{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T04:40:12Z","timestamp":1773204012859,"version":"3.50.1"},"reference-count":85,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2017,4,3]],"date-time":"2017-04-03T00:00:00Z","timestamp":1491177600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2019,4]]},"DOI":"10.1007\/s10796-017-9755-1","type":"journal-article","created":{"date-parts":[[2017,4,4]],"date-time":"2017-04-04T13:07:36Z","timestamp":1491311256000},"page":"343-357","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["The quest for complete security: An empirical analysis of users\u2019 multi-layered protection from security threats"],"prefix":"10.1007","volume":"21","author":[{"given":"Robert E.","family":"Crossler","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"France","family":"B\u00e9langer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dustin","family":"Ormond","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,4,3]]},"reference":[{"issue":"12","key":"9755_CR1","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1145\/322796.322806","volume":"42","author":"A Adams","year":"1999","unstructured":"Adams, A., & Sasse, M. A. (1999). Users are not the enemy. Communications of the ACM, 42(12), 40\u201346.","journal-title":"Communications of the ACM"},{"issue":"3","key":"9755_CR2","doi-asserted-by":"crossref","first-page":"613","DOI":"10.2307\/25750694","volume":"34","author":"CL Anderson","year":"2010","unstructured":"Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: a multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613\u2013643.","journal-title":"MIS Quarterly"},{"key":"9755_CR3","unstructured":"Avalanche Technology Group. (2014). Password hacked? A 10 step guide to getting back on track... Should I Change My Password. \n                    https:\/\/shouldichangemypassword.com\/password-hacked\n                    \n                  . Accessed 5 Jan 2014."},{"key":"9755_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2017.01.003","author":"F B\u00e9langer","year":"2017","unstructured":"B\u00e9langer, F., Collignon, S., Enget, K., & Negangard, E. (2017). User resistance to the implementation of a mandatory security enhancement. Information & Management. doi:\n                    10.1016\/j.im.2017.01.003\n                    \n                  .","journal-title":"Information & Management"},{"issue":"11","key":"9755_CR5","first-page":"1","volume":"4","author":"RJ Boncella","year":"2000","unstructured":"Boncella, R. J. (2000). Web security for e-commerce. Communications of the Association for Information Systems, 4(11), 1\u201343.","journal-title":"Communications of the Association for Information Systems"},{"key":"9755_CR6","doi-asserted-by":"crossref","first-page":"269","DOI":"10.17705\/1CAIS.00915","volume":"9","author":"RJ Boncella","year":"2002","unstructured":"Boncella, R. J. (2002). Wireless security: an overview. Communications of the Association for Information Systems, 9, 269\u2013282.","journal-title":"Communications of the Association for Information Systems"},{"issue":"4","key":"9755_CR7","doi-asserted-by":"crossref","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","volume":"39","author":"SR Boss","year":"2015","unstructured":"Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837\u2013864.","journal-title":"MIS Quarterly"},{"key":"9755_CR8","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1057\/ejis.2009.8","volume":"18","author":"SR Boss","year":"2009","unstructured":"Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If someone is watching, I\u2019ll do what I\u2019m asked: mandatoriness, control, and information security. European Journal of Information Systems, 18, 151\u2013164.","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"9755_CR9","doi-asserted-by":"crossref","first-page":"178","DOI":"10.1016\/j.cose.2010.11.003","volume":"30","author":"TD Breaux","year":"2011","unstructured":"Breaux, T. D., & Baumer, D. L. (2011). Legally \u201creasonable\u201d security requirements: a 10-year FTC retrospective. Computers & Security, 30(4), 178\u2013193.","journal-title":"Computers & Security"},{"issue":"3","key":"9755_CR10","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523\u2013548.","journal-title":"MIS Quarterly"},{"key":"9755_CR11","doi-asserted-by":"publisher","unstructured":"Burns, A.J., Posey, C., Courtney, J.F., Roberts, T.L., & Nanayakkara, P. (2015). Organizational information security as a complex adaptive system: insights from three agent-based models. Information System Frontiers, 1\u201316. doi:\n                    10.1007\/s10796-015-9608-8\n                    \n                  .","DOI":"10.1007\/s10796-015-9608-8"},{"issue":"8","key":"9755_CR12","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1016\/j.cose.2011.08.004","volume":"30","author":"K-KR Choo","year":"2011","unstructured":"Choo, K.-K. R. (2011). The cyber threat landscape: challenges and future research directions. Computers & Security, 30(8), 719\u2013731.","journal-title":"Computers & Security"},{"key":"9755_CR13","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1177\/002224377901600110","volume":"16","author":"GA Churchill","year":"1979","unstructured":"Churchill, G. A. (1979). A paradigm for developing better measures of marketing constructs. Journal of Marketing Research, 16, 64\u201373.","journal-title":"Journal of Marketing Research"},{"key":"9755_CR14","unstructured":"Cohen, J. (1969) Statistical power analysis for the behavioral sciences. New York: Academic Press."},{"issue":"1","key":"9755_CR15","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/0167-4048(87)90122-2","volume":"6","author":"F Cohen","year":"1987","unstructured":"Cohen, F. (1987). Computer viruses: theory and experiments. Computers & Security, 6(1), 22\u201335.","journal-title":"Computers & Security"},{"key":"9755_CR16","doi-asserted-by":"crossref","unstructured":"Crossler, R.E. (2010). Protection motivation theory: Understanding determinants to backing up personal data. In 2010 43rd Hawaii International Conference on System Sciences (HICSS) (pp. 1\u201310).","DOI":"10.1109\/HICSS.2010.311"},{"issue":"1","key":"9755_CR17","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","volume":"32","author":"RE Crossler","year":"2013","unstructured":"Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32(1), 90\u2013101.","journal-title":"Computers & Security"},{"issue":"1","key":"9755_CR18","doi-asserted-by":"crossref","first-page":"209","DOI":"10.2308\/isys-50704","volume":"28","author":"RE Crossler","year":"2014","unstructured":"Crossler, R. E., Long, J. H., Loraas, T. M., & Trinkle, B. S. (2014). Understanding compliance with BYOD (bring your own device) policies utilizing protection motivation theory: bridging the intention-behavior gap. Journal of Information Systems, 28(1), 209\u2013226.","journal-title":"Journal of Information Systems"},{"issue":"6","key":"9755_CR19","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1057\/ejis.2011.23","volume":"20","author":"J D\u2019Arcy","year":"2011","unstructured":"D\u2019Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings. European Journal of Information Systems, 20(6), 643\u2013658.","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"9755_CR20","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","volume":"20","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20(1), 79\u201398.","journal-title":"Information Systems Research"},{"key":"9755_CR21","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1016\/j.cose.2014.11.002","volume":"48","author":"D Dang-Pham","year":"2015","unstructured":"Dang-Pham, D., & Pittayachawan, S. (2015). Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: a protection motivation theory approach. Computers & Security, 48, 281\u2013297.","journal-title":"Computers & Security"},{"key":"9755_CR22","unstructured":"Deloitte. (2007). 2007 global security survey: the shifting security paradigm."},{"issue":"5","key":"9755_CR23","first-page":"1","volume":"7","author":"AR Dennis","year":"2001","unstructured":"Dennis, A. R., & Valacich, J. S. (2001). Conducting research in information systems. Communications of the Association for Information Systems, 7(5), 1\u201341.","journal-title":"Communications of the Association for Information Systems"},{"key":"9755_CR24","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1111\/j.1365-2575.2006.00219.x","volume":"16","author":"G Dhillon","year":"2006","unstructured":"Dhillon, G., & Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. Information Systems Journal, 16, 293\u2013314.","journal-title":"Information Systems Journal"},{"issue":"7","key":"9755_CR25","doi-asserted-by":"crossref","first-page":"386","DOI":"10.17705\/1jais.00133","volume":"8","author":"T Dinev","year":"2007","unstructured":"Dinev, T., & Hu, Q. (2007). The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems, 8(7), 386\u2013408.","journal-title":"Journal of the Association for Information Systems"},{"issue":"5","key":"9755_CR26","doi-asserted-by":"crossref","first-page":"410","DOI":"10.1016\/j.cose.2007.03.001","volume":"26","author":"SM Furnell","year":"2007","unstructured":"Furnell, S. M., Bryant, P., & Phippen, A. D. (2007). Assessing the security perceptions of personal internet users. Computers & Security, 26(5), 410\u2013417.","journal-title":"Computers & Security"},{"issue":"8","key":"9755_CR27","doi-asserted-by":"crossref","first-page":"983","DOI":"10.1016\/j.cose.2012.08.004","volume":"31","author":"S Furnell","year":"2012","unstructured":"Furnell, S., & Clarke, N. (2012). Power to the people? The evolving recognition of human aspects of security. Computers & Security, 31(8), 983\u2013988.","journal-title":"Computers & Security"},{"issue":"1","key":"9755_CR28","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1016\/j.cose.2005.12.004","volume":"25","author":"SM Furnell","year":"2006","unstructured":"Furnell, S. M., Jusoh, A., & Katsabas, D. (2006). The challenges of understanding and using security: a survey of end-users. Computers & Security, 25(1), 27\u201335.","journal-title":"Computers & Security"},{"issue":"3","key":"9755_CR29","doi-asserted-by":"crossref","first-page":"256","DOI":"10.1016\/j.intcom.2011.03.007","volume":"23","author":"B Grawemeyer","year":"2011","unstructured":"Grawemeyer, B., & Johnson, H. (2011). Using and managing multiple passwords: a week to a view. Interacting with Computers, 23(3), 256\u2013267.","journal-title":"Interacting with Computers"},{"key":"9755_CR30","volume-title":"Multivariate data analysis: a global perspective","author":"JF Hair","year":"2010","unstructured":"Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2010). Multivariate data analysis: a global perspective (7th ed.). Upper Saddle River: Pearson Education.","edition":"7"},{"issue":"10","key":"9755_CR31","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1016\/S1353-4858(05)70291-9","volume":"2005","author":"P Hallam-Baker","year":"2005","unstructured":"Hallam-Baker, P. (2005). Prevention strategies for the next wave of cyber crime. Network Security, 2005(10), 12\u201315.","journal-title":"Network Security"},{"issue":"1","key":"9755_CR32","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1111\/j.1365-2575.2012.00420.x","volume":"24","author":"T Herath","year":"2014","unstructured":"Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., & Rao, H. R. (2014). Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service. Information Systems Journal, 24(1), 61\u201384.","journal-title":"Information Systems Journal"},{"issue":"2","key":"9755_CR33","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","volume":"18","author":"T Herath","year":"2009","unstructured":"Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106\u2013125.","journal-title":"European Journal of Information Systems"},{"issue":"1\u20132","key":"9755_CR34","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1016\/j.cose.2008.09.007","volume":"28","author":"A Herzberg","year":"2009","unstructured":"Herzberg, A. (2009). Why Johnny can\u2019t surf (safely)? Attacks and defenses for web users. Computers & Security, 28(1\u20132), 63\u201371.","journal-title":"Computers & Security"},{"issue":"1","key":"9755_CR35","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1016\/S0167-4048(96)90057-7","volume":"15","author":"HJ Highland","year":"1996","unstructured":"Highland, H. J. (1996). Random bits & bytes. Computers & Security, 15(1), 4\u201311.","journal-title":"Computers & Security"},{"issue":"8","key":"9755_CR36","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1145\/1076211.1076241","volume":"48","author":"Q Hu","year":"2005","unstructured":"Hu, Q., & Dinev, T. (2005). Is spyware an internet nuisance of public menace? Communications of the ACM, 48(8), 61\u201366.","journal-title":"Communications of the ACM"},{"issue":"1","key":"9755_CR37","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","volume":"31","author":"P Ifinedo","year":"2012","unstructured":"Ifinedo, P. (2012). Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83\u201395.","journal-title":"Computers & Security"},{"issue":"5","key":"9755_CR38","doi-asserted-by":"crossref","first-page":"429","DOI":"10.1016\/S0167-4048(99)80089-3","volume":"18","author":"N Jarvis","year":"1999","unstructured":"Jarvis, N. (1999). E-commerce and encryption: barriers to growth. Computers & Security, 18(5), 429\u2013431.","journal-title":"Computers & Security"},{"issue":"3","key":"9755_CR39","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","volume":"34","author":"AC Johnston","year":"2010","unstructured":"Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS Quarterly, 34(3), 549\u2013566.","journal-title":"MIS Quarterly"},{"issue":"1","key":"9755_CR40","doi-asserted-by":"crossref","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","volume":"39","author":"AC Johnston","year":"2015","unstructured":"Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113\u2013134.","journal-title":"MIS Quarterly"},{"issue":"4","key":"9755_CR41","doi-asserted-by":"crossref","first-page":"533","DOI":"10.1287\/mnsc.45.4.533","volume":"45","author":"RL Keeney","year":"1999","unstructured":"Keeney, R. L. (1999). The value of internet commerce to the customer. Management Science, 45(4), 533\u2013542.","journal-title":"Management Science"},{"issue":"2","key":"9755_CR42","first-page":"219","volume":"3","author":"EB Kim","year":"2005","unstructured":"Kim, E. B. (2005). Information security awareness status of full time employees. The Business Review, 3(2), 219.","journal-title":"The Business Review"},{"issue":"5","key":"9755_CR43","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1016\/j.im.2008.02.008","volume":"45","author":"M Kishi","year":"2008","unstructured":"Kishi, M. (2008). Perceptions and use of electronic media: testing the relationship between organizational interpretation differences and media richness. Information Management, 45(5), 281\u2013287.","journal-title":"Information Management"},{"issue":"1","key":"9755_CR44","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/BF02289565","volume":"29","author":"JB Kruskal","year":"1964","unstructured":"Kruskal, J. B. (1964). Multidimensional scaling by optimizing goodness of fit to a nonmetric hypothesis. Psychometrika, 29(1), 1\u201327.","journal-title":"Psychometrika"},{"issue":"1","key":"9755_CR45","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s102070100003","volume":"1","author":"CE Landwehr","year":"2001","unstructured":"Landwehr, C. E. (2001). Computer security. International Journal of Information Security, 1(1), 3\u201313.","journal-title":"International Journal of Information Security"},{"issue":"2","key":"9755_CR46","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1016\/j.dss.2010.07.009","volume":"50","author":"Y Lee","year":"2011","unstructured":"Lee, Y. (2011). Understanding anti-plagiarism software adoption: an extended protection motivation theory perspective. Decision Support Systems, 50(2), 361\u2013369.","journal-title":"Decision Support Systems"},{"issue":"2","key":"9755_CR47","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1057\/ejis.2009.11","volume":"18","author":"Y Lee","year":"2009","unstructured":"Lee, Y., & Larsen, K. R. (2009). Threat or coping appraisal: determinants of SMB executives\u2019 decision to adopt anti-malware software. European Journal of Information Systems, 18(2), 177\u2013187.","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"9755_CR48","doi-asserted-by":"crossref","first-page":"375","DOI":"10.1007\/s10796-010-9253-1","volume":"14","author":"M Lee","year":"2012","unstructured":"Lee, M., & Lee, J. (2012). The impact of information security failure on customer behaviors: a study on a large-scale hacking incident on the internet. Information Systems Frontiers, 14(2), 375\u2013393.","journal-title":"Information Systems Frontiers"},{"issue":"4","key":"9755_CR49","doi-asserted-by":"crossref","first-page":"635","DOI":"10.1016\/j.dss.2009.12.005","volume":"48","author":"H Li","year":"2010","unstructured":"Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635\u2013645.","journal-title":"Decision Support Systems"},{"issue":"7","key":"9755_CR50","doi-asserted-by":"crossref","first-page":"394","DOI":"10.17705\/1jais.00232","volume":"11","author":"H Liang","year":"2010","unstructured":"Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: a threat avoidance perspective. Journal of the Association for Information Systems, 11(7), 394\u2013413.","journal-title":"Journal of the Association for Information Systems"},{"issue":"3","key":"9755_CR51","doi-asserted-by":"crossref","first-page":"170","DOI":"10.17705\/1thci.00032","volume":"3","author":"K Marett","year":"2011","unstructured":"Marett, K., McNab, A. L., & Harris, R. B. (2011). Social networking websites and posting personal information: an evaluation of protection motivation theory. AIS Transactions on Human-Computer Interaction, 3(3), 170\u2013188.","journal-title":"AIS Transactions on Human-Computer Interaction"},{"issue":"4","key":"9755_CR52","doi-asserted-by":"crossref","first-page":"634","DOI":"10.1016\/j.cose.2012.03.005","volume":"31","author":"K Michael","year":"2012","unstructured":"Michael, K. (2012). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Computers & Security, 31(4), 634\u2013635.","journal-title":"Computers & Security"},{"issue":"6","key":"9755_CR53","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1016\/j.im.2013.04.005","volume":"50","author":"GD Moody","year":"2013","unstructured":"Moody, G. D., & Siponen, M. (2013). Using the theory of interpersonal behavior to explain non-work-related personal use of the internet at work. Information Management, 50(6), 322\u2013335. doi:\n                    10.1016\/j.im.2013.04.005\n                    \n                  .","journal-title":"Information Management"},{"key":"9755_CR54","doi-asserted-by":"crossref","unstructured":"Ng, B.-Y., Kankanhalli, A., & Xu, Y. (. C.). (2009). Studying users\u2019 computer security behavior: a health belief perspective. Decision Support Systems, 46(4), 815\u2013825.","DOI":"10.1016\/j.dss.2008.11.010"},{"issue":"4","key":"9755_CR55","doi-asserted-by":"crossref","first-page":"418","DOI":"10.1016\/j.cose.2012.02.009","volume":"31","author":"A Nicholson","year":"2012","unstructured":"Nicholson, A., Webber, S., Dyer, S., Patel, T., & Janicke, H. (2012). SCADA security in the light of cyber-warfare. Computers & Security, 31(4), 418\u2013436.","journal-title":"Computers & Security"},{"issue":"4","key":"9755_CR56","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1016\/j.cose.2011.12.010","volume":"31","author":"SL Pfleeger","year":"2012","unstructured":"Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & Security, 31(4), 597\u2013611.","journal-title":"Computers & Security"},{"issue":"1","key":"9755_CR57","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/S0378-7206(99)00028-2","volume":"37","author":"G Post","year":"2000","unstructured":"Post, G., & Kagan, A. (2000). Management tradeoffs in anti-virus strategies. Information & Management, 37(1), 13\u201324.","journal-title":"Information & Management"},{"key":"9755_CR58","doi-asserted-by":"crossref","first-page":"42","DOI":"10.5120\/15392-4007","volume":"88","author":"K Rani Sahu","year":"2014","unstructured":"Rani Sahu, K., & Dubey, J. (2014). A survey on phishing attacks. International Journal of Computer Applications, 88, 42\u201345.","journal-title":"International Journal of Computer Applications"},{"issue":"7\u20138","key":"9755_CR59","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1016\/j.cose.2008.07.008","volume":"27","author":"Y Rezgui","year":"2008","unstructured":"Rezgui, Y., & Marks, A. (2008). Information security awareness in higher education: an exploratory study. Computers & Security, 27(7\u20138), 241\u2013253.","journal-title":"Computers & Security"},{"issue":"8","key":"9755_CR60","doi-asserted-by":"crossref","first-page":"816","DOI":"10.1016\/j.cose.2009.05.008","volume":"28","author":"H-S Rhee","year":"2009","unstructured":"Rhee, H.-S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users\u2019 information security practice behavior. Computers & Security, 28(8), 816\u2013826.","journal-title":"Computers & Security"},{"key":"9755_CR61","unstructured":"Richardson, R. (2007). CSI computer crime and security survey."},{"key":"9755_CR62","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","volume":"91","author":"RW Rogers","year":"1975","unstructured":"Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91, 93\u2013114.","journal-title":"The Journal of Psychology"},{"issue":"3","key":"9755_CR63","first-page":"i","volume":"16","author":"CD Schou","year":"2004","unstructured":"Schou, C. D., & Trimmer, K. J. (2004). Information assurance and security. Journal of Organizational and End User Computing, 16(3), i\u2013vii.","journal-title":"Journal of Organizational and End User Computing"},{"issue":"2","key":"9755_CR64","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.im.2013.08.006","volume":"51","author":"M Siponen","year":"2014","unstructured":"Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees\u2019 adherence to information security policies: an exploratory field study. Information & Management, 51(2), 217\u2013224.","journal-title":"Information & Management"},{"issue":"3","key":"9755_CR65","doi-asserted-by":"crossref","first-page":"487","DOI":"10.2307\/25750688","volume":"34","author":"M Siponen","year":"2010","unstructured":"Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487\u2013502.","journal-title":"MIS Quarterly"},{"issue":"7","key":"9755_CR66","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","volume":"48","author":"J-Y Son","year":"2011","unstructured":"Son, J.-Y. (2011). Out of fear or desire? Toward a better understanding of employees\u2019 motivation to follow IS security policies. Information & Management, 48(7), 296\u2013302.","journal-title":"Information & Management"},{"key":"9755_CR67","volume-title":"Basic statistical analysis","author":"RC Sprinthall","year":"2003","unstructured":"Sprinthall, R. C. (2003). Basic statistical analysis (7th ed.). Boston: Pearson.","edition":"7"},{"issue":"2","key":"9755_CR68","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.cose.2004.07.001","volume":"24","author":"JM Stanton","year":"2005","unstructured":"Stanton, J. M., Stam, K. R., Mastrangelo, P., & Jolton, J. (2005). Analysis of end user security behaviors. Computers & Security, 24(2), 124\u2013133.","journal-title":"Computers & Security"},{"issue":"2","key":"9755_CR69","doi-asserted-by":"crossref","first-page":"147","DOI":"10.2307\/248922","volume":"13","author":"DW Straub","year":"1989","unstructured":"Straub, D. W. (1989). Validating instruments in MIS research. MIS Quarterly, 13(2), 147\u2013169.","journal-title":"MIS Quarterly"},{"key":"9755_CR70","unstructured":"Symantec. (2011). Symantec internet security threat report: 2011 trends. \n                    http:\/\/www.symantec.com\/threatreport\n                    \n                  ."},{"issue":"1","key":"9755_CR71","doi-asserted-by":"crossref","first-page":"21","DOI":"10.4018\/joeuc.2012010102","volume":"24","author":"A Vance","year":"2012","unstructured":"Vance, A., & Siponen, M. (2012). IS security policy violations: a rational choice perspective. Journal of Organizational and End User Computing, 24(1), 21\u201341.","journal-title":"Journal of Organizational and End User Computing"},{"issue":"3\u20134","key":"9755_CR72","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1016\/j.im.2012.04.002","volume":"49","author":"A Vance","year":"2012","unstructured":"Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: insights from habit and protection motivation theory. Information Management, 49(3\u20134), 190\u2013198.","journal-title":"Information Management"},{"issue":"3","key":"9755_CR73","doi-asserted-by":"crossref","first-page":"286","DOI":"10.1016\/j.cose.2012.01.007","volume":"31","author":"C Vorakulpipat","year":"2012","unstructured":"Vorakulpipat, C., Visoottiviseth, V., & Siwamogsatham, S. (2012). Polite sender: a resource-saving spam email countermeasure based on sender responsibilities and recipient justifications. Computers & Security, 31(3), 286\u2013298.","journal-title":"Computers & Security"},{"issue":"4","key":"9755_CR74","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1007\/s10796-009-9203-y","volume":"12","author":"M Warren","year":"2010","unstructured":"Warren, M., & Leitch, S. (2010). Hacker taggers: a new type of hackers. Information System Frontiers, 12(4), 425\u2013431.","journal-title":"Information System Frontiers"},{"issue":"1","key":"9755_CR75","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1016\/j.ijinfomgt.2003.12.003","volume":"24","author":"ME Whitman","year":"2004","unstructured":"Whitman, M. E. (2004). In defense of the realm: understanding the threats to information security. International Journal of Information Management, 24(1), 43\u201357.","journal-title":"International Journal of Information Management"},{"issue":"1","key":"9755_CR76","doi-asserted-by":"crossref","first-page":"1","DOI":"10.25300\/MISQ\/2013\/37.1.01","volume":"37","author":"R Willison","year":"2013","unstructured":"Willison, R., & Warkentin, M. (2013). Beyond deterrence: an expanded view of employee computer abuse. MIS Quarterly, 37(1), 1\u201320.","journal-title":"MIS Quarterly"},{"issue":"4","key":"9755_CR77","doi-asserted-by":"crossref","first-page":"329","DOI":"10.1080\/03637759209376276","volume":"59","author":"K Witte","year":"1992","unstructured":"Witte, K. (1992). Putting fear back into fear appeals: the extended parallel process model. Communication Monographs, 59(4), 329\u2013349.","journal-title":"Communication Monographs"},{"key":"9755_CR78","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1080\/03637759409376328","volume":"61","author":"K Witte","year":"1994","unstructured":"Witte, K. (1994). Fear control and danger control: a test of the extended parallel process model (EPPM). Communication Monographs, 61, 113\u2013134.","journal-title":"Communication Monographs"},{"issue":"1","key":"9755_CR79","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1108\/09685229610114204","volume":"4","author":"CC Wood","year":"1996","unstructured":"Wood, C. C. (1996). Constructing difficult-to-guess passwords. Information Management & Computer Security, 4(1), 43\u201344.","journal-title":"Information Management & Computer Security"},{"key":"9755_CR80","unstructured":"Woon, I.M.Y., Tan, G.W., & Low, R.T. (2005). A protection motivation theory approach to home wireless security. In International Conference on Information Systems (pp. 367\u2013380)."},{"issue":"6","key":"9755_CR81","doi-asserted-by":"crossref","first-page":"2799","DOI":"10.1016\/j.chb.2008.04.005","volume":"24","author":"M Workman","year":"2008","unstructured":"Workman, M., Bommer, W. H., & Straub, D. W. (2008). Security lapses and the omission of information security measures: a threat control model and empirical test. Computers in Human Behavior, 24(6), 2799\u20132816.","journal-title":"Computers in Human Behavior"},{"issue":"2","key":"9755_CR82","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1007\/s10796-015-9594-x","volume":"18","author":"C-G Yang","year":"2016","unstructured":"Yang, C.-G., & Lee, H.-J. (2016). A study on the antecedents of healthcare information protection intention. Information System Frontiers, 18(2), 253\u2013263.","journal-title":"Information System Frontiers"},{"issue":"2","key":"9755_CR83","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1057\/ejis.2009.9","volume":"18","author":"J Zhang","year":"2009","unstructured":"Zhang, J., Luo, X., Akkaladevi, S., & Ziegelmayer, J. (2009). Improving multiple-password recall: an empirical study. European Journal of Information Systems, 18(2), 165\u2013176.","journal-title":"European Journal of Information Systems"},{"key":"9755_CR84","volume-title":"Business research methods","author":"WG Zikmund","year":"2000","unstructured":"Zikmund, W. G. (2000). Business research methods. Forth Worth: Harcourt College Publishers."},{"issue":"4","key":"9755_CR85","first-page":"2","volume":"17","author":"M Zviran","year":"2006","unstructured":"Zviran, M., & Erlich, Z. (2006). Identification and authentication: technology and implementation issues. Communications of the Association for Information Systems, 17(4), 2\u201331.","journal-title":"Communications of the Association for Information Systems"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-017-9755-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-017-9755-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-017-9755-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,9]],"date-time":"2019-10-09T16:48:03Z","timestamp":1570639683000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-017-9755-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,3]]},"references-count":85,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,4]]}},"alternative-id":["9755"],"URL":"https:\/\/doi.org\/10.1007\/s10796-017-9755-1","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,4,3]]},"assertion":[{"value":"3 April 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}