References
- Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005), Analysis of End User Security Behaviors, Computers & Security, 24(2), 124-133. https://doi.org/10.1016/j.cose.2004.07.001
- Liang, H., & Xue, Y. (2010), Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective, Journal of the Association for Information Systems, 11(7), 394-413. https://doi.org/10.17705/1jais.00232
- Safa, N. S., Von Solms, R., & Furnell, S. (2016), Information Security Policy Compliance Model in Organizations, Computers & Security, 56, 1-13. https://doi.org/10.1016/j.cose.2015.09.009
- Bulgurcu, B., Cavusoglu, H., & Banbasat, I. (2010), Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness, MIS Quarterly, 34(3), 523-548. https://doi.org/10.2307/25750690
- Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013), Future Directions for Behavioral Information Security Research, Computers & Security, 32, 90-101. https://doi.org/10.1016/j.cose.2012.09.010
- D'Arcy, J., & Hovav, A. (2007), Deterring Internal Information Systems Misuse, Communications of the ACM, 50(10), 113-117. https://doi.org/10.1145/1290958.1290971
- Ifinedo, P. (2012), Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory, Computers & Security, 31, 83-95. https://doi.org/10.1016/j.cose.2011.10.007
- Goel, S., & Chengalur-Smith, I., (2010), Metrics for Characterizing the Form of Security Policies, Journal of Strategic Information Systems, 19(4), 281-295. https://doi.org/10.1016/j.jsis.2010.10.002
- Van Dyne, L., Ang, S., & Botero, I. C. (2003), Conceptualizing Employee Silence and Employee Voice as Multidimensional Constructs, Journal of Management Studies, 40(6), 1359-1392. https://doi.org/10.1111/1467-6486.00384
- Pinder, C. C., & Harlos, K. P. 2001, Employee Silence: Quiescence and Acquiescence as Responses to Perceived Injustice. In Rowland, K. M., & Rerris, G. R. (eds), Research in Personnel and Human Resources Management, 20, New York: JAI Press, 331-369.
- Morrison, E. W., & Milliken, F. J. (2000), Organizational Silence: A Barrier to Change and Development in a Pluralistic World, Academy of Management Review, 25, 706-725. https://doi.org/10.5465/amr.2000.3707697
- Soomro, Z. A., Shah, M. H., & Ahmed, J. 2016, Information Security Management Needs More Holistic Approach: A Literature Review, International Journal of Information Management, Vol. 36, pp. 215-225. https://doi.org/10.1016/j.ijinfomgt.2015.11.009
- Knapp, K. J., & Ferrante, C. J. (2012), Policy Awareness, Enforcement and Maintenance: Critical to Information Security Effectiveness in Organizations, Journal of Management Policy and Practice, 13(5), 66-80.
- Puhakainen, P., & Siponen, M. (2010), Improving Employees' Compliance through Information Systems Security Training: An Action Research Study, MIS Quarterly, 34(4), 757-778. https://doi.org/10.2307/25750704
- Mishra, S., & Chasalow, L. (2011), Information Security Effectiveness: A Research Framework, Issues in Information Systems, 12(1), 246-255.
- Stewart, A. (2004), On Risk: Perception and Direction, Computers & Security, 23, 362-370. https://doi.org/10.1016/j.cose.2004.05.003
- Zhang, J., Reithel, B. J., & Li, H. (2009), Impact of Perceived Technical Protection on Security Behaviors, Information Management & Computer Security, 17(4), 330-340. https://doi.org/10.1108/09685220910993980
- Gopal, R. D., & Sanders, G. L. (1997), Preventative and Deterrent Controls for Software Piracy, Journal of Management Information Systems, 13(4), 29-47. https://doi.org/10.1080/07421222.1997.11518141
- Wiant, T. L. (2003), Policy and its Impact on Medical Record Security, Unpublished Doctoral Dissertation, University of Kentucky, Lexington.
- Foltz, C. B. (2000), The Impact of Deterrent Countermeasures upon Individual Intent to Commit Misuse: A Behavioral Approach, Unpublished Doctoral Dissertation, University of Arkansas, Fayetteville.
- Harrington, S. J. (1996), The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions, MIS Quarterly, 20(3), 257-278. https://doi.org/10.2307/249656
- Lee, S. M., Lee, S. -G., & Yoo, S. (2004), An Integrative Model of Computer Abuse Based on Social Control and General Deterrence Theories, Information and Management, 41(6), 707-718. https://doi.org/10.1016/j.im.2003.08.008
- Knapp, K. J., Marshall, T. E., Rainer, Jr., R. K., & Ford, F. N. (2007), Information Security Effectiveness: Conceptualization and Validation of a Theory, International Journal of Information Security and Privacy, 1(2), 37-60. https://doi.org/10.4018/jisp.2007040103
- Chan, M., Woon, I., & Kankanhalli, A. (2005), Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior, Journal of Information Privacy and Security, 1(3).
- Siponen, M. T. (2000), A Conceptual Foundation for Organizational Information Security Awareness, Information Management & Computer Security, 8(1), 31-41. https://doi.org/10.1108/09685220010371394
- Vakola, M., & Bouradas, D., (2005), Antecedents and Consequences of Organisational Silence: An Empirical Investigation, Employee Relations, 27(5), 441-458. https://doi.org/10.1108/01425450510611997
- Vroom, C., & von Solms, R. (2004), Towards Information Security Behavioural Compliance, Computer & Security, 23, 191-198. https://doi.org/10.1016/j.cose.2004.01.012
- Kankanhalli, H., Teo, H. -H., Tan, B. C. Y., & Wei, K. -K. (2003), An Integrative Study of Information Systems Security Effectiveness, International Journal of Information Management, 23(2), 139-154. https://doi.org/10.1016/S0268-4012(02)00105-6
- Leonard, L. N. K., Cronan, T. P., & Kreie, J. (2004), What Influences IT Ethical Behavior Intentions- Planned Behavior, Reasoned Action, Perceived Importance, or Individual Characteristics?, Information & Management, 42, 143-158. https://doi.org/10.1016/j.im.2003.12.008
- Churchill, G. A. (1979), A Paradigm for Developing Better Measures of Marketing Constructs, Journal of Marketing, 9(4), 168-178.
- Moore, G. C., & Benbasat, I. (1991), Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation, Information Systems Research, 2(3), 192-222. https://doi.org/10.1287/isre.2.3.192
- Workman, M., Bommer, W. H., & Straub, D. (2008), Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test, Computers in Human Behavior, 24(6), 2799-2816. https://doi.org/10.1016/j.chb.2008.04.005
- Barclay, D., Higgins, C., & Thompson, R. (1995), The Partial Least Squares (PLS) Approach to Causal Modeling: Personal Computer Adoption and Use as an Illustration, Technology Studies, 2(2), 285-309.
- Gefen, D., & Straub, D. (2005), A Practical Guide to Factorial Validity Using PLS-graph: Tutorial and Annotated Example, Communications of the AIS, 16(5), 91-109.
- Chin, W. W., & Sambamurthy, V. (1994), The Effects of Group Attitudes toward Alternative GDSS Designs on the Decision-Making Performance of Computer- Supported Groups, Decision Sciences, 25(2), 215-241. https://doi.org/10.1111/j.1540-5915.1994.tb01840.x
- Hair, J. F., Black, B., Babin, B., & Anderson, R. E. (2010), Multivariate Data Analysis, 7th eds., Upper Saddle River, NJ, PrenticeHall.
- Cronbach, L. J. (1951), Coefficient Alpha and the Internal Structure of Tests, Psychometrika, 16, 297-334. https://doi.org/10.1007/BF02310555
- Fornell, C., & Larker, D. F. (1981), Evaluating Structural Equation Models with Unobservable Variables and Measurement Error, Journal of Marketing Research, 18(1), 39-50. https://doi.org/10.2307/3151312
- Nunnally, J. C. 1978, Psychometric Theory, New York, NY: McGraw-Hill.
- Cook, T. D., & Campbell, D. T. (1979), Quasi-Experimentation: Design and Analysis Issues for Field Setting, Boston, MA: Houghton Mifflin.
- Grant, R. A. (1989), Building and Testing a Causal Model of an Information Technology's Impact, Proceedings of the Ten International Conference on Information Systems, December 4-6, Boston, MA, 173-184.
- Fornell, C. (1982), A Second Generation of Multivariate Analysis: Methods, 1, New York, NY: Praeger.
- Chin, W. W. (1998), Issues and Opinion on Structural Equation Modeling, MIS Quarterly, 22(1), vii-xvi.
- Gefen, D., Straub, D. W., & Boudreau, M. C. (2000), Structural Equation Modeling and Regression: Guidelines for Research Practice, Communications of the AIS, 4, 1-77.