Motivating IS security compliance: Insights from Habit and Protection Motivation Theory

Vance, Anthony; Siponen, Mikko T.; Pahnila, Seppo

doi:10.1016/j.im.2012.04.002

Cited by 532 publications

(393 citation statements)

References 18 publications

Supporting

Mentioning

369

Contrasting

Unclassified

Order By: Relevance

“…High propensity for compliance has been associated with high degree of security. Vance, Siponen, and Pahnila (2012) integrated habit with protection motivation theory (PMT) to explain compliance. The authors concluded that habitual compliance with security policies strongly reinforced the cognitive processes theorized by PMT.…”

Section: Security and Habit Researchmentioning

confidence: 99%

Toward a More Secure HRIS: The Role of HCI and Unconscious Behavior

Zafar¹,

Randolph²,

Martin³

2017

THCI

View full text Add to dashboard Cite

Abstract:By design, human resource information systems (HRIS) hold confidential and sensitive information. Therefore, one needs to ensure the security of these systems from unintentional mistakes that may compromise such information. Current systems design and training procedures of HRIS unintentionally help reinforce unsecure behaviors that result in non-malicious security breaches. Measures to improve security through design and training may only occur by breaking the use/impact cycle that individuals have habitually formed. Using strong contexts and cues allow trainers to interrupt individuals' habits. Then, they have the opportunity to enforce the repetition of the desired behavior. This paper introduces a model of habit formation from consumer behavior that one may apply to HRIS.

show abstract

Section: Security and Habit Researchmentioning

confidence: 99%

Toward a More Secure HRIS: The Role of HCI and Unconscious Behavior

Zafar¹,

Randolph²,

Martin³

2017

THCI

View full text Add to dashboard Cite

show abstract

“…When companies motivate their employees to have InfoSec compliance, they are not only enhancing employee protection behavior but also training them to get a new habit. Previous studies indicate that habit has a significant role in the context of employee's compliances with company InfoSec policies [27]. When InfoSec protection becomes a habit, employees will continue following InfoSec policies without strong enforcement from managers.…”

Section: Practical Implicationsmentioning

confidence: 99%

Enforcing Information Security Protection: Risk Propensity and Self-Efficacy Perspectives

Nguyen

Kim²

2017

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Most studies on information security policies have focused on identifying whether punishments and rewards based on compulsion significantly increase employees' intention to comply with information security policies [18,32] or their awareness of information security through education and training [14,26]. Forcing employees to comply with information security policies based on these external environmental factors does not lead to continuous improvements in their intent to comply [21].…”

Section: Introductionmentioning

confidence: 99%