{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T02:06:21Z","timestamp":1773108381500,"version":"3.50.1"},"publisher-location":"Boston, MA","reference-count":40,"publisher":"Springer US","isbn-type":[{"value":"9780387723662","type":"print"},{"value":"9780387723679","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-0-387-72367-9_12","type":"book-chapter","created":{"date-parts":[[2007,11,9]],"date-time":"2007-11-09T18:12:08Z","timestamp":1194631928000},"page":"133-144","source":"Crossref","is-referenced-by-count":67,"title":["Employees\u2019 Adherence to Information Security Policies: An Empirical Study"],"prefix":"10.1007","author":[{"given":"Mikko","family":"Siponen","sequence":"first","affiliation":[]},{"given":"Seppo","family":"Pahnila","sequence":"additional","affiliation":[]},{"given":"Adam","family":"Mahmood","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"2","key":"12_CR1","doi-asserted-by":"crossref","first-page":"204","DOI":"10.1287\/isre.9.2.204","volume":"9","author":"R. Agarwal","year":"1998","unstructured":"Agarwal, R. and J. Prasad, Conceptual and Operational Definition of Personal Innovativeness in the Domain of Information Technology. Information Systems Research, 1998. 9(2): p. 204\u2013215.","journal-title":"Information Systems Research"},{"issue":"2","key":"12_CR2","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1016\/0749-5978(91)90020-T","volume":"50","author":"I. Ajzen","year":"1991","unstructured":"Ajzen, I., \u201cThe Theory of Planned Behavior\u201d, Organizational Behavior and Human Decision Processes 50,2, 1991, 179\u2013211.","journal-title":"Organizational Behavior and Human Decision Processes"},{"key":"12_CR3","unstructured":"Aytes, K. and Connolly, T., \u201cA Research Model for Investigating Human Behavior Related to Computer Security\u201d, Proceedings of the 2003 American Conference On Information Systems, Tampa, FL, August 4-6. 2003."},{"issue":"2","key":"12_CR4","doi-asserted-by":"crossref","first-page":"22","DOI":"10.4018\/joeuc.2004070102","volume":"16","author":"K. Aytes","year":"2004","unstructured":"Aytes, K. and Connolly, T., \u201cComputer and Risky Computing Practices: A Rational Choice Perspective\u201d, Journal of Organizational and End User Computing, 16,2, 2004, 22\u201340.","journal-title":"Journal of Organizational and End User Computing"},{"key":"12_CR5","first-page":"684","volume":"12","author":"K. Bagchi","year":"2003","unstructured":"Bagchi, K. and Udo, G., \u201cAn analysis of the growth of computer and Internet security breaches\u201d, Communications of AIS 12, 2003, 684\u2013700.","journal-title":"Communications of AIS"},{"issue":"2","key":"12_CR6","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1037\/0033-295X.84.2.191","volume":"84","author":"A. Bandura","year":"1977","unstructured":"Bandura, A., \u201cSelf-Efficacy: Toward a Unifying Theory of Behaviour Change\u201d, Psychological Review 84,2, 1977, 191\u2013215.","journal-title":"Psychological Review"},{"issue":"1","key":"12_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.2307\/3250956","volume":"25","author":"M.-C. Boudreau","year":"2001","unstructured":"Boudreau, M.-C, Gefen, D. and Straub, D. W., \u201cValidation in information systems research: A state-of-the-art assessment.\u201d MIS Quarterly 25,1, 2001, 1\u201316.","journal-title":"MIS Quarterly"},{"key":"12_CR8","volume-title":"Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research","author":"M. Fishbein","year":"1975","unstructured":"Fishbein, M. and Ajzen, I., Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. MA, Addison-Wesley. 1975."},{"issue":"5","key":"12_CR9","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1108\/09576050210447037","volume":"15","author":"S. M. Furnell","year":"2002","unstructured":"Furnell, S. M., Gennatou, M. and Dowland P. S., \u201cA prototype tool for information security awareness and training\u201d, International Journal of Logistics Information Management, 15,5, 2002, 352\u2013357.","journal-title":"International Journal of Logistics Information Management"},{"key":"12_CR10","unstructured":"Furnell, S., Sanders, P. W. and Warren, M. J., \u201cAddressing information security training and awareness within the European healthcare community\u201d, in Proceedings of Medical Informatics Europe\u201997. 1997."},{"issue":"1","key":"12_CR11","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1016\/S1386-5056(98)00022-7","volume":"49","author":"N. Gaunt","year":"1998","unstructured":"Gaunt, N., \u201cInstalling an appropriate information security policy in hospitals\u201d, Internationaljournal of Medical Informatics, 49,1, 1998, 131\u2013134.","journal-title":"Internationaljournal of Medical Informatics"},{"key":"12_CR12","volume-title":"Multivariate data analysis","author":"J.F.J. Hair","year":"1998","unstructured":"Hair, J.F.J., Anderson, R.E., Tatham, R.L., and Black, W. C, Multivariate data analysis. 5 ed: Upper Saddle River, New Jersey, Prentice Hall Inc. 1998."},{"key":"12_CR13","unstructured":"Hair, J.F.J., Black, W.C, Babin, B.J, Anderson, R.E., Tatham, R.L., Multivariate data analysis. Sixth ed. 2006: Pearson Prentice Hall."},{"issue":"3","key":"12_CR14","first-page":"166","volume":"12","author":"G.E. Higgins","year":"2005","unstructured":"Higgins, G.E., Wilson, A.L. and Fell, B.D., \u201cAn Application of Deterrence Theory to Software Piracy\u201d, Journal of Criminal Justice and Popular Culture, 12,3, 2005, 166\u2013184.","journal-title":"Journal of Criminal Justice and Popular Culture"},{"key":"12_CR15","unstructured":"Hoyle, R.H., Structural Equation Model. Conceprts, Issues, and Applications., ed. H. Rick Hoyle. 1995: SAGE publications, Inc."},{"issue":"2","key":"12_CR16","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1016\/S1386-5056(00)00112-X","volume":"60","author":"S. K. Katsikas","year":"2000","unstructured":"Katsikas, S. K., \u201cHealth care management and information system security: awareness, training or education\u201d, International Journal of Medical Informatics, 60,2, 2000, 129\u2013135.","journal-title":"International Journal of Medical Informatics"},{"issue":"2","key":"12_CR17","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1108\/09685220210424104","volume":"10","author":"J. Lee","year":"2002","unstructured":"Lee, J. and Lee, Y., \u201cA holistic model of computer abuse within organizations\u201d, Information management & computer security, 10,2, 2002, 57\u201363.","journal-title":"Information management & computer security"},{"key":"12_CR18","doi-asserted-by":"crossref","first-page":"65","DOI":"10.17705\/1jais.00030","volume":"4","author":"M. Limayem","year":"2003","unstructured":"Limayem, M., and Hirt, S.G., \u201cForce of Habit and Information Systems Usage: Theory and Initial Validation\u201d, Journal of Association for Information Systems, 4, 2003, 65\u201397.","journal-title":"Journal of Association for Information Systems"},{"key":"12_CR19","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1016\/0022-1031(83)90023-9","volume":"19","author":"J.E. Maddux","year":"1983","unstructured":"Maddux, J.E. and R.W. Rogers, Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change. Journal of experimental social psychology, 1983. 19: p. 469\u2013479.","journal-title":"Journal of experimental social psychology"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"McCoy, C. and Fowler, R.T., \u201cYou are the key to security\u201d: establishing a successful security awareness program. In the proceedings of the SIGUCCS\u201904, Baltimore, Maryland, October 10-13, 2004, 346\u2013349.","DOI":"10.1145\/1027802.1027882"},{"key":"12_CR21","unstructured":"McLean, K., \u201cInformation security awareness \u2014 selling the cause\u201d, in Proceedings of the IFIP TC11, Eighth International Conference on information security, IFIP\/Sec\u2019 92. 1992."},{"key":"12_CR22","volume-title":"Fighting Computer Crime: A new Framework for Protecting Information","author":"D. B. Parker","year":"1998","unstructured":"Parker, D. B., Fighting Computer Crime: A new Framework for Protecting Information, John Wiley & Sons, USA. 1998."},{"key":"12_CR23","volume-title":"Management Strategies for Computer Security","author":"W. E. Perry","year":"1985","unstructured":"Perry, W. E., Management Strategies for Computer Security, Butterworth Publishers, USA. 1985."},{"key":"12_CR24","volume-title":"Ph.D Thesis","author":"P. Puhakainen","year":"2006","unstructured":"Puhakainen, P. Design Theory for Information Security Awareness, 2006. Ph.D Thesis, the University of Oulu, Finland."},{"issue":"3","key":"12_CR25","doi-asserted-by":"publisher","first-page":"596","DOI":"10.1037\/0022-3514.52.3.596","volume":"52","author":"S. Rippetoe","year":"1987","unstructured":"Rippetoe, S. and Rogers, R. W., \u201cEffects of Components of Protection \u2014 Motivation Theory on Adaptive and Maladaptive Coping with a Health Threat\u201d, Journal of Personality and Social Psychology, 52,3, 1987, 596\u2013604.","journal-title":"Journal of Personality and Social Psychology"},{"key":"12_CR26","volume-title":"Social Psychophysiology","author":"R. W. Rogers","year":"1983","unstructured":"Rogers, R. W., \u201cCognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation Theory\u201d, in Social Psychophysiology, J. Cacioppo and R. Petty (Eds.), Guilford, New York, 1983."},{"key":"12_CR27","first-page":"113","volume-title":"Handbook of Health Behavior Research I: Personal and Social Determinants","author":"R. W. Rogers","year":"1997","unstructured":"Rogers, R. W. and Prentice-Dunn, S., \u201cProtection motivation theory\u201d, In D. S. Gochman (Ed.), Handbook of Health Behavior Research I: Personal and Social Determinants, New York, NY: Plenum Press, 1997, 113\u2013132."},{"key":"12_CR28","first-page":"288","volume-title":"A Beginner\u2019s Guide to Structural Equation Modeling","author":"R.E. Schumacker","year":"1996","unstructured":"Schumacker, R.E. and R.G. Lomax, A Beginner\u2019s Guide to Structural Equation Modeling. 1996, Mahwah, New Jersey: Lawrence Erlbaum Associates. 288."},{"issue":"1","key":"12_CR29","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1108\/09685220010371394","volume":"8","author":"M. Siponen","year":"2000","unstructured":"Siponen, M., \u201cA Conceptual Foundation for Organizational Information Security Awareness\u201d, Information Management & Computer Security, 8,1, 2000, 31\u201341.","journal-title":"Information Management & Computer Security"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"Sommers, K. and Robinson, B., \u201cSecurity awareness training for students at Virginia Commonwealth University\u201d, In the proceedings of the SIGUCCS\u201904, Baltimore, Maryland, October 10-13, 2004, 379\u2013380.","DOI":"10.1145\/1027802.1027895"},{"issue":"2","key":"12_CR31","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1108\/09685229510792988","volume":"3","author":"P. Spurling","year":"1995","unstructured":"Spurling, P., \u201cPromoting security awareness and commitment\u201d, Information Management & Computer Security, 3,2, 1995, 20\u201326.","journal-title":"Information Management & Computer Security"},{"key":"12_CR32","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1016\/j.cose.2004.07.001","volume":"24","author":"J. M. Stanton","year":"2005","unstructured":"Stanton, J. M., Stam, K. R., Mastrangelo, P. and Jolton, J., \u201cAn analysis of end user security behaviors\u201d, Computers & Security, 24, 2005, 124\u2013133","journal-title":"Computers & Security"},{"issue":"2","key":"12_CR33","doi-asserted-by":"publisher","first-page":"147","DOI":"10.2307\/248922","volume":"13","author":"D. W. Str\u00e4ub","year":"1989","unstructured":"Str\u00e4ub, D. W., \u201cValidating Instruments in MIS Research\u201d, MIS Quarterly, 13,2, 1989, 147\u2013169.","journal-title":"MIS Quarterly"},{"issue":"3","key":"12_CR34","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1287\/isre.1.3.255","volume":"1","author":"D.W. Str\u00e4ub","year":"1990","unstructured":"Str\u00e4ub, D.W., \u201cEffective IS Security: An Empirical Study\u201d, Information Systems Research, 1,3, 1990, 255\u2013276.","journal-title":"Information Systems Research"},{"issue":"4","key":"12_CR35","doi-asserted-by":"publisher","first-page":"441","DOI":"10.2307\/249551","volume":"22","author":"D.W. Str\u00e4ub","year":"1998","unstructured":"Str\u00e4ub, D.W. and Welke, R.J., \u201cCoping with Systems Risk: Security Planning Models for. Management Decision-Making\u201d, MIS Quarterly, 22,4, 1998, 441\u2013469.","journal-title":"MIS Quarterly"},{"key":"12_CR36","unstructured":"Thomson, M.E. and von Solms, R., \u201cAn effective information security awareness program for industry\u201d, in proceedings of the WG 11.2 and WG 11.1 ofthe TC-11 IFIP, 1997."},{"issue":"4","key":"12_CR37","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1108\/09685229810227649","volume":"6","author":"M. E. Thomson","year":"1998","unstructured":"Thomson, M. E. and von Solms, R., \u201cInformation security Awareness: educating your users effectively\u201d, Information Management & Computer Security, 6,4, 1998, 167\u2013173.","journal-title":"Information Management & Computer Security"},{"issue":"3","key":"12_CR38","doi-asserted-by":"crossref","first-page":"425","DOI":"10.2307\/30036540","volume":"27","author":"V. Venkatesh","year":"2003","unstructured":"Venkatesh, V., Morris, M. G., Davis, G. B. and Davis, F. D., \u201cUser Acceptance of Information Technology: Toward a Unified View\u201d, MIS Quarterly, 27,3, 2003, 425\u2013478","journal-title":"MIS Quarterly"},{"key":"12_CR39","first-page":"13","volume-title":"Computer Fraud & Security Bulletin","author":"C. C. Wood","year":"1995","unstructured":"Wood, C. C, \u201cInformation Security Awareness Raising Methods\u201d, Computer Fraud & Security Bulletin, Elsevier Science Publishers, Oxford, England, June 1995, pp 13\u201315."},{"key":"12_CR40","unstructured":"Woon, I. M. Y., Tan, G. W. and Low, R. T., \u201cA Protection Motivation Theory Approach to Home Wireless Security\u201d, Proceedings of the Twenty-Sixth International Conference on Information Systems, Las Vegas, 2005, 367\u2013380."}],"container-title":["IFIP International Federation for Information Processing","New Approaches for Security, Privacy and Trust in Complex Environments"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-72367-9_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,4]],"date-time":"2019-05-04T04:59:03Z","timestamp":1556945943000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-72367-9_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9780387723662","9780387723679"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-72367-9_12","relation":{},"ISSN":["1571-5736"],"issn-type":[{"value":"1571-5736","type":"print"}],"subject":[],"published":{"date-parts":[[2007]]}}}