Bauer, Stefan, Bernroider, Edward. 2017. From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization. ACM SIGMIS Database. 48 (3), 44-68.
BibTeX
Abstract
The aim of this paper is to develop a better understanding of the importance of neutralization methods in the context of desirable information security behavior of employees. Past behavioral intention theories, such as the theory of planned behavior, have not sufficiently accounted for neutralization by which employees may temporarily neutralize certain values when determining the formation of an intention and consequently behavior. We provide a new integrated view on security behavior by combining the theory of planned behavior and neutralization theory in one study. Based on the analysis of 220 data sets acquired by an online survey, our results support the hypotheses gained from both theories. In particular, neutralization techniques are used by employees to justify undesired security behaviors. In relative terms, neutralization seems to be at least equally important as the predictors of the theory of planned behavior when considering effect sizes. Our main contribution is to provide evidence for the important role of six considered neutralization techniques, which implicates to proactively utilize these in the development of effective information security awareness programs.
Tags
Press 'enter' for creating the tagPublication's profile
Status of publication | Published |
---|---|
Affiliation | WU |
Type of publication | Journal article |
Journal | ACM SIGMIS Database |
Citation Index | SSCI |
WU Journalrating 2009 | A |
WU-Journal-Rating new | INF-A, STRAT-B, WH-B |
Language | English |
Title | From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization |
Volume | 48 |
Number | 3 |
Year | 2017 |
Page from | 44 |
Page to | 68 |
Reviewed? | Y |
DOI | http://dx.doi.org/10.1145/3130515.3130519 |
Open Access | N |
Associations
- Projects
- IT Operational Risk Awareness Building in Banking Organizations
- People
- Bauer, Stefan (Details)
- Bernroider, Edward (Details)
- Organization
- Research Institute for Computational Methods FI (Details)
- Institute for Information Management and Control IN (Details)
- Research areas (Ă–STAT Classification 'Statistik Austria')
- 1127 Information science (Details)
- 5367 Management information systems (Details)