TOWARD A UNIFIED MODEL OF INFORMATION SECURITY POLICY COMPLIANCE
成果类型:
Article
署名作者:
Moody, Gregory D.; Siponen, Mikko; Pahnila, Seppo
署名单位:
Nevada System of Higher Education (NSHE); University of Nevada Las Vegas; University of Jyvaskyla; University of Oulu
刊物名称:
MIS QUARTERLY
ISSN/ISSBN:
0276-7783
DOI:
10.25300/MISQ/2018/13853
发表日期:
2018
页码:
285-+
关键词:
health belief model
fear appeals
protection motivation
systems security
software piracy
control balance
REASONED ACTION
self-efficacy
BEHAVIOR
deterrence
摘要:
Information systems security (ISS) behavioral research has produced different models to explain security policy compliance. This paper (1) reviews 11 theories that have served the majority of previous information security behavior models, (2) empirically compares these theories (Study 1), (3) proposes a unified model, called the unified model of information security policy compliance (UMISPC), which integrates elements across these extant theories, and (4) empirically tests the UMISPC in a new study (Study 2), which provided preliminary empirical support for the model. The 11 theories reviewed are (1) the theory of reasoned action, (2) neutralization techniques, (3) the health belief model, (4) the theory of planned behavior, (5) the theory of interpersonal behavior, (6) the protection motivation theory, (7) the extended protection motivation theory, (8) deterrence theory and rational choice theory, (9) the theory of self-regulation, (10) the extended parallel processing model, and (11) the control balance theory. The UMISPC is an initial step toward empirically examining the extent to which the existing models have similar and different constructs. Future research is needed to examine to what extent the UMISPC can explain different types of ISS behaviors (or intentions thereof). Such studies will determine the extent to which the UMISPC needs to be revised to account for different types of ISS policy violations and the extent to which the UMISPC is generalizable beyond the three types of ISS violations we examined. Finally, the UMISPC is intended to inspire future ISS research to further theorize and empirically demonstrate the important differences between rival theories in the ISS context that are not captured by current measures.