Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/41649

Seeing the forest and the trees: A meta-analysis of information security policy compliance literature

File Size Format  
paper0500.pdf 1.42 MB Adobe PDF View/Open

Item Summary

dc.contributor.author Cram, W. Alec
dc.contributor.author Proudfoot, Jeffrey
dc.contributor.author D'Arcy, John
dc.date.accessioned 2016-12-29T01:32:11Z
dc.date.available 2016-12-29T01:32:11Z
dc.date.issued 2017-01-04
dc.identifier.isbn 978-0-9981331-0-2
dc.identifier.uri http://hdl.handle.net/10125/41649
dc.description.abstract A rich stream of research has identified numerous antecedents to employee compliance with information security policies. However, the breadth of this literature and inconsistencies in the reported findings warrants a more in-depth analysis. Drawing on 25 quantitative studies focusing on security policy compliance, we classified 105 independent variables into 17 distinct categories. We conducted a meta-analysis for each category’s relationship with security policy compliance and then analyzed the results for possible moderators. Our results revealed a number of illuminating insights, including (1) the importance of categories associated with employees’ personal attitudes, norms and beliefs, (2) the relative weakness of the link between compliance and rewards/punishment, and (3) the enhanced compliance associated with general security policies rather than specific policies (e.g., anti-virus). These findings can be used as a reference point from which future scholarship in this area can be guided.
dc.format.extent 10 pages
dc.language.iso eng
dc.relation.ispartof Proceedings of the 50th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Compliance
dc.subject information security
dc.subject meta-analysis
dc.subject security policies
dc.title Seeing the forest and the trees: A meta-analysis of information security policy compliance literature
dc.type Conference Paper
dc.type.dcmi Text
dc.identifier.doi 10.24251/HICSS.2017.489
Appears in Collections: Innovative Behavioral IS Security and Privacy Research Minitrack


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons