• Publications
  • Influence
Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations
This article shows that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior.
A conceptual foundation for organizational information security awareness
  • M. Siponen
  • Computer Science
    Inf. Manag. Comput. Secur.
  • 1 March 2000
A conceptual foundation for information systems/organizational security awareness is constructed and a novel persuasion strategy aimed at increasing users’ commitment to security guidelines is presented.
Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study
This study proposes a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model and validate the training program for IS security policy compliance training through an action research project.
Employees' Behavior towards IS Security Policy Compliance
A theoretical model that contains the factors that explain employees' IS security policy compliance is proposed and suggests that information quality has a significant effect on actual IS security Policy compliance.
New directions on agile methods: a comparative analysis
The results show that agile software development methods, without rationalization, cover certain/different phases of the software development life-cycle and most of them do not offer adequate support for project management.
Compliance with Information Security Policies: An Empirical Investigation
The author mentions that the insignificant relationship between rewards and actual compliance with information security policies does not make sense and quite possibly this relationship results from not applying rewards for security compliance.
An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric
An enhanced fear appeal rhetorical framework is proposed that leverages sanctioning rhetoric as a secondary vector of threats to the human asset, thereby adding the dimension of personal relevance, which is critically absent from previous fear appeal frameworks and PMT-grounded security studies.