Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/41649

Seeing the forest and the trees: A meta-analysis of information security policy compliance literature

File Size Format  
paper0500.pdf 1.42 MB Adobe PDF View/Open

Item Summary

Title:Seeing the forest and the trees: A meta-analysis of information security policy compliance literature
Authors:Cram, W. Alec
Proudfoot, Jeffrey
D'Arcy, John
Keywords:Compliance
information security
meta-analysis
security policies
Date Issued:04 Jan 2017
Abstract:A rich stream of research has identified numerous antecedents to employee compliance with information security policies. However, the breadth of this literature and inconsistencies in the reported findings warrants a more in-depth analysis. Drawing on 25 quantitative studies focusing on security policy compliance, we classified 105 independent variables into 17 distinct categories. We conducted a meta-analysis for each category’s relationship with security policy compliance and then analyzed the results for possible moderators. Our results revealed a number of illuminating insights, including (1) the importance of categories associated with employees’ personal attitudes, norms and beliefs, (2) the relative weakness of the link between compliance and rewards/punishment, and (3) the enhanced compliance associated with general security policies rather than specific policies (e.g., anti-virus). These findings can be used as a reference point from which future scholarship in this area can be guided.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/41649
ISBN:978-0-9981331-0-2
DOI:10.24251/HICSS.2017.489
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Innovative Behavioral IS Security and Privacy Research Minitrack


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons