A. Mattia and G. Dhillon, Applying double loop learning to interpret implications for information systems security design, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme, System Security and Assurance (Cat. No.03CH37483), 2003.
DOI : 10.1109/ICSMC.2003.1244262

M. Lapke and G. Dhillon, A Semantic Analysis of Security Policy Formulation and Implementation: A Case Study, the Americas Conference on Information Systems, 2006.

D. A. Mcfarland, Resistance as a Social Drama: A Study of Change???Oriented Encounters, American Journal of Sociology, vol.109, issue.6, pp.1249-1318, 2004.
DOI : 10.1086/381913

M. L. Markus, Power, politics, and MIS implementation, Communications of the ACM, vol.26, issue.6, pp.430-444, 1983.
DOI : 10.1145/358141.358148
URL : http://dspace.mit.edu/bitstream/1721.1/48781/1/powerpoliticsmis00mark.pdf

C. Hardy, Understanding Power: Bringing about Strategic Change, British Journal of Management, vol.43, issue.3, pp.3-16, 1996.
DOI : 10.1108/eb054273

T. Parson, The structure of social action, 1968.

G. Dhillon, Principles of information systems security: text and cases, 2007.

A. Etzioni, A comparative analysis of complex organizations: On power, involvement, and their correlates, 1975.

S. Ranson, B. Hinings, and G. Royston, The Structuring of Organizational Structures, Administrative Science Quarterly, vol.25, issue.1, pp.1-17, 1980.
DOI : 10.2307/2392223

J. K. Benson, Organizations: A Dialectical View, Administrative Science Quarterly, vol.22, issue.1, pp.1-21, 1977.
DOI : 10.2307/2391741

M. E. Whitman and H. Mattord, Principles of Information Security, 2008.

K. S. Nash and D. Greenwood, The global state of information security, 2008.

J. M. Stanton, K. R. Stam, P. Mastrangelo, and J. Jolton, Analysis of end user security behaviors, Computers & Security, vol.24, issue.2, pp.124-133, 2005.
DOI : 10.1016/j.cose.2004.07.001

M. Lapke and G. Dhillon, Power relationships in information systems security policy formulation and implementation, the 16th Annual European Conference on Information Systems, 2008.

S. H. Kim and J. Lee, A Contingent analysis of the relationshiop between IS implementation strategies and IS success, Information Processing & Management, vol.27, issue.1, pp.111-128, 1991.
DOI : 10.1016/0306-4573(91)90034-J

T. Herath and H. R. Rao, Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness, Decision Support Systems, vol.47, issue.2, pp.154-165, 2009.
DOI : 10.1016/j.dss.2009.02.005

A. Kankanhalli, H. H. Teo, B. C. Tan, and K. K. Wei, An integrative study of information systems security effectiveness, International Journal of Information Management, vol.23, issue.2, pp.139-154, 2003.
DOI : 10.1016/S0268-4012(02)00105-6

D. Straub, Effective IS Security: An Empirical Study, Information Systems Research, vol.1, issue.3, pp.225-270, 1990.
DOI : 10.1287/isre.1.3.255

D. W. Straub and R. J. Welke, Coping with Systems Risk: Security Planning Models for Management Decision Making, MIS Quarterly, vol.22, issue.4, pp.441-469, 1998.
DOI : 10.2307/249551

S. R. Boss, L. J. Kirsch, I. Angermeier, R. A. Shingler, and R. W. Boss, If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security, European Journal of Information Systems, vol.46, issue.2, pp.151-164, 2009.
DOI : 10.1287/mnsc.46.2.186.11926

S. Phanila, M. Siponen, and A. Mahmood, Employees' Behavior towards IS Security Policy Compliance, 40th Annual Hawaii International Conference on System Sciences (HICSS'07), 2007.

K. L. Thomson, R. Von-solms, and L. Louw, Cultivating an organizational information security culture, Computer Fraud & Security, vol.2006, issue.10, pp.7-11, 2006.
DOI : 10.1016/S1361-3723(06)70430-4

K. L. Thomson, Information Security Conscience: a precondition to an Information Security Culture, 8th Annual Security Conference, pp.15-16, 2009.

C. Vroom and R. Von-solms, Towards information security behavioural compliance, Computers & Security, vol.23, issue.3, pp.191-198, 2004.
DOI : 10.1016/j.cose.2004.01.012

P. Puhakainen, A Design Theory for Information Security Awareness, 2006.

M. Siponen, A conceptual foundation for organizational information security awareness, Information Management & Computer Security, vol.8, issue.1, pp.31-41, 2000.
DOI : 10.1057/ejis.1992.2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.195.5335

S. M. Furnell, M. Gennatou, and P. S. Dowland, A prototype tool for information security awareness and training, Logistics Information Management, vol.15, issue.5/6, pp.352-357, 2002.
DOI : 10.1108/09576050210447037

G. Dhillon, Dimensions of power and IS implementation, Information & Management, vol.41, issue.5, pp.635-644, 2004.
DOI : 10.1016/j.im.2003.02.001

S. Clegg, Frameworks of power, 1989.
DOI : 10.4135/9781446279267

B. Townley, Foucault, power/knowledge and its relevance for Human Resource Management, Academy of Management Review, vol.18, issue.3, pp.518-545, 1993.
DOI : 10.2307/258907

I. Benbasat, D. K. Goldstein, and M. Mead, The Case Research Strategy in Studies of Information Systems, MIS Quarterly, vol.11, issue.3, pp.369-388, 1987.
DOI : 10.2307/248684

M. D. Myers, Qualitative research in business & management, 2009.

K. Hedström, G. Dhillon, and F. Karlsson, Using Actor Network Theory to Understand Information Security Management, the 25th Annual IFIP TC, pp.20-23, 2010.
DOI : 10.4324/9780203019870

S. Lukes, Power: a radical view, 1974.
DOI : 10.1007/978-1-349-02248-9

A. M. Pettigrew, On Studying Organizational Cultures, Administrative Science Quarterly, vol.24, issue.4, pp.570-581, 1979.
DOI : 10.2307/2392363

R. Von-solms and B. Von-solms, From policies to culture, Computers & Security, vol.23, issue.4, pp.275-279, 2004.
DOI : 10.1016/j.cose.2004.01.013