SEEING THE FOREST AND THE TREES: A META-ANALYSIS OF THE ANTECEDENTS TO INFORMATION SECURITY POLICY COMPLIANCE
成果类型:
Article
署名作者:
Cram, W. Alec; D'Arcy, John; Proudfoot, Jeffrey G.
署名单位:
Bentley University; University of Delaware; University of Delaware
刊物名称:
MIS QUARTERLY
ISSN/ISSBN:
0276-7783
DOI:
10.25300/MISQ/2019/15117
发表日期:
2019
页码:
525-+
关键词:
protection motivation theory
common method variance
file-drawer problem
employees compliance
management support
PLANNED BEHAVIOR
user participation
statistical tests
publication bias
systems misuse
摘要:
A rich stream of research has identified numerous antecedents to employee compliance (and noncompliance) with information security policies. However, the number of competing theoretical perspectives and inconsistencies in the reported findings have hampered efforts to attain a clear understanding of what truly drives this behavior. To address this theoretical stalemate and build toward a consensus on the key antecedents of employees' security policy compliance in different contexts, we conducted a meta-analysis of the relevant literature. Drawing on 95 empirical papers, we classified 401 independent variables into 17 distinct categories and analyzed each category's relationship with security policy compliance, including an analysis for possible domain-specific moderators. A meta-analytic relative weight analysis determined the relative importance of each category in predicting security policy compliance, while adding robustness to our findings. At a broad level, our results suggest that much of the security policy compliance literature is plagued by suboptimal theoretical framing. Our findings can facilitate more refined theory-building efforts in this research domain and serve as a guide for practitioners to manage security policy compliance initiatives.
来源URL: