A. Demetz, The #1 Cyber Security Threat to Information Systems Today (2015) http://www.forbes.com/sites/sungardascyber-security-threats-to-in- formation-systems-today, pp.6-46, 2015.

Y. Chen and W. He, Security risks and protection in online learning: A survey, The International Review of Research in Open and Distributed Learning, vol.14, issue.5, 2013.
DOI : 10.19173/irrodl.v14i5.1632
URL : https://doi.org/10.19173/irrodl.v14i5.1632

D. 'arcy, J. Hovav, A. Galletta, and D. , User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach, Information Systems Research, vol.20, issue.1, pp.79-98, 2009.
DOI : 10.1287/isre.1070.0160

A. Yayla, Enforcing Information Security Policies through Cultural Boundaries: A Multinational Company Approach, Proceedings of 2011 ECIS, pp.1-11, 2011.

G. Stoneburner, A. Y. Goguen, and A. Feringa, Sp 800-30. Risk management guide for information technology systems, 2002.

D. 'arcy, J. Greene, and G. , Security culture and the employment relationship as drivers of employees??? security compliance, Information Management & Computer Security, vol.22, issue.5, pp.474-489, 2014.
DOI : 10.1177/014920639101700305

T. Herath and H. R. Rao, Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness, Decision Support Systems, vol.47, issue.2, pp.154-165, 2009.
DOI : 10.1016/j.dss.2009.02.005

B. Y. Ng and Y. Xu, Studying users' computer security behavior using the Health Belief Model. PACIS, Proceedings, vol.45, pp.423-437, 2007.
DOI : 10.1016/j.dss.2008.11.010

T. Herath and H. R. Rao, Protection motivation and deterrence: a framework for security policy compliance in organisations, European Journal of Information Systems, vol.48, issue.8, pp.106-125, 2009.
DOI : 10.1145/1076211.1076238

A. C. Johnston and M. Warkentin, Fear appeals and information security behaviors: an empirical study, MIS quarterly, pp.549-566, 2010.

M. Siponen, M. A. Mahmood, and S. Pahnila, Technical opinionAre employees putting your company at risk by not following information security policies?, Communications of the ACM, vol.52, issue.12, pp.145-147, 2009.
DOI : 10.1145/1610252.1610289

P. J. Steinbart, M. J. Keith, and J. Babb, Examining the Continuance of Secure Behavior: A Longitudinal Field Study of Mobile Device Authentication, Information Systems Research, vol.27, issue.2, 2016.
DOI : 10.1287/isre.2016.0634

A. Vance, M. Siponen, and S. Pahnila, Motivating IS security compliance: Insights from Habit and Protection Motivation Theory, Information & Management, vol.49, issue.3-4, pp.190-198, 2012.
DOI : 10.1016/j.im.2012.04.002

M. Siponen, M. A. Mahmood, and S. Pahnila, Employees??? adherence to information security policies: An exploratory field study, Information & Management, vol.51, issue.2, pp.217-224, 2014.
DOI : 10.1016/j.im.2013.08.006

B. Y. Ng, A. Kankanhalli, and Y. C. Xu, Studying users' computer security behavior: A health belief perspective, Decision Support Systems, vol.46, issue.4, pp.815-825, 2009.
DOI : 10.1016/j.dss.2008.11.010

C. Fornell and D. F. Larcker, Structural Equation Models with Unobservable Variables and Measurement Error: Algebra and Statistics, Journal of Marketing Research, vol.18, issue.3, pp.382-388, 1981.
DOI : 10.2307/3150980

D. Gefen, D. Straub, and M. C. Boudreau, Structural equation modeling and regression: Guidelines for research practice. Communications of the association for information systems, p.7, 2000.

D. Gefen and D. Straub, A practical guide to factorial validity using PLS-Graph: Tutorial and annotated example. Communications of the Association for Information systems, p.5, 2005.

W. Chin and B. Marcolin, The holistic approach to construct validation in IS research: examples of the interplay between theory and measurement Administrative Sciences Association of, administrative sciences association of Canada annual conference, pp.34-43, 1995.