This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Compliance with Information Security Policies: An Empirical Investigation
February 2010 (vol. 43 no. 2)
pp. 64-71
Mikko Siponen, University of Oulu, Finland
Seppo Pahnila, University of Oulu, Finland
M. Adam Mahmood, University of Texas at El Paso
The insignificant relationship between rewards and actual compliance with information security policies does not make sense. Quite possibly this relationship results from not applying rewards for security compliance.

1. S. Hinde, "Security Surveys Spring Crop," C omputers & Security, vol. 21, no. 4, 2002, pp. 310-321.
2. G. Dhillon and J. Backhouse, "Current Directions in Information Security Research: Toward Socio-Organizational Perspectives," Information Systems J., vol. 11, no. 2, 2001, pp. 127-153.
3. J.M. Stanton et al., "An Analysis of End User Security Behaviors," Computers & Security, vol. 24, 2005, pp. 124-133.
4. P. Puhakainen, "A Design Theory for Information Security Awareness," Acta Universitatis Ouluensis, Scientiae Rerum Naturalium (A 463), doctoral dissertation, ISBN 951-42-8113-6, 2006.
5. S. Pahnila, M.T. Siponen, and M.A. Mahmood, "Which Factors Explain Employees' Adherence to Information Security Policies? An Empirical Study," Proc. Pacific Asia Conf. Information Systems (PACIS 07), 2007, pp. 1-12.
6. M.T. Siponen, S. Pahnila, and M.A. Mahmood, "Employees' Behavior Towards IS Security Policy Compliance," Proc. 40th Ann. Hawaii Int'l. Conf. System Sciences (HICSS-40), IEEE CS Press, 2007, p. 1561.
7. J.F.J. Hair et al., Multivariate Data Analysis, Pearson Prentice Hall, 2006.
8. J.C. Nunnally, Introduction to Psychological Measurement, McGraw-Hill, 1970.
9. I. Ajzen, "The Theory of Planned Behavior," Organizational Behavior and Human Decision Processes, vol. 50, no. 2, 1991, pp. 179-211.
10. R.W. Rogers, "Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation Theory," Social Psychophysiology, J. Cacioppo, and R. Petty eds., Guilford Press, 1983, pp. 153-176.
11. R.W. Rogers, and S. Prentice-Dunn, "Protection Motivation Theory," Handbook of Health Behavior Research I: Personal and Social Determinants, D.S. Gochman ed., Plenum Press, 1997, pp. 113-132.
12. S. Rippetoe, and R.W. Rogers, "Effects of Components of Protection-Motivation Theory on Adaptive and Maladaptive Coping with a Health Threat," J. Personality and Social Psychology, vol. 52, no. 3, 1987, pp. 596-604.
13. A. Forget, S. Chiasson, and R. Biddle, "Persuasion as Education for Computer Security," Proc. E-Learn 2007, AACE, 2007, pp. 822-829.
14. A. Bandura, "Self-Efficacy: Toward a Unifying Theory of Behaviour Change," Psychological Rev., vol. 84, no. 2, 1977, pp. 191-215.
15. G.E. Higgins, A.L. Wilson, and B.D. Fell, "An Application of Deterrence Theory to Software Piracy," J. Criminal Justice and Popular Culture, vol. 12, no. 3, 2005, pp. 166-184.
16. J. Cameron and W. Pierce, Rewards and Intrinsic Motivation, Bergin & Garvey, 2002.
17. M. Fishbein and I. Ajzen, Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research, Addison-Wesley, 1975.
18. V. Venkatesh et al., "User Acceptance of Information Technology: Toward a Unified View," MIS Quarterly, vol. 27, no. 3, 2003, pp. 425-478.

Index Terms:
Information security policy, Security, Deterrence theory, Protection motivation theory, Security and privacy
Citation:
Mikko Siponen, Seppo Pahnila, M. Adam Mahmood, "Compliance with Information Security Policies: An Empirical Investigation," Computer, vol. 43, no. 2, pp. 64-71, Feb. 2010, doi:10.1109/MC.2010.35
Usage of this product signifies your acceptance of the Terms of Use.