• Publications
  • Influence
Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations
neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior. Expand
  • 692
  • 88
A conceptual foundation for organizational information security awareness
  • M. Siponen
  • Computer Science
  • Inf. Manag. Comput. Secur.
  • 1 March 2000
The current approaches in terms of information security awareness and education are descriptive (i.e. they are not accomplishment‐oriented nor do they recognize the factual/normative dualism); and current research has not explored the possibilities offered by motivation/behavioural theories. Expand
  • 591
  • 70
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
An empirical test showed that habitual IS security compliance strongly reinforced the cognitive processes theorized by PMT, as well as employee intention for future compliance. Expand
  • 450
  • 64
  • PDF
Employees' Behavior towards IS Security Policy Compliance
The literature agrees that the major threat to IS security is constituted by careless employees who do not comply with organizations' IS security policies and procedures . Expand
  • 403
  • 53
  • PDF
Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study
We propose a training program for IS security policy compliance training based on two theories: the universal constructive instructional theory and the elaboration likelihood model. Expand
  • 470
  • 51
  • PDF
New directions on agile methods: a comparative analysis
This paper reports results from a study, which aims to organize, analyze and make sense of the dispersed field of agile software development methods. Expand
  • 699
  • 43
  • PDF
Employees' adherence to information security policies: An exploratory field study
We developed a new multi-theory based model that explained employees' adherence to security policies. Expand
  • 304
  • 37
Compliance with Information Security Policies: An Empirical Investigation
Information security was the main topic in this paper. An investigation of the compliance to information security policies were discussed. The author mentions that the insignificant relationshipExpand
  • 196
  • 37
An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric
We propose an enhanced fear appeal rhetorical framework that leverages sanctioning rhetoric as a secondary vector of threats to the human asset, thereby adding the dimension of personal relevance, which is critically absent from previous fear appeal frameworks. Expand
  • 212
  • 25
  • PDF
Information security management standards: Problems and solutions
We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. Expand
  • 247
  • 21
  • PDF