Mikko T. Siponen

Learn More
The current approaches in terms of information security awareness and education are descriptive (i.e. they are not accomplishment-oriented nor do they recognize the factual/normative dualism); and current research has not explored the possibilities offered by motivation/behavioural theories. The first situation, level of descriptiveness, is deemed to be(More)
The literature agrees that the major threat to IS security is constituted by careless employees who do not comply with organizations’ IS security policies and procedures. To address this concern , different approaches for ensuring employees’ IS security policy compliance have been proposed. Prior research on IS security compliance has criticized these(More)
Agile software development methods have caught the attention of software engineers and researchers worldwide. Scientific research is yet scarce. This paper reports results from a study, which aims to organize, analyze and make sense out of the dispersed field of agile software development methods. The comparative analysis is performed using the method's(More)
Employees’ failure to comply with IS security procedures is a key concern for organizations today. A number of socio-cognitive theories have been used to explain this. However, prior studies have not examined the influence of past and automatic behavior on employee decisions to comply. This is an important omission because past behavior has been assumed to(More)
1. In your opinion, what are the most common ways malicious software (viruses etc.) gets into our company’s network? 2. Where can you find our company’s official information security instructions? 3. Have you applied the instructions concerning SC’s e-mail use to your work? If yes, give some examples of what instructions and for what purposes they were(More)
This paper critically analyses the foundations of three widely advocated information security management standards (BS7799, GASPP and SSE-CMM). The analysis reveals several fundamental problems related to these standards, casting serious doubts on their validity. The implications for research and practice, in improving information security management(More)
Information security was the main topic in this paper. An investigation of the compliance to information security policies were discussed. The author mentions that the insignificant relationship between rewards and actual compliance with information security policies does not make sense. Quite possibly this relationship results from not applying rewards for(More)