Agents on the Enterprise Software Industry1
  1 September 2010 | MIS Quarterly, Vol. 34, No. 3
- Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions1
  1 September 2010 | MIS Quarterly, Vol. 34, No. 3
- The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the Deceived
  8 December 2014 | Journal of Management Information Systems, Vol. 27, No. 1
- Capturing user readiness to interact with information systems
  12 May 2010 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 41, No. 2
- The role of task characteristics and organizational culture in non-work-related computing
  12 May 2010 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 41, No. 2
- Quantification, Optimization and Uncertainty Modeling in Information Security Risks
  Information Resources Management Journal, Vol. 23, No. 2
- A framework and assessment instrument for information security culture
  Computers & Security, Vol. 29, No. 2
- Toward user patterns for online security: Observation time and online user identification
  Decision Support Systems, Vol. 48, No. 4
- Information Assurance in Saudi Organizations – An Empirical Study
- Making Sound Security Investment Decisions
  10 September 2014 | Journal of Information Privacy and Security, Vol. 6, No. 1
- New Insights for an Old Problem: Explaining Software Piracy through Neutralization Theory
- Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data
- Quality and Fairness of an Information Security Policy As Antecedents of Employees' Security Engagement in the Workplace: An Empirical Investigation
- Factors Influencing the Implementation of Information Systems Security Strategies in Organizations
- Roles of perceived risk and usefulness in information system security adoption
- Securing IS assets through hacker deterrence: A case study
- Workplace Management and Employee Misuse: Does Punishment Matter?
  11 December 2015 | Journal of Computer Information Systems, Vol. 50, No. 2
- Technical opinionAre employees putting your company at risk by not following information security policies?
  1 December 2009 | Communications of the ACM, Vol. 52, No. 12
- How Ethics Can Enhance Organizational Privacy: Lessons from the ChoicePoint and TJX Data Breaches1
  1 December 2009 | MIS Quarterly, Vol. 33, No. 4
- Self-efficacy in information security: Its influence on end users' information security practice behavior
  Computers & Security, Vol. 28, No. 8
- Information security policy: An organizational-level process model
  Computers & Security, Vol. 28, No. 7
- Quantified security is a weak hypothesis
  8 September 2009
- Information security management standards: Problems and solutions
  Information & Management, Vol. 46, No. 5
- Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures
  27 August 2008 | Journal of Business Ethics, Vol. 89, No. S1
- Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness
  Decision Support Systems, Vol. 47, No. 2
- General Deterrence Theory: Assessing Information Systems Security Effectiveness in Large versus Small Businesses
- What levels of moral reasoning and values explain adherence to information security rules? An empirical study
  19 December 2017 | European Journal of Information Systems, Vol. 18, No. 2
- Protection motivation and deterrence: a framework for security policy compliance in organisations
  19 December 2017 | European Journal of Information Systems, Vol. 18, No. 2
- If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security
  19 December 2017 | European Journal of Information Systems, Vol. 18, No. 2
- User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach
  John D'Arcy,
  Anat Hovav,
  Dennis Galletta,
  1 March 2009 | Information Systems Research, Vol. 20, No. 1
- Choice and Chance: A Conceptual Model of Paths to Information Security Compromise
  Sam Ransbotham,
  Sabyasachi Mitra,
  1 March 2009 | Information Systems Research, Vol. 20, No. 1
- Structural equation model for EDI controls: Controls design perspective
  Expert Systems with Applications, Vol. 36, No. 2
- Avoidance of Information Technology Threats: A Theoretical Perspective1
  1 March 2009 | MIS Quarterly, Vol. 33, No. 1
- The Analysis of Probability and Impact and Evaluation of Relative Information Systems Risk Factor in Maritime and Port Corporations
  Journal of Shipping and Logistics, Vol. 25, No. 1
- The role of anomia on the relationship between organisational justice perceptions and organisational citizenship online behaviours
  Journal of Information, Communication and Ethics in Society, Vol. 7, No. 1
- Effects of Individual and Organization Based Beliefs and the Moderating Role of Work Experience on Insiders' Good Security Behaviors
- Information Security: User Precautions, Attacker Efforts, and Enforcement
- Information Security Inside Organizations - A Positive Model and Some Normative Arguments Based on New Institutional Economics
  SSRN Electronic Journal, Vol. 122
- Information security awareness in higher education: An exploratory study
  Computers & Security, Vol. 27, No. 7-8
- Knowing is doing
  Information Management & Computer Security, Vol. 16, No. 5
- Influences of IT substitutes and user experience on post‐adoption user switching: An empirical investigation
  17 July 2008 | Journal of the American Society for Information Science and Technology, Vol. 59, No. 13
- An economic analysis of the optimal information security investment in the case of a risk-averse firm
  International Journal of Production Economics, Vol. 114, No. 2
- How to Encourage Customers to Use Legal Software
  10 July 2007 | Journal of Business Ethics, Vol. 80, No. 3
- Management versus security specialists: an empirical study on security related perceptions
  Information Management & Computer Security, Vol. 16, No. 2
- Investigation of Stakeholders Commitment to Information Security Awareness Programs
- An empirical evaluation of key factors contributing to internet abuse in the workplace
  Industrial Management & Data Systems, Vol. 108, No. 1
- Strategic Approach to Information Security in Organizations
- Network externalities, layered protection and IT security risk management
  Decision Support Systems, Vol. 44, No. 1
- Illegal Computer Hacking: An Assessment of Factors that Encourage and Deter the Behavior
  10 September 2014 | Journal of Information Privacy and Security, Vol. 3, No. 4
- Deterring internal information systems misuse
  1 October 2007 | Communications of the ACM, Vol. 50, No. 10
- Danger is in the eye of the beholders: Social representations of Information Systems security in healthcare
  The Journal of Strategic Information Systems, Vol. 16, No. 2
- A review of information security issues and respective research contributions
  28 February 2007 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 38, No. 1
- Punishment and ethics deterrents: A study of insider security contravention
  4 December 2006 | Journal of the American Society for Information Science and Technology, Vol. 58, No. 2
- Individual’s Response to Security Messages: A Decision-Making Perspective
- Employees’ Adherence to Information Security Policies: An Empirical Study
- Chapter 3 Economics of Information Security Investment
- Employees' Behavior towards IS Security Policy Compliance
- An Action Research Program to Improve Information Systems Security Compliance across Government Agencies
- Factors Influencing Protection Motivation and IS Security Policy Compliance
- On security preparations against possible IS threats across industries
  Information Management & Computer Security, Vol. 14, No. 4
- Coping With Systems Threats: A Study of the Adequacy of Security in Taiwan
- Understanding the offender/environment dynamic for computer crimes
  Information Technology & People, Vol. 19, No. 2
- Cyber-Warfare Threatens Corporations: Expansion into Commercial Environments
  Information Systems Management, Vol. 23, No. 2
- Understanding the perpetration of employee computer crime in the organisational context
  Information and Organization, Vol. 16, No. 4
- Information security: management's effect on culture and policy
  Information Management & Computer Security, Vol. 14, No. 1
- Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods
  Information and Organization, Vol. 15, No. 4
- Information security policy's impact on reporting security incidents
  Computers & Security, Vol. 24, No. 6
- The insider threat to information systems and the effectiveness of ISO17799
  Computers & Security, Vol. 24, No. 6
- Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior
  10 September 2014 | Journal of Information Privacy and Security, Vol. 1, No. 3
- Analysis of end user security behaviors
  Computers & Security, Vol. 24, No. 2
- Have you met your organization's computer usage policy?
  Industrial Management & Data Systems, Vol. 105, No. 2
- An integrative model of computer abuse based on social control and general deterrence theories
  Information & Management, Vol. 41, No. 6
- In defense of the realm: understanding the threats to information security
  International Journal of Information Management, Vol. 24, No. 1
- The Economics of Information Security Investment
- IT Security Risk Management under Network Effects and Layered Protection Strategy
- The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms
  30 October 2003 | Risk Management and Insurance Review, Vol. 6, No. 2
- An integrative study of information systems security effectiveness
  International Journal of Information Management, Vol. 23, No. 2
- Examining the linkage between organizational commitment and information security
- The economics of information security investment
  1 November 2002 | ACM Transactions on Information and System Security, Vol. 5, No. 4
- A holistic model of computer abuse within organizations
  Information Management & Computer Security, Vol. 10, No. 2
- Behavioral intention model for the exchange mode Internet music piracy
- Critical analysis of different approaches to minimizing user‐related faults in information systems security: implications for research and practice
  Information Management & Computer Security, Vol. 8, No. 5
- EDI controls design support system using relational database system
  Decision Support Systems, Vol. 29, No. 2
- A conceptual foundation for organizational information security awareness
  Information Management & Computer Security, Vol. 8, No. 1
- Policies for Construction of Information Systems’ Security Guidelines
- On the role of human morality in Information System Security
- Computer Based Information Systems (CBIS) Adoption in Small Businesses: Hong Kong Experience and Success Factors
  9 September 2014 | Journal of Global Information Technology Management, Vol. 2, No. 2
- The Research Pyramid: A Framework for Accounting Information Systems Research
  Journal of Information Systems, Vol. 13, No. 1
- The causal relationships among EDI controls: a structural equation model
- International Software Piracy: Analysis of Key Issues and Impacts
  Ram D. Gopal,
  G. Lawrence Sanders,
  1 December 1998 | Information Systems Research, Vol. 9, No. 4
- Coping With Systems Risk: Security Planning Models for Management Decision Making1
  1 December 1998 | MIS Quarterly, Vol. 22, No. 4
- The Impact of EDI Controls on EDI Implementation
  11 December 2015 | International Journal of Electronic Commerce, Vol. 2, No. 4
- Preventive and Deterrent Controls for Software Piracy
  8 December 2015 | Journal of Management Information Systems, Vol. 13, No. 4
- The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions1,2
  1 September 1996 | MIS Quarterly, Vol. 20, No. 3
- The factors affecting strategic information systems applications
  Information & Management, Vol. 23, No. 4
- Threats to Information Systems: Today’s Reality, Yesterday’s Understanding
  1 June 1992 | MIS Quarterly, Vol. 16, No. 2
- Perceived Usefulness, Ease of Use, and Usage of Information Technology: A Replication
  1 June 1992 | MIS Quarterly, Vol. 16, No. 2

cover image Information Systems Research

Volume 1, Issue 3

September 1990

Pages 227-347

Article Information

Metrics

Information

Published Online:September 01, 1990

Cite as

Detmar W. Straub, Jr., (1990) Effective IS Security: An Empirical Study. Information Systems Research 1(3):255-276.

https://doi.org/10.1287/isre.1.3.255

Keywords

PDF download

Available Issues

Available Issues

Available Issues

Available Issues

Available Issues

Effective IS Security: An Empirical Study

Abstract

Volume 1, Issue 3

Article Information

Metrics

Information

Cite as

Keywords

Sign Up for INFORMS Publications Updates and News