Quotation Bauer, Stefan, Bernroider, Edward. 2017. From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization. ACM SIGMIS Database. 48 (3), 44-68.


RIS


BibTeX

Abstract

The aim of this paper is to develop a better understanding of the importance of neutralization methods in the context of desirable information security behavior of employees. Past behavioral intention theories, such as the theory of planned behavior, have not sufficiently accounted for neutralization by which employees may temporarily neutralize certain values when determining the formation of an intention and consequently behavior. We provide a new integrated view on security behavior by combining the theory of planned behavior and neutralization theory in one study. Based on the analysis of 220 data sets acquired by an online survey, our results support the hypotheses gained from both theories. In particular, neutralization techniques are used by employees to justify undesired security behaviors. In relative terms, neutralization seems to be at least equally important as the predictors of the theory of planned behavior when considering effect sizes. Our main contribution is to provide evidence for the important role of six considered neutralization techniques, which implicates to proactively utilize these in the development of effective information security awareness programs.

Tags

Press 'enter' for creating the tag

Publication's profile

Status of publication Published
Affiliation WU
Type of publication Journal article
Journal ACM SIGMIS Database
Citation Index SSCI
WU Journalrating 2009 A
WU-Journal-Rating new INF-A, STRAT-B, WH-B
Language English
Title From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization
Volume 48
Number 3
Year 2017
Page from 44
Page to 68
Reviewed? Y
DOI http://dx.doi.org/10.1145/3130515.3130519
Open Access N

Associations

Projects
IT Operational Risk Awareness Building in Banking Organizations
People
Bernroider, Edward (Details)
External
Bauer, Stefan (na, Austria)
Organization
Research Institute for Computational Methods FI (Details)
Institute for Information Management and Control IN (Details)
Research areas (Ă–STAT Classification 'Statistik Austria')
1127 Information science (Details)
5367 Management information systems (Details)
Google Scholar: Search