Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/41649

Seeing the forest and the trees: A meta-analysis of information security policy compliance literature

File SizeFormat 
paper0500.pdf1.42 MBAdobe PDFView/Open

Item Summary

Title: Seeing the forest and the trees: A meta-analysis of information security policy compliance literature
Authors: Cram, W. Alec
Proudfoot, Jeffrey
D'Arcy, John
Keywords: Compliance
information security
meta-analysis
security policies
Issue Date: 04 Jan 2017
Abstract: A rich stream of research has identified numerous antecedents to employee compliance with information security policies. However, the breadth of this literature and inconsistencies in the reported findings warrants a more in-depth analysis. Drawing on 25 quantitative studies focusing on security policy compliance, we classified 105 independent variables into 17 distinct categories. We conducted a meta-analysis for each category’s relationship with security policy compliance and then analyzed the results for possible moderators. Our results revealed a number of illuminating insights, including (1) the importance of categories associated with employees’ personal attitudes, norms and beliefs, (2) the relative weakness of the link between compliance and rewards/punishment, and (3) the enhanced compliance associated with general security policies rather than specific policies (e.g., anti-virus). These findings can be used as a reference point from which future scholarship in this area can be guided.
Pages/Duration: 10 pages
URI/DOI: http://hdl.handle.net/10125/41649
ISBN: 978-0-9981331-0-2
DOI: 10.24251/HICSS.2017.489
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:Innovative Behavioral IS Security and Privacy Research Minitrack



Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.