A Review of the Theory of Planned Behaviour in the Context of Information Security Policy Compliance

Abstract : The behaviour of employees influences information security in virtually all organisations. To inform the employees regarding what constitutes desirable behaviour, an information security policy can be formulated and communicated. However, not all employees comply with the information security policy. This paper reviews and synthesises 16 studies related to the theory of planned behaviour. The objective is to investigate 1) to what extent the theory explains information security policy compliance and violation and 2) whether reasonable explanations can be found when the results of the studies diverge. It can be concluded that the theory explains information security policy compliance and violation approximately as well as it explains other behaviours. Some potential explanations can be found for why the results of the identified studies diverge. However, many of the differences in results are left unexplained.
Document type :
Conference papers
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.257-271, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_20〉
Liste complète des métadonnées

Cited literature [40 references]  Display  Hide  Download

https://hal.inria.fr/hal-01463832
Contributor : Hal Ifip <>
Submitted on : Thursday, February 9, 2017 - 5:24:00 PM
Last modification on : Thursday, February 9, 2017 - 5:37:19 PM
Document(s) archivé(s) le : Wednesday, May 10, 2017 - 2:39:15 PM

File

978-3-642-39218-4_20_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Teodor Sommestad, Jonas Hallberg. A Review of the Theory of Planned Behaviour in the Context of Information Security Policy Compliance. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.257-271, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_20〉. 〈hal-01463832〉

Share

Metrics

Record views

159

Files downloads

37