Browse > Article
http://dx.doi.org/10.14400/JDC.2020.18.11.169

Meta-analysis of Information Security Policy Compliance Based on Theory of Planned Behavior  

Kim, Jongki (Dept. of Business Administration, Pusan National University)
Mou, Jian (Dept. of Business Administration, Pusan National University)
Publication Information
Journal of Digital Convergence / v.18, no.11, 2020 , pp. 169-176 More about this Journal
Abstract
With widespread use of information technologies the importance of information security has been heightened. Security policies which deal with fundamental direction of information security are critical elements of information security management. Numerous studies have been conducted on users' intention to comply security policies. They were based on various theoretical foundations and the theory of planned behavior(TPB) was the most frequently used. This research employed one of the quantitatively synthesizing meta-analytic techniques called Two-Stage Structural Equation Modeling to investigate factors influencing information security policy compliance behavior based on TPB. Analysis results indicated that all three factors of TPB were significantly influencing the behavioral intention. Moreover, the overall fit indices of structural model exhibited satisfactory level.
Keywords
Security Policy; Policy Compliance; Theory of Planned Behavior; Meta-Analysis; TSSEM;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 I. Ajzen. (2011). The Theory of Planned Behaviour: Reactions and Reflections. Psychology and Health, 26(9), 1113-1127. DOI: 10.1080/08870446.2011.613995   DOI
2 L. Leone, M. Perugini & A. P. Ercolani. (1999). A comparison of three models of attitude-behavior relationships in the studying behavior domain. European Journal of Social Psychology, 29(2‐3), 161-189. DOI: 10.1002/(SICI)1099-0992(199903/05)29:2/33.0   DOI
3 R. Willison & M. Warkentin. (2013). Beyond Deterrence: An Expanded View of Employee Computer Abuse. MIS Quarterly, 37(1), 1-20. DOI: 10.25300/misq/2013/37.1.01   DOI
4 P. Balozian & D. Leidner. (2017). Review of IS Security Policy Compliance: Toward the Building Blocks of an IS Security Theory. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 48(3), 11-43. DOI: 10.1145/3130515.3130518   DOI
5 I. Ajzen. (1991). The Theory of Planned Behavior. Organizational Behavior and Human Decision Processes, 50(2), 179-211. DOI: 10.1016/0749-5978(91)90020-t   DOI
6 I. Ajzen. (1985). From Intentions to Actions: A Theory of Planned Behavior. In Action control from Cognition to Behavior(pp. 11-39). Springer, Berlin, Heidelberg.
7 M. Cho & H. Park. (2019). Convergence Study on the Effect of Music Mediation Program on Children with ADHD - Systematic Review and Meta-Analysis. Journal of Digital Convergence. 17(10), 497-507. DOI: 10.14400/JDC.2019.17.10.497   DOI
8 Y. Sohn & B. Lee. (2012). An Efficacy of Social Cognitive Behavior Model based on the Theory of Planned Behavior : A Meta-Analytic Review. Korean Journal of Journalism & Communication Studies. 56(6), 127-161. UCI: G704-000203.2012.56.6.007
9 A. Bandura. (1977). Self-Efficacy: Toward a Unifying Theory of Behavioral Change. Psychological Review, 84(2), 191-215. DOI: 10.1037/0033-295x.84.2.191   DOI
10 S. Jak. (2015). Meta-analytic Structural Equation Modelling. New York: Springer. DOI: 10.1007/978-3-319-27174-3
11 M. Nieles, K. Dempsey & V. Pillitteri. (2017). An Introduction to Information Security (NIST Special Publication 800-12 Rev. 1). National Institute of Standards and Technology.
12 K. H. Guo. (2013). Security-Related Behavior in Using Information Systems in the Workplace: A Review and Synthesis. Computers and Security, 32, 242-251. DOI: 10.1016/j.cose.2012.10.003   DOI
13 F. Karlsson, J. Astrom & M. Karlsson. (2015). Information Security Culture-State-of-the-Art Review between 2000 and 2013. Information and ComputerSecurity, 23(3), 246-285. DOI: 10.1108/ICS-05-2014-0033   DOI
14 S. Hwang.(2015). Meta-Analysis Using R, Hakjisa.
15 K. Yeon. (2018). Meta-analysis of the effects of TPM activity factors on Corporate performance. Journal of Digital Convergence, 16(2), 151-156. DOI: 10.14400/JDC.2018.16.2.151   DOI
16 B. Cho & J. Lee. (2018). A Meta Analysis on Effects of Flipped Learning in Korea. Journal of Digital Convergence, 16(3), 59-73. DOI: 10.14400/JDC.2018.16.3.059   DOI
17 C. J. Armitage & M. Conner. (2001). Efficacy of the Theory of Planned Behaviour: A Meta‐Analytic Review. British journal of social psychology, 40(4), 471-499. DOI: 10.1348/014466601164939   DOI
18 H. Steinmetz, M. Knappstein, I. Ajzen, P. Schmidt & R. Kabst. (2016). How Effective are Behavior Change Interventions Based on the Theory of Planned Behavior?: A Three-Level Meta-Analysis. Zeitschrift fur Psychologie, 224(3), 216-233. DOI: 10.1027/2151-2604/a000255   DOI
19 J. L. Guo, T. F. Wang, J. Y. Liao & C. M. Huang. (2016). Efficacy of the Theory of Planned Behavior in Predicting Breastfeeding: Meta-Analysis and Structural Equation deling. Applied Nursing Research, 29, 37-42. DOI: 10.1016/j.apnr.2015.03.016   DOI
20 Y. Han & H. Hansen. (2012). Determinants of Sustainable Food Consumption: A Meta-Analysis Using a Traditional and a Structural Equation Modelling Approach. International Journal of Psychological Studies, 4(1), 22-45. DOI: 10.5539/ijps.v4n1p22   DOI
21 R. Cooke, M. Dahdah, P. Norman & D. P. French. (2016). How Well Does the Theory of Planned Behaviour Predict Alcohol Consumption? A Systematic Review and Meta-Analysis. Health Psychology Review, 10(2), 148-167. DOI: 10.1080/17437199.2014.947547   DOI
22 L. Zhang, J. Zhu & Q. Liu. (2012). A Meta-Analysis of Mobile Commerce Adoption and the Moderating Effect of Culture. Computers in Human Behavior, 28, 1902-1911. DOI: 10.1016/j.chb.2012.05.008   DOI
23 T. M. Nguyen, P. T. Nham & V. N. V. Hoang. (2019). The Theory of Planned Behavior and Knowledge Sharing: A Systematic Review and Meta-Analytic Structural Equation Modelling. VINE Journal of Information and Knowledge Management Systems, 49(1), 76-94. DOI: 10.1108/VJIKMS-10-2018-0086   DOI
24 G. D. Moody, M. Siponen & S. Pahnila. (2018). Toward a Unified Model of Information Security Policy Compliance. MIS Quarterly, 42(1), 285-311. DOI: 10.25300/misq/2018/13 853   DOI
25 T. Sommestad & J. Hallberg. (2013, July). A Review of the Theory of Planned Behaviour in the Context of Information Security Policy Compliance. IFIP International Information Security Conference (pp. 257-271). Springer, Berlin, Heidelberg.
26 D. Milicevic & M. Goeken. (2013). Systematic Review and Meta-Analysis of IS Security Policy Compliance Research. First Steps Towards Evidence-Based Structuring of the IS Security Domain. International Conference on Wirtschaftsinformatik. (pp. 1067-81). Leipzig,
27 J. D'Arcy & P. B. Lowry, (2019). Cognitive-Affective Drivers of Employees' Daily Compliance with Information Security Policies: A Multilevel, Longitudinal Study. Information Systems Journal, 29(1), 43-69. DOI: 10.1111/isj.12173   DOI
28 W. A. Cram, J. G. Proudfoot, & J. D'Arcy. (2017). Organizational Information Security Policies: A Review and Research Framework. European Journal of Information Systems, 26(6), 605-641. DOI: 10.1057/s41303-017-0059-9   DOI
29 T. Sommestad, J. Hallberg, K. Lundholm & J. Bengtsson. (2014). Variables Influencing Information Security Policy Compliance: A Systematic Review of Quantitative Studies. Information Management & Computer Security, 22(1), 42-75. DOI: 10.1108/imcs-08-2012-0045   DOI
30 B. Lebek, J. Uffen, M. Neumann, B. Hohler & M. Breitner. (2014). Information Security Awareness and Behavior: A Theory-based Literature Review. Management Research Review, 37(12), 1049-1092. DOI: 10.1108/mrr-04-2013-0085   DOI
31 J. Shropshire, M. Warkentin & S. Sharma. (2015). Personality, attitudes, and intentions: Predicting initial adoption of information security behavior. Computers & Security, 49, 177-191. DOI: 10.1016/j.cose.2015.01.002   DOI
32 J. L. Jenkins. (2013). Alleviating Insider Threats: Mitigation Strategies and Detection Techniques. unpublished doctoral dissertation, University of Arizona.
33 A. M. Chu, P. Y. Chau & M. K. So. (2015). Explaining the misuse of information systems resources in the workplace: A dual-process approach. Journal of Business Ethics, 131(1), 209-225. DOI: 10.1007/s10551-014-2250-4   DOI
34 K. Guo, Y. Yuan, N. Archer & C. Connelly. (2011). Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model. Journal of Management Information Systems, 28(2), 203-236. DOI: 10.2753/MIS0742-1222280208   DOI
35 T. M. Dugo. (2007). The Insider Threat to Organizational Information Security: A Structural Model and Empirical Test, unpublished doctoral dissertation, Auburn University.
36 A. G. Peace. D. F. Galletta & J. Y. Thong. (2003). Software Piracy in the Workplace: A Model and Empirical Test. Journal of Management Information Systems, 20(1), 153-177. DOI: 10.1080/07421222.2003.11045759   DOI
37 M. W. L. Cheung. (2015). metaSEM: An R Package for Meta-Analysis using Structural Equation Modeling. Frontiers in Psychology. 5, 1-7. DOI: 10.3389/fpsyg.2014.01521   DOI
38 M. W. L. Cheung & W. Chan. (2005). Meta-Analytic Structural Equation Modeling: A Two-Stage Approach. Psychological methods, 10(1), 40-64. DOI: 10.1037/1082-989x.10.1.40   DOI
39 M. W. L. Cheung, K., Leung & K. Au. (2006). Evaluating Multilevel Models in Cross-Cultural Research: An Illustration with Social Axioms. Journal of Cross-Cultural Psychology, 37, 522-541. DOI: 10.1177/0022022106290476   DOI
40 W. A. Cram, J. D'Arcy & J. G. Proudfoot (2019). Seeing the Forest and the Trees: A Meta-Analysis of the Antecedents to Information Security Policy Compliance. MIS Quarterly, 43(2), 525-554. DOI: 10.24251/hicss.2017.489   DOI
41 M. Fishbein & I. Ajzen. (1975). Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research. Reading, MA: Addison-Wesley.