Purpose: To identify variables that influence compliance with information security policies of organizations and to identify how important these variables are. Design/methodology/approach: A systematic review of empirical studies described in extant literature is performed. This review found 29 studies meeting its inclusion criterion. The investigated variables in these studies and the effect size reported for them were extracted and analysed. Findings: In the 29 studies more than 60 variables have been studied in relation to security policy compliance and incompliance. Unfortunately, no clear winners can be found among the variables or the theories they are drawn from. Each of the variables only explain a small part of the variation in people's behaviour and when a variable has been investigated in multiple studies the findings often show a considerable variation. Research limitations/implications: It is possible that the disparate findings of the reviewed studies can be explained by the sampling methods used in the studies, the treatment/control of extraneous variables and interplay between variables. These aspects ought to be addressed in future research efforts Practical implications: For decision makers who seek guidance on how to best achieve compliance with their information security policies should recognize that a large number of variables probably influence employees' compliance. In addition, both their influence strength and interplay is uncertain and largely unknown. Originality/value: This is the first systematic review of research on variables that influence compliance with information security policies of organizations.
Individuals' willingness to take security precautions is imperative to their own information security and the information security of the organizations they work within. This paper presents a meta-analysis of the protection motivation theory (PMT) to assess how its efficacy is influenced by the information security behavior it is applied to. It investigates if the PMT explains information security behavior better if: 1) The behavior is voluntary? 2) The threat and coping method is concrete or specific? 3) The information security threat is directed to the person itself? Synthesized data from 28 surveys suggests that the answers to all three questions are yes. Weighted mean correlation coefficients are on average 0.03 higher for voluntary behavior than mandatory behavior, 0.05 higher for specific behaviors than studies of general behaviors, 0.08 higher to threat appraisal when the threat targets the individual person instead of the person's organization or someone else.
The theory of planned behavior is an established theory that has been found to predict compliance with information security policies well. This paper challenges this assumption that the theory includes all constructs that explain information security policy compliance and investigates if anticipated regret or constructs from the protection motivation theory add explanatory power. Design/methodology/approach: Responses from 306 respondents at a research organization was collected using a questionnairebased survey. Extensions in terms of anticipated regret and constructs drawn from protection motivation theory are tested using through hierarchical regression analysis. Findings: Adding anticipated regret and the threat appraisal process results in improvements of the predictions of intentions. The improvements are of sufficient magnitude to warrant adjustments of the model of theory of planned behavior when it is used in the area of information security policy compliance. Originality/value: This study is the first test of anticipated regret as a predictor of information security policy compliance and the first to assess its influence in relation to the theory of planned behavior and protection motivation theory.
Background Hypersexual disorder (HD) is a condition in which the individual experiences loss of control over engagement in sexual behaviors, leading to negative effects on various areas of life. Paraphilias often present concomitantly with HD, and although cognitive behavioral therapy (CBT) has been proven to reduce engagement in hypersexual behavior, no studies have investigated the effects of Internet-administered CBT (ICBT) on HD, with or without paraphilia(s) or paraphilic disorder(s). Aim To investigate the effects of Internet-administered CBT on HD, with or without paraphilia(s) or paraphilic disorder(s). Methods Male participants (n = 36) evaluated positive according to the proposed diagnostic HD criteria, with or without paraphilia(s) or paraphilic disorder(s), received 12 weeks of ICBT. Measures were administered weekly over the treatment period, with an additional follow-up measurement 3 months after completion of treatment. An assessment interview was performed 2 weeks after treatment. Outcomes The primary outcome was the Hypersexual Behavior Inventory (HBI-19), and secondary outcomes were the Hypersexual Disorder: Current Assessment Scale (HD:CAS), the Sexual Compulsivity Scale (SCS), as well as a tentative composite of 6 Severity Self-rating Measures, for Paraphilic Disorders and depression (Montgomery-Åsberg Depression Rating Scale [MADRS-S]), psychological distress (Clinical Outcomes in Routine Evaluation Outcome Measure [CORE-OM]), and treatment satisfaction (CSQ-8). Results Large, significant decreases in HD symptoms and sexual compulsivity were found, as well as moderate improvements in psychiatric well-being and paraphilic symptoms. These effects remained stable 3 months after treatment. Clinical Implications ICBT can ameliorate HD symptoms, psychiatric distress, and paraphilic symptoms, which suggests that the ICBT for HD, with or without paraphilia(s) or paraphilic disorder(s), may constitute a valuable addition of treatment options in clinical settings. Strengths and Limitations This is the first study evaluating the efficacy of ICBT on a sample of men suffering from HD. In addition, a proportion of the sample reported concomitant paraphilic interests and disorders, thus mirroring an everyday clinical practice in the field of sexual medicine. No control group was assigned, and some of the outcome measures are still to be validated. The long-term effects of ICBT and its efficacy in hypersexual women are unknown. Conclusions This study gives support for ICBT as an effective treatment option for HD. Future evaluations of the treatment program should include women and larger samples in randomized controlled procedures and investigate the long-term effects.
Introduction Men with erectile dysfunction are often worried about their condition, have interpersonal difficulties, and have a reduced quality of life. Internet-delivered cognitive behavior therapy (ICBT) has been shown effective for a number of health problems but evidence is limited concerning the treatment of erectile dysfunction. Aim The study investigated the effects of ICBT for erectile dysfunction. Methods Seventy-eight men were included in the study and randomized to either ICBT or to a control group, which was an online discussion group. Treatment consisted of a 7-week Web-based program with e-mail-based therapist support. Each therapist spent an average of 55 minutes per participant. Main Outcome Measure The International Index of Erectile Functioning five-item version was administered via the telephone at pretreatment, post-treatment, and 6 months after receiving ICBT. Results At post-treatment, the treatment group had significantly greater improvements with regard to erectile performance compared with the control group. Between-group differences at post-treatment were small (d = 0.1), but increased at the 6-month follow-up (d = 0.88). Conclusions This study provides support for the use of ICBT as a possible treatment format for erectile dysfunction.
The behaviour of employees influences information security in virtually all organisations. To inform the employees regarding what constitutes desirable behaviour, an information security policy can be formulated and communicated. However, not all employees comply with the information security policy. This paper reviews and synthesises 16 studies related to the theory of planned behaviour. The objective is to investigate 1) to what extent the theory explains information security policy compliance and violation and 2) whether reasonable explanations can be found when the results of the studies diverge. It can be concluded that the theory explains information security policy compliance and violation approximately as well as it explains other behaviours. Some potential explanations can be found for why the results of the identified studies diverge. However, many of the differences in results are left unexplained.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.