The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness

Jack Shih-Chieh Hsu
Jack Shih-Chieh Hsu
[email protected]
Department of Information Management, National Sun Yat-sen University, Kaohsiung 80424, Taiwan
Search for more papers by this author
,
Sheng-Pao Shih
Sheng-Pao Shih
[email protected]
Department of Information Management, Tamkang University, New Taipei City 25137, Taiwan
Search for more papers by this author
,
Yu Wen Hung
Yu Wen Hung
[email protected]
Department of Information Management, National Sun Yat-sen University, Kaohsiung 80424, Taiwan
Search for more papers by this author
,
Paul Benjamin Lowry
Paul Benjamin Lowry
[email protected]
Department of Information Systems, City University of Hong Kong, Kowloon, Hong Kong
Search for more papers by this author

Jack Shih-Chieh Hsu

[email protected]

Department of Information Management, National Sun Yat-sen University, Kaohsiung 80424, Taiwan

Search for more papers by this author

Sheng-Pao Shih

[email protected]

Department of Information Management, Tamkang University, New Taipei City 25137, Taiwan

Search for more papers by this author

Yu Wen Hung

[email protected]

Department of Information Management, National Sun Yat-sen University, Kaohsiung 80424, Taiwan

Search for more papers by this author

Paul Benjamin Lowry

[email protected]

Department of Information Systems, City University of Hong Kong, Kowloon, Hong Kong

Search for more papers by this author

Published Online:19 Jun 2015https://doi.org/10.1287/isre.2015.0569

Abstract

Although most behavioral security studies focus on organizational in-role behaviors such as information security policy (ISP) compliance, the role of organizational extra-role behaviors—security behaviors that benefit organizations but are not specified in ISPs—has long been overlooked. This study examines (1) the consequences of organizational in-role and extra-role security behaviors on the effectiveness of ISPs and (2) the role of formal and social controls in enhancing in-role and extra-role security behaviors in organizations. We propose that both in-role security behaviors and extra-role security behaviors contribute to ISP effectiveness. Furthermore, based on social control theory, we hypothesize that social control can boost both in- and extra-role security behaviors. Data collected from practitioners—including information systems (IS) managers and employees at many organizations—confirmed most of our hypotheses. Survey data from IS managers substantiated the importance of extra-role behaviors in improving ISP effectiveness. Paired data, collected from managers and employees in the same organizations, indicated that formal control and social control individually and interactively enhance both in- and extra-role security behaviors. We conclude by discussing the implications of this research for academics and practitioners, along with compelling future research possibilities.

Cited by
- The power of persuasive messaging on improving password-change behavior in university information systems: Evidence from a large-scale field experiment
  Computers & Security, Vol. 169
- Precaution-taking information security behaviour: toward a more nuanced leader-member-exchange perspective in information security
  European Research on Management and Business Economics, Vol. 32, No. 2
- Cybersecurity research from a management perspective: A systematic literature review and future research agenda
  6 September 2023 | Journal of General Management, Vol. 51, No. 3
- Barking Up the Wrong Tree? Reconsidering Policy Compliance as a Dependent Variable Within Behavioral Cybersecurity Research
  28 April 2025 | Information Systems Frontiers, Vol. 28, No. 2
- Practice what you preach: how and when does leaders’ information security policy compliance influence subordinates’ information sharing?
  16 October 2025 | Journal of Knowledge Management, Vol. 30, No. 2
- Conform or Workaround? A Multilevel Analysis of the Effect of Group Cultural Tightness on Enterprise System Use
  Shaobo Wei,
  Xiayu Chen,
  Ronald E. Rice,
  Chee-Wee Tan,
  Yezheng Liu
  10 February 2026 | Information Systems Research, Vol. 0, No. 0
- Motivating employees to engage in extra-role security behaviors: the role of information security climate and leader–member exchange
  6 February 2026 | Journal of Enterprise Information Management, Vol. 130
- Employee support for corruption prevention: The roles of organizational ethical context and employee moral attentiveness
  3 February 2026 | Applied Psychology, Vol. 75, No. 1
- A Panacea to Prevent Digital Distraction in Workplace: How and When Corporate Social Responsibility Prevent Employees From Cyberloafing
  23 September 2025 | Corporate Social Responsibility and Environmental Management, Vol. 33, No. 1
- Beyond Phishing: A Human-Centered Exploration of Cyber Incident Reporting
  30 October 2025
- Turn conflict into contribution: Understanding employees’ information security extra-role behavior under conflicts
  Computers & Security, Vol. 160
- Dual identities at work: how security role and functional role shape cybersecurity behaviours
  15 May 2025 | Behaviour & Information Technology, Vol. 44, No. 20
- The spiraling effect of incivility enacted through information and communication technology (ICT) in the workplace
  31 December 2024 | Asia-Pacific Journal of Business Administration, Vol. 17, No. 5
- Unraveling the psychological links between organizational security climate and extra-role security behaviors
  Information & Management, Vol. 62, No. 7
- Two faces of freemium strategy in social games: The interplay between perceived enjoyment, envy, and in-app purchase intention
  Information & Management, Vol. 62, No. 7
- Clashing Climates: How (In)Congruence Between Information Security Climate and Other Organizational Climates Affects Security Policy Compliance
  20 October 2025 | MIS Quarterly, Vol. 44
- Informal control responses to information security policy violations: A factorial survey on insurance employees’ moral licensing of insider threats
  Computers & Security, Vol. 157
- Factors Influencing Generative AI Usage Intention in China: Extending the Acceptance–Avoidance Framework with Perceived AI Literacy
  1 August 2025 | Systems, Vol. 13, No. 8
- Dual Routes of Training on Information Security Policy Compliance
  5 January 2024 | Journal of Computer Information Systems, Vol. 65, No. 4
- Achieving strategic alignment between business and information technology with information technology governance: the role of commitment to principles and Top Leadership Support
  4 September 2024 | European Journal of Information Systems, Vol. 34, No. 4
- Contradictions cognitives dynamiques des utilisateurs du SIRH face aux règles de sécurité du système
  Vie & sciences de l'entreprise, Vol. n° 224, No. 1
- BYOA and Security: Examining Perspective-Taking and Self-Determination
  12 December 2023 | Journal of Computer Information Systems, Vol. 65, No. 3
- Conceptual inconsistencies in variable definitions and measurement items within ISP non-/compliance research: A systematic literature review
  Computers & Security, Vol. 152
- Evaluating compliance for organizational information security and business continuity: three strata of ventriloqual agency
  7 November 2023 | Information Technology & People, Vol. 38, No. 2
- The thrust and drag forces affecting norm violation in live streaming eCommerce
  Electronic Commerce Research and Applications, Vol. 70
- Can I Help Prevent Data Breaches in the Workplace? From Routine Activities to Extra-Role Security Behaviors
  IEEE Transactions on Technology and Society, Vol. 6, No. 1
- Towards sustainable consumption decision-making: Examining the interplay of blockchain transparency and information-seeking in reducing product uncertainty
  Decision Support Systems, Vol. 189
- Shaping extra-role security behaviors through employee-agent relations: A dual-channel motivational perspective
  International Journal of Information Management, Vol. 80
- Information security policy effectiveness: a managerial perspective of the financial industry in Vietnam
  30 April 2024 | Information & Computer Security, Vol. 33, No. 1
- The impacts of automation and augmentation AI use on physicians’ performance: an ambidextrous perspective
  19 April 2024 | International Journal of Operations & Production Management, Vol. 45, No. 1
- Results and Discussion
  30 March 2025
- Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking
  Malte Greulich; ,
  Sebastian Lins; ,
  Daniel Pienta; ,
  Jason Bennett Thatcher; ; ,
  Ali Sunyaev;
  8 January 2024 | Information Systems Research, Vol. 35, No. 4
- Examining formation and alleviation of information security fatigue by using job demands–resources theory
  17 April 2024 | Information Systems Journal, Vol. 34, No. 6
- Incorrect compliance and correct noncompliance with information security policies: A framework of rule-related information security behaviour
  Computers & Security, Vol. 145
- Psychological Capital and Information Security Policy Compliance
  17 September 2024 | Journal of Computer Information Systems, Vol. 14
- Understanding employees' responses to information security management practices: a person-environment fit perspective
  19 October 2023 | Behaviour & Information Technology, Vol. 43, No. 12
- The Impacts of Internet Monitoring on Employees’ Cyberloafing and Organizational Citizenship Behavior: A Longitudinal Field Quasi-Experiment
  Hemin Jiang,
  Mikko Siponen,
  Zhenhui (Jack) Jiang,
  Aggeliki Tsohou
  11 October 2023 | Information Systems Research, Vol. 35, No. 3
- Bureaucracies in information securing: Transitioning from iron cages to iron shields
  Information and Organization, Vol. 34, No. 3
- Information Security Research in the Information Systems Discipline: A Thematic Review and Future Research Directions
  31 July 2024 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 55, No. 3
- A Preemptive and Curative Solution to Mitigate Data Breaches: Corporate Social Responsibility as a Double Layer of Protection
  13 February 2024 | Journal of Marketing Research, Vol. 61, No. 4
- Inconsistencies Between Information Security Policy Compliance and Shadow IT Usage
  19 July 2023 | Journal of Computer Information Systems, Vol. 64, No. 4
- Fostering security-related citizenship through the employee-supervisor relationship: An examination of supervisor security embodiment
  Computers & Security, Vol. 142
- Focusing on the fundamentals? An investigation of the relationship between corporate social irresponsibility and data breach risk
  Decision Support Systems, Vol. 182
- Fostering information security compliance as organizational citizenship behavior
  Information & Management, Vol. 61, No. 5
- The antecedents of employees' proactive information security behaviour: The perspective of proactive motivation
  22 November 2023 | Information Systems Journal, Vol. 34, No. 4
- Corporate social irresponsibility and the occurrence of data breaches: A stakeholder management perspective
  International Journal of Accounting Information Systems, Vol. 53
- Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees
  8 December 2023 | International Journal of Information Security, Vol. 23, No. 2
- Understanding employees' perceptions of SETA events: the role of pedagogical and communication approaches
  24 May 2023 | Internet Research, Vol. 34, No. 2
- Time Will Tell: The Case for an Idiographic Approach to Behavioral Cybersecurity Research
  1 March 2024 | MIS Quarterly, Vol. 48, No. 1
- Exploring the Characteristics of Data Breaches: A Descriptive Analytic Study
  Journal of Information Security, Vol. 15, No. 02
- Workgroup Collective Efficacy to Information Security Management: Manifestation of its Antecedents and Empirical Examination
  18 January 2023 | Information Systems Frontiers, Vol. 25, No. 6
- The mediating role of security anxiety in internet threat avoidance behavior
  Computers & Security, Vol. 134
- Employees' in-role and extra-role information security behaviors from the P-E fit perspective
  Computers & Security, Vol. 133
- Understanding extra-role security behaviors: An integration of self-determination theory and construal level theory
  Computers & Security, Vol. 132
- The direct and indirect effect of organizational justice on employee intention to comply with information security policy: The case of Ethiopian banks
  Computers & Security, Vol. 130
- The effects of knowledge mechanisms on employees' information security threat construal
  9 January 2023 | Information Systems Journal, Vol. 33, No. 4
- Three Essays on Collective Privacy and Information Security
- Can peers help reduce violations of information security policies? The role of peer monitoring
  21 September 2021 | European Journal of Information Systems, Vol. 32, No. 3
- A comparative evaluation of behavioral security motives: Protection, intrinsic, and identity motivations
  Computers & Security, Vol. 128
- Employee responses to information security related stress: Coping and violation intention
  8 December 2022 | Information Systems Journal, Vol. 33, No. 3
- What are the trend and core knowledge of information security? A citation and co-citation analysis
  Information & Management, Vol. 60, No. 3
- Enhancing users’ security engagement through cultivating commitment: the role of psychological needs fulfilment
  27 May 2021 | European Journal of Information Systems, Vol. 32, No. 2
- Moving Consumers from Free to Fee in Platform-Based Markets: An Empirical Study of Multiplayer Online Battle Arena Games
  Le Wang,
  Paul Benjamin Lowry,
  Xin (Robert) Luo,
  Han Li
  7 April 2022 | Information Systems Research, Vol. 34, No. 1
- The valued coexistence of protection motivation and stewardship in information security behaviors
  Computers & Security, Vol. 124
- Research on Influencing Factors of Extra-Role Information Security Policy Compliance Behaviour Based on Structural Equation Model
  29 December 2022
- Do Leadership Styles Influence Employee Information Systems Security Intention? A Study of the Banking Industry
  25 October 2022 | Global Journal of Flexible Systems Management, Vol. 23, No. 4
- How the Personalities and Behaviors of Information Systems Professionals Influence the Effectiveness of Information Systems Departments
  26 August 2021 | Information Systems Management, Vol. 39, No. 4
- Development of methods for identifying an appropriate benchmarking peer to establish information security policy
  Expert Systems with Applications, Vol. 201
- Cultivating proactive information security behavior and individual creativity: The role of human relations culture and IT use governance
  Information & Management, Vol. 59, No. 6
- Impact of negative emotions on violations of information security policy and possible mitigations
  3 May 2021 | Behaviour & Information Technology, Vol. 41, No. 11
- Information Security Policies in Nigerian Institutions
  International Journal of Risk and Contingency Management, Vol. 11, No. 1
- Predictors of Success in Information Security Policy Compliance
  3 May 2022 | Journal of Computer Information Systems, Vol. 62, No. 4
- Improving Phishing Reporting Using Security Gamification
  26 August 2022 | Journal of Management Information Systems, Vol. 39, No. 3
- From “personal” to “interpersonal”: a multilevel approach to uncovering the relationship between job satisfaction and knowledge sharing among IT professionals
  15 September 2021 | Journal of Knowledge Management, Vol. 26, No. 6
- Would You Give Me Your Password?
  31 March 2022 | Journal of Information Systems, Vol. 36, No. 2
- Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement
  Debabrata Dey,
  Abhijeet Ghoshal,
  Atanu Lahiri
  11 August 2021 | Management Science, Vol. 68, No. 4
- Ensuring employees' information security policy compliance by carrot and stick: the moderating roles of organizational commitment and gender
  12 March 2021 | Information Technology & People, Vol. 35, No. 2
- More honour'd in the breach: predicting non-compliant behaviour through individual, situational and habitual factors
  22 September 2020 | Behaviour & Information Technology, Vol. 41, No. 3
- Voluntary and instrumental information security policy compliance: an integrated view of prosocial motivation, self-regulation and deterrence
  Computers & Security, Vol. 113
- Access to user data stored by organizations—divides surrounding information security professionals in Chinese IT organizations
  28 July 2021 | Chinese Journal of Communication, Vol. 15, No. 1
- Identifying information security opinion leaders in organizations: Insights from the theory of social power bases and social network analysis
  Computers & Security, Vol. 112
- Focusing on the Fundamentals? An Investigation of Corporate Social Irresponsibility and the Risk of Data Breach
  SSRN Electronic Journal, Vol. 32
- Impact Analysis of Resilience Against Malicious Code Attacks via Emails
  Computers, Materials & Continua, Vol. 72, No. 3
- Personal Achievement Goals, Learning Strategies, and Perceived IT Affordances
  Saggi Nevo,
  Dorit Nevo,
  Alain Pinsonneault
  14 September 2021 | Information Systems Research, Vol. 32, No. 4
- Understanding Employee Information Security Policy Compliance from Role Theory Perspective
  2 March 2021 | Journal of Computer Information Systems, Vol. 61, No. 6
- Control choices and enactments in IS development projects: Implications for legitimacy perceptions and compliance intentions
  Information & Management, Vol. 58, No. 7
- Announcement of formal controls as phase-shifting perceptions: their determinants and moderating role in the context of mobile loafing
  6 July 2021 | Internet Research, Vol. 31, No. 5
- A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture
  18 March 2021 | Personal and Ubiquitous Computing, Vol. 25, No. 5
- Exploring stewardship: A precursor to voluntary security behaviors
  Computers & Security, Vol. 109
- The impact of SETA event attributes on employees’ security-related Intentions: An event system theory perspective
  Computers & Security, Vol. 109
- Factors Affecting Corporate Security Policy Effectiveness in Telecommuting
  Security and Communication Networks, Vol. 2021
- Examining the role of stress and information security policy design in information security compliance behaviour: An experimental study of in-task behaviour
  Computers & Security, Vol. 104
- Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing
  8 May 2021 | Sustainability, Vol. 13, No. 9
- The role of deterrability for the effect of multi-level sanctions on information security policy compliance: Results of a multigroup analysis
  Information & Management, Vol. 58, No. 3
- Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance
  9 April 2021 | Applied Sciences, Vol. 11, No. 8
- Does meaningful work reduce cyberloafing? Important roles of affective commitment and leader-member exchange
  25 October 2019 | Behaviour & Information Technology, Vol. 40, No. 2
- Gestion des usages des technologies numériques dans les organisations : une approche qualitative par le contrôle organisationnel et les chartes informatiques
  Systèmes d'information & management, Vol. Volume 25, No. 3
- Too Good to Be True: Firm Social Performance and the Risk of Data Breach
  John D’Arcy,
  Idris Adjerid,
  Corey M. Angst,
  Ante Glavas
  18 September 2020 | Information Systems Research, Vol. 31, No. 4
- An exploratory examination of organizational insiders’ descriptive and normative perceptions of cyber-relevant rights and responsibilities
  Computers & Security, Vol. 99
- Integrating elaboration likelihood model and herd theory in information security message persuasiveness
  Computers & Security, Vol. 98
- WITHDRAWN: Time pressure in human cybersecurity behavior: Theoretical framework and countermeasures
  Computers & Security, Vol. 97
- Time pressure in human cybersecurity behavior: Theoretical framework and countermeasures
  Computers & Security, Vol. 97
- Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees
  16 October 2020 | Sustainability, Vol. 12, No. 20
- Inadequate Information Systems and Organizational Citizenship Behavior
  Information & Management, Vol. 57, No. 6
- Peers matter: The moderating role of social influence on information security policy compliance
  7 February 2020 | Information Systems Journal, Vol. 30, No. 5
- Factors influencing the information security behaviour of IT employees
  29 May 2019 | Behaviour & Information Technology, Vol. 39, No. 8
- The hunt for computerized support in information security policy management
  8 January 2020 | Information & Computer Security, Vol. 28, No. 2
- Is Cybersecurity a Team Sport? A Multilevel Examination of Workgroup Information Security Effectiveness
  1 June 2020 | MIS Quarterly, Vol. 44, No. 2
- Being useful: How information systems professionals influence the use of information systems in enterprises
  29 June 2018 | Information Systems Frontiers, Vol. 22, No. 2
- Employee Information Security Practices
  International Journal of E-Services and Mobile Applications, Vol. 12, No. 2
- The Effects of Leadership and Reward Policy on Employees’ Electricity Saving Behaviors: An Empirical Study in China
  18 March 2020 | International Journal of Environmental Research and Public Health, Vol. 17, No. 6
- Using Design-Science Based Gamification to Improve Organizational Security Training and Compliance
  1 March 2020 | Journal of Management Information Systems, Vol. 37, No. 1
- Organizational Citizenship Behavior Regarding Security: Leadership Approach Perspective
  7 December 2017 | Journal of Computer Information Systems, Vol. 60, No. 1
- Information Security Cost Reduction Through Social Means
  8 March 2020
- A Framework for the Assessment of Information Security Risk, the Reduction of Information Security Cost and the Sustainability of Information Security Culture
  8 August 2020
- The Adaptive Roles of Positive and Negative Emotions in Organizational Insiders’ Security-Based Precaution Taking
  A. J. Burns,
  Tom L. Roberts,
  Clay Posey,
  Paul Benjamin Lowry
  5 December 2019 | Information Systems Research, Vol. 30, No. 4
- Seller's creditworthiness in the online service market: A study from the control perspective
  Decision Support Systems, Vol. 127
- Institutional governance and protection motivation: Theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world
  Computers & Security, Vol. 87
- Vulnerability of urban waters to emerging contaminants in India and Sri Lanka: Resilience framework and strategy
  1 November 2019 | APN Science Bulletin, Vol. 9, No. 1
- The influence of team social media usage on individual knowledge sharing and job performance from a cross-level perspective
  International Journal of Operations & Production Management, Vol. 40, No. 5
- Security Policy Opt-in Decisions in Bring-Your-Own-Device (BYOD) – A Persuasion and Cognitive Elaboration Perspective
  18 July 2019 | Journal of Organizational Computing and Electronic Commerce, Vol. 29, No. 4
- From hindrance to challenge
  Journal of Enterprise Information Management, Vol. 33, No. 1
- Information Securing in Organizations
  12 June 2019
- Organizational cloud security and control: a proactive approach
  Information Technology & People, Vol. 32, No. 3
- Toward a Theory of Information Systems Security Behaviors of Organizational Employees: A Dialectical Process Perspective
  Mari Karjalainen,
  Suprateek Sarker,
  Mikko Siponen
  5 June 2019 | Information Systems Research, Vol. 30, No. 2
- Understanding commitment and apathy in is security extra-role behavior from a person-organization fit perspective
  25 October 2018 | Behaviour & Information Technology, Vol. 38, No. 5
- The impact of leadership on employees' intended information security behaviour: An examination of the full‐range leadership theory
  24 May 2018 | Information Systems Journal, Vol. 29, No. 2
- Information Security Research Challenges in the Process of Digitizing Business: A Review Based on the Information Security Model of IBM
  5 January 2019
- An Intelligent Agent Architecture to Influence Home Users’ Risky Behaviours
  29 September 2018
- Examining the Boundary Effect of Information Systems Security Behavior Under Different Usage Purposes
  IEEE Access, Vol. 7
- Cognitive‐affective drivers of employees' daily compliance with information security policies: A multilevel, longitudinal study
  8 November 2017 | Information Systems Journal, Vol. 29, No. 1
- Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables
  Information & Management, Vol. 55, No. 8
- Intentions to Comply Versus Intentions to Protect: A VIE Theory Approach to Understanding the Influence of Insiders’ Awareness of Organizational SETA Efforts
  7 December 2017 | Decision Sciences, Vol. 49, No. 6
- Factors That Influence Employees’ Security Policy Compliance: An Awareness-Motivation-Capability Perspective
  27 December 2016 | Journal of Computer Information Systems, Vol. 58, No. 4
- Social control through deterrence on the compliance with information security policy
  3 July 2018 | Soft Computing, Vol. 22, No. 20
- Sustainability of Information Security Investment in Online Social Networks: An Evolutionary Game-Theoretic Approach
  26 September 2018 | Mathematics, Vol. 6, No. 10
- Understanding indirect system use of junior employees in the context of healthcare
  Information & Management, Vol. 55, No. 6
- Enhancing Information Security Culture to Reduce Information Security Cost: A Proposed Framework
  23 September 2018
- IT managers’ vs. IT auditors’ perceptions of risks: An actor–observer asymmetry perspective
  Information & Management, Vol. 55, No. 1
- Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement
  SSRN Electronic Journal, Vol. 19
- A Picture is Not Worth 1,000 Words: Mitigating Treatment Recall Bias in Survey Experiments
  SSRN Electronic Journal, Vol. 33
- A Picture Is Not Worth 1,000 Words: Mitigating Treatment Recall Bias in Survey Experiments
  SSRN Electronic Journal, Vol. 33
- Organizational information security policies: a review and research framework
  15 February 2018 | European Journal of Information Systems, Vol. 26, No. 6
- Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda
  15 February 2018 | European Journal of Information Systems, Vol. 26, No. 6
- The effects of users' organizational citizenship behaviors on information system performance
- In- and extra-role knowledge sharing among information technology professionals: The five-factor model perspective
  International Journal of Information Management, Vol. 37, No. 5
- User Compensation as a Data Breach Recovery Action: An Investigation of the Sony PlayStation Network Breach1
  1 September 2017 | MIS Quarterly, Vol. 41, No. 3
- Review of IS Security Policy Compliance
  2 August 2017 | ACM SIGMIS Database: the DATABASE for Advances in Information Systems, Vol. 48, No. 3
- Using trust and anonymity to expand the use of anonymizing systems that improve security across organizations
  20 July 2017 | Security Journal, Vol. 30, No. 3
- Effects of innovation-supportive culture and organizational citizenship behavior on e-government information system security stemming from mimetic isomorphism
  Government Information Quarterly, Vol. 34, No. 2
- Examining the relationship of organizational insiders' psychological capital with information security threat and coping appraisals
  Computers in Human Behavior, Vol. 68
- To Cyberloaf or Not to Cyberloaf: The Impact of the Announcement of Formal Organizational Controls
  20 April 2017 | Journal of Management Information Systems, Vol. 34, No. 1
- Neuroscience Foundations for Human Decision Making in Information Security: A General Framework and Experiment Design
  6 October 2016
- Creating agile organizations through IT: The influence of internal IT service perceptions on IT service quality and IT agility
  The Journal of Strategic Information Systems, Vol. 25, No. 3
- “Cargo Cult” science in traditional organization and information systems survey research: A case for using nontraditional methods of data collection, including Mechanical Turk and online panels
  The Journal of Strategic Information Systems, Vol. 25, No. 3
- The Correspondence Competence of Information Accident by Firms Experienced in Confidential Information Leak
  Journal of the Korea Society of Digital Industry and Information Management, Vol. 12, No. 2
- Electronic Trace Data and Legal Outcomes: The Effect of Electronic Medical Records on Malpractice Claim Resolution Time
  SSRN Electronic Journal, Vol. 21
- Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research
  Information & Management, Vol. 52, No. 8
- The assimilation of RFID technology by Chinese companies: A technology diffusion perspective
  Information & Management, Vol. 52, No. 6

cover image Information Systems Research

Volume 26, Issue 2

June 2015

Pages 243-472

Article Information

Metrics

Information

Received:January 23, 2014
Published Online:June 19, 2015

Cite as

Jack Shih-Chieh Hsu, Sheng-Pao Shih, Yu Wen Hung, Paul Benjamin Lowry (2015) The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness. Information Systems Research 26(2):282-300.

https://doi.org/10.1287/isre.2015.0569

Keywords

PDF download

Available Issues

Available Issues

Available Issues

Available Issues

Available Issues

The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness

Abstract

Volume 26, Issue 2

Article Information

Metrics

Information

Cite as

Keywords

Sign Up for INFORMS Publications Updates and News