Mikko T. Siponen scite author profile

The current approaches in terms of information security awareness and education are descriptive (i.e. they are not accomplishment‐oriented nor do they recognize the factual/normative dualism); and current research has not explored the possibilities offered by motivation/behavioural theories. The first situation, level of descriptiveness, is deemed to be questionable because it may prove eventually that end‐users fail to internalize target goals and do not follow security guidelines, for example – which is inadequate. Moreover, the role of motivation in the area of information security is not considered seriously enough, even though its role has been widely recognised. To tackle such weaknesses, this paper constructs a conceptual foundation for information systems/organizational security awareness. The normative and prescriptive nature of end‐user guidelines will be considered. In order to understand human behaviour, the behavioural science framework, consisting in intrinsic motivation, a theory of planned behaviour and a technology acceptance model, will be depicted and applied. Current approaches (such as the campaign) in the area of information security awareness and education will be analysed from the viewpoint of the theoretical framework, resulting in information on their strengths and weaknesses. Finally, a novel persuasion strategy aimed at increasing users’ commitment to security guidelines is presented.

show abstract

New directions on agile methods: a comparative analysis

Abrahamsson

et al. 2003

View full text Add to dashboard Cite

show abstract

Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study

2010

View full text Add to dashboard Cite

Employees’ adherence to information security policies: An exploratory field study

Siponen

Mahmood

Pahnila

2014

Information & Management

365

272

View full text Add to dashboard Cite

Toward a Unified Model of Information Security Policy Compliance

Moody¹,

Siponen²,

Pahnila³

2018

MISQ

299

242

View full text Add to dashboard Cite

Information systems Security (ISS) behavioral research has produced different models to explain security policy compliance. This paper (1) reviews 11 theories that have served the majority of previous information security behavior models, (2) empirically compares these theories (Study 1), (3) proposes a unified model, called the unified model of information security policy compliance (UMISPC), which integrates elements across these extant theories, and (4) empirically tests the UMISPC in a new study (Study 2), which provided preliminary empirical support for the model. The 11 theories reviewed are (1) the theory of reasoned action, (2) neutralization techniques, (3) the health belief model, (4) the theory of planned behavior, (5) the theory of interpersonal behavior, (6) the protection motivation theory, (7) the extended protection motivation theory, (8) deterrence theory and rational choice theory, (9) the theory of self-regulation, (10) the extended parallel processing model, and (11) the control balance theory. The UMISPC is an initial step toward empirically examining to what extent the existing models have similar and different constructs. Future research is needed to examine to what extent the UMISPC can explain different types of ISS behaviors (or intentions thereof). Such studies will determine to what extent the UMISPC needs to be revised to account for different types of ISS policy violations and to what extent the UMISPC is generalizable beyond the three types of ISS violations we examined. Finally, the UMISPC is intended to inspire future ISS research to further theorize and empirically demonstrate the important differences between rival theories in the ISS context that are not captured by current measures.

show abstract

Employees' Behavior towards IS Security Policy Compliance

2007

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mikko T. Siponen

Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations

Motivating IS security compliance: Insights from Habit and Protection Motivation Theory

A conceptual foundation for organizational information security awareness

New directions on agile methods: a comparative analysis

Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study

Employees’ adherence to information security policies: An exploratory field study

Toward a Unified Model of Information Security Policy Compliance

Employees' Behavior towards IS Security Policy Compliance

Contact Info

Product

Resources

About