{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,7]],"date-time":"2026-06-07T07:58:26Z","timestamp":1780819106618,"version":"3.54.1"},"reference-count":95,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2021,2,9]],"date-time":"2021-02-09T00:00:00Z","timestamp":1612828800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,2,9]],"date-time":"2021-02-09T00:00:00Z","timestamp":1612828800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2022,4]]},"DOI":"10.1007\/s10796-021-10113-z","type":"journal-article","created":{"date-parts":[[2021,2,10]],"date-time":"2021-02-10T06:23:24Z","timestamp":1612938204000},"page":"637-658","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios"],"prefix":"10.1007","volume":"24","author":[{"given":"Jeffrey D.","family":"Wall","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8614-646X","authenticated-orcid":false,"given":"Prashant","family":"Palvia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"John","family":"D\u2019Arcy","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,2,9]]},"reference":[{"key":"10113_CR1","volume-title":"Social learning and social structure: A general theory of crime and deviance","author":"RL Akers","year":"2009","unstructured":"Akers, R. L. (2009). Social learning and social structure: A general theory of crime and deviance. Brunswick: Transaction Publishers."},{"issue":"2","key":"10113_CR2","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1037\/0033-295X.84.2.191","volume":"84","author":"A Bandura","year":"1977","unstructured":"Bandura, A. (1977). Self-efficacy: Toward a unifying theory of behavioral change. Psychological Review, 84(2), 191\u2013215.","journal-title":"Psychological Review"},{"key":"10113_CR3","volume-title":"Social foundations of thought and action: A social cognitive theory","author":"A Bandura","year":"1986","unstructured":"Bandura, A. (1986). Social foundations of thought and action: A social cognitive theory. Englewood Cliffs: Prentice Hall."},{"issue":"1","key":"10113_CR4","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1177\/0149206311410606","volume":"38","author":"A Bandura","year":"2012","unstructured":"Bandura, A. (2012). On the functional properties of perceived self-efficacy revisited. Journal of Management, 38(1), 9\u201344.","journal-title":"Journal of Management"},{"issue":"Part B","key":"10113_CR5","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1016\/j.cose.2013.05.006","volume":"39","author":"JB Barlow","year":"2013","unstructured":"Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don\u2019t make excuses! Discouraging neutralization to reduce IT policy violation. Computers & Security, 39(Part B), 145\u2013159.","journal-title":"Computers & Security"},{"key":"10113_CR6","doi-asserted-by":"crossref","unstructured":"Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2018). Don\u2019t even think about it! The effects of anti-neutralization, informational, and normative communication on information security compliance. Journal of the Association for Information Systems, forthcoming, 19(8), 3","DOI":"10.17705\/1jais.00506"},{"issue":"3","key":"10113_CR7","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1111\/1467-937X.00253","volume":"70","author":"R B\u00e9nabou","year":"2003","unstructured":"B\u00e9nabou, R., & Tirole, J. (2003). Intrinsic and extrinsic motivation. The Review of Economic Studies, 70(3), 489\u2013520.","journal-title":"The Review of Economic Studies"},{"issue":"4","key":"10113_CR8","doi-asserted-by":"publisher","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","volume":"39","author":"SR Boss","year":"2015","unstructured":"Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do users have to fear? Using fear appeals to engender threats and fear that motivate protective behaviors in users. MIS Quarterly, 39(4), 837\u2013864.","journal-title":"MIS Quarterly"},{"key":"10113_CR9","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1057\/ejis.2009.8","volume":"18","author":"SR Boss","year":"2009","unstructured":"Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, W. R. (2009). If someone is watching, I\u2019ll do what I\u2019m asked: manditoriness, control, and information security. European Journal of Information Systems, 18, 151\u2013164.","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"10113_CR10","doi-asserted-by":"publisher","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523\u2013548.","journal-title":"MIS Quarterly"},{"key":"10113_CR11","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1007\/s10796-015-9608-8","volume":"19","author":"AJ Burns","year":"2017","unstructured":"Burns, A. J., Courtney, J. F., Roberts, T. L., & Nanayakkara, P. (2017). Organizational information security as a complex adaptive system: Insights from three agent-based models. Information Systems Frontiers, 19, 509\u2013524.","journal-title":"Information Systems Frontiers"},{"key":"10113_CR12","doi-asserted-by":"publisher","unstructured":"Burns, A. J., Posey, C., & Roberts, T. L. (2019). Insiders\u2019 adaptations to security-based demands in the workplace: An examination of security behavioral complexity. Information Systems Frontiers, 1\u201318.\u00a0https:\/\/doi.org\/10.1007\/s10796-019-09951-9.","DOI":"10.1007\/s10796-019-09951-9"},{"issue":"3","key":"10113_CR13","doi-asserted-by":"publisher","first-page":"157","DOI":"10.2753\/MIS0742-1222290305","volume":"29","author":"Y Chen","year":"2012","unstructured":"Chen, Y., Ramamurthy, K. R., & Wen, K. W. (2012). Organizations\u2019 information security policy compliance: Stick or carrot approach? Journal of Management Information Systems, 29(3), 157\u2013188.","journal-title":"Journal of Management Information Systems"},{"key":"10113_CR14","doi-asserted-by":"crossref","unstructured":"Cram, W. A., Proudfoot, J., & D\u2019Arcy, J. (2017) Seeing the forest and the trees: A meta-analysis of information security policy compliance literature. In Hawaii International Conference on System Sciences, Hawaii.","DOI":"10.24251\/HICSS.2017.489"},{"key":"10113_CR15","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/s10796-017-9755-1","volume":"21","author":"RE Crossler","year":"2019","unstructured":"Crossler, R. E., B\u00e9langer, F., & Ormond, D. (2019). The quest for complete security: An empirical analysis of users\u2019 multi-layered protection from security threats. Information Systems Frontiers, 21, 343\u2013357.","journal-title":"Information Systems Frontiers"},{"key":"10113_CR16","first-page":"1","volume-title":"2010\/2011 CSI computer crime and security survey","author":"CSI","year":"2011","unstructured":"CSI. (2011). 2010\/2011 CSI computer crime and security survey (pp. 1\u201342). New York: Computer Security Institute."},{"issue":"1","key":"10113_CR17","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1016\/j.cose.2017.05.002","volume":"70","author":"A da Viega","year":"2017","unstructured":"da Viega, A., & Martins, N. (2017). Defining and identifying dominant information security cultures and subcultures. Computers & Security, 70(1), 72\u201394.","journal-title":"Computers & Security"},{"issue":"6","key":"10113_CR18","doi-asserted-by":"publisher","first-page":"1091","DOI":"10.1111\/j.1540-5915.2012.00383.x","volume":"43","author":"J D\u2019Arcy","year":"2012","unstructured":"D\u2019Arcy, J., & Devaraj, S. (2012). Employee misuse of information technology resources: Testing a contemporary deterrence model. Decision Sciences, 43(6), 1091\u20131124.","journal-title":"Decision Sciences"},{"key":"10113_CR19","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1057\/ejis.2011.23","volume":"20","author":"J D\u2019Arcy","year":"2011","unstructured":"D\u2019Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20, 643\u2013658.","journal-title":"European Journal of Information Systems"},{"key":"10113_CR20","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s10551-008-9909-7","volume":"89","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy, J., & Hovav, A. (2009). Does one size fit all? Examining the differential effects of IS security countermeasures. Journal of Business Ethics, 89, 59\u201371.","journal-title":"Journal of Business Ethics"},{"issue":"1","key":"10113_CR21","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1287\/isre.1070.0160","volume":"20","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79\u201398.","journal-title":"Information Systems Research"},{"issue":"1","key":"10113_CR22","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1111\/j.1467-6494.1994.tb00797.x","volume":"62","author":"EL Deci","year":"1994","unstructured":"Deci, E. L., Eghrari, H., Patrick, B. C., & Leone, D. R. (1994). Facilitating internalization: The self-determination theory perspective. Journal of Personality, 62(1), 119\u2013142.","journal-title":"Journal of Personality"},{"issue":"6","key":"10113_CR23","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1037\/0033-2909.125.6.627","volume":"125","author":"EL Deci","year":"1999","unstructured":"Deci, E. L., Koestner, R., & Ryan, R. M. (1999). A meta-analytic review of experiments examining the effects of extrinsic rewards on intrinsic motivation. Psychological Bulletin, 125(6), 627\u2013668.","journal-title":"Psychological Bulletin"},{"issue":"2","key":"10113_CR24","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","volume":"11","author":"G Dhillon","year":"2001","unstructured":"Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal, 11(2), 127\u2013153.","journal-title":"Information Systems Journal"},{"issue":"1","key":"10113_CR25","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1016\/j.cose.2015.10.001","volume":"56","author":"G Dhillon","year":"2016","unstructured":"Dhillon, G., Syed, R., & Pedron, C. (2016). Interpreting information security culture: An organizational transformation case study. Computers & Security, 56(1), 63\u201369.","journal-title":"Computers & Security"},{"issue":"6","key":"10113_CR26","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1037\/0033-2909.125.6.677","volume":"125","author":"R Eisenberger","year":"1999","unstructured":"Eisenberger, R., Pierce, W. D., & Cameron, J. (1999). Effects of reward on intrinsic motivation\u2014negative, neutral, and positive: Comment on Deci, Koestner, and Ryan (1999). Psychological Bulletin, 125(6), 677\u2013691.","journal-title":"Psychological Bulletin"},{"issue":"2","key":"10113_CR27","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1287\/mnsc.31.2.134","volume":"31","author":"KM Eisenhardt","year":"1985","unstructured":"Eisenhardt, K. M. (1985). Control: Organizational and economic approaches. Management Science, 31(2), 134\u2013149.","journal-title":"Management Science"},{"key":"10113_CR28","unstructured":"Foucault, M. (1977). Discipline and punishment: The birth of the prison (A. Sheridan, Trans.). New York: Vintage Books."},{"issue":"2","key":"10113_CR29","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","volume":"28","author":"KH Guo","year":"2011","unstructured":"Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203\u2013236.","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"10113_CR30","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1111\/isj.12257","volume":"30","author":"KL Gwebu","year":"2020","unstructured":"Gwebu, K. L., Wang, J., & Hu, M. Y. (2020). Information security policy noncompliance: An integrative social influence model. Information Systems Journal, 30(2), 220\u2013269.","journal-title":"Information Systems Journal"},{"issue":"3","key":"10113_CR31","doi-asserted-by":"publisher","first-page":"257","DOI":"10.2307\/249656","volume":"20","author":"SJ Harrington","year":"1996","unstructured":"Harrington, S. J. (1996). The effect codes of ethics and personal denial of responsibility on computer abuse judgements and intentions. MIS Quarterly, 20(3), 257\u2013278.","journal-title":"MIS Quarterly"},{"key":"10113_CR32","unstructured":"Hassan, N. R. (2014) Useful products in theorizing for information systems. In Thirty Fifth International Conference on Information Systems, Auckland, NZ (pp. 1\u201321)."},{"key":"10113_CR33","unstructured":"Hassan, N. R., & Lowry, P. B. (2015) Seeking middle-range theories in information systems research. In Thirty Sixth International Conference on Information Systems, Fort Worth, TX (pp. 1\u201319)."},{"issue":"2","key":"10113_CR34","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1057\/ejis.2009.6","volume":"18","author":"T Herath","year":"2009","unstructured":"Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106\u2013125.","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"10113_CR35","doi-asserted-by":"publisher","first-page":"615","DOI":"10.1111\/j.1540-5915.2012.00361.x","volume":"43","author":"Q Hu","year":"2012","unstructured":"Hu, Q., Dinev, T., Hart, P., & Cooke, D. (2012). Managing employee compliance with information security policy: The critical role of top management and organizational culture. Decision Sciences, 43(4), 615\u2013659.","journal-title":"Decision Sciences"},{"issue":"3","key":"10113_CR36","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1177\/002224298805200303","volume":"52","author":"BJ Jaworski","year":"1988","unstructured":"Jaworski, B. J. (1988). Toward a theory of marketing control: Environmental context, control types, and consequences. Journal of Marketing, 52(3), 23\u201339.","journal-title":"Journal of Marketing"},{"issue":"3","key":"10113_CR37","doi-asserted-by":"publisher","first-page":"549","DOI":"10.2307\/25750691","volume":"34","author":"AC Johnston","year":"2010","unstructured":"Johnston, A. C., & Warkentin, M. (2010a). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549\u2013566.","journal-title":"MIS Quarterly"},{"issue":"3","key":"10113_CR38","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/joeuc.2010070101","volume":"22","author":"AC Johnston","year":"2010","unstructured":"Johnston, A. C., & Warkentin, M. (2010b). The influence of perceived source credibility on end user attitudes and intentions to comply with recommended IT actions. Journal of Organizational and End User Computing, 22(3), 1\u201321.","journal-title":"Journal of Organizational and End User Computing"},{"issue":"3","key":"10113_CR39","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1057\/ejis.2015.15","volume":"25","author":"AC Johnston","year":"2016","unstructured":"Johnston, A. C., Warkentin, M., McBride, M., & Carter, L. D. (2016). Dispositional and Situational Factors: Influences on IS Security Policy Violations. European Journal of Information Systems, 25(3), 231\u2013251.","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"10113_CR40","doi-asserted-by":"publisher","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","volume":"39","author":"AC Johnston","year":"2015","unstructured":"Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113\u2013134.","journal-title":"MIS Quarterly"},{"key":"10113_CR41","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.cose.2014.03.003","volume":"43","author":"M Kajzer","year":"2014","unstructured":"Kajzer, M., D\u2019Arcy, J., Crowell, C. R., Striegel, A., & Van Bruggen, D. (2014). An exploratory investigation of message-person congruence in information security awareness campaigns. Computers & Security, 43, 65\u201376.","journal-title":"Computers & Security"},{"key":"10113_CR42","doi-asserted-by":"publisher","first-page":"1241","DOI":"10.1007\/s10796-019-09927-9","volume":"22","author":"HJ Kam","year":"2020","unstructured":"Kam, H. J., Mattson, T., & Goel, S. (2020). A cross industry study of institutional pressures on organizational effort to raise information security awareness. Information Systems Frontiers, 22, 1241\u20131264.","journal-title":"Information Systems Frontiers"},{"issue":"1","key":"10113_CR43","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1287\/orsc.7.1.1","volume":"17","author":"LJ Kirsch","year":"1996","unstructured":"Kirsch, L. J. (1996). The management of complex tasks in organizations: Controlling the systems development process. Organization Science, 17(1), 1\u201321.","journal-title":"Organization Science"},{"issue":"3","key":"10113_CR44","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1287\/isre.8.3.215","volume":"8","author":"LJ Kirsch","year":"1997","unstructured":"Kirsch, L. J. (1997). Portfolios of control modes and IS project management. Information Systems Research, 8(3), 215\u2013239.","journal-title":"Information Systems Research"},{"issue":"4","key":"10113_CR45","doi-asserted-by":"publisher","first-page":"374","DOI":"10.1287\/isre.1040.0036","volume":"15","author":"LJ Kirsch","year":"2004","unstructured":"Kirsch, L. J. (2004). Deploying common systems globally: The dynamics of control. Information Systems Research, 15(4), 374\u2013395.","journal-title":"Information Systems Research"},{"issue":"4","key":"10113_CR46","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1287\/mnsc.48.4.484.204","volume":"48","author":"LJ Kirsch","year":"2002","unstructured":"Kirsch, L. J., Sambamurthy, V., Ko, D.-G., & Purvis, R. L. (2002). Controlling information systems development projects: The view from the client. Management Science, 48(4), 484\u2013498.","journal-title":"Management Science"},{"issue":"1","key":"10113_CR47","doi-asserted-by":"publisher","first-page":"171","DOI":"10.5465\/amr.2009.35713355","volume":"34","author":"T Kostova","year":"2009","unstructured":"Kostova, T., Roth, K., & Dacin, M. T. (2009). Theorizing on MNCs: A promise for institutional theory. Academy of Management Review, 34(1), 171\u2013173.","journal-title":"Academy of Management Review"},{"key":"10113_CR48","doi-asserted-by":"publisher","unstructured":"Kweon, E., Lee, H., Chai, S., & Yoo, K. (2019). The utility of information security training and education on cybersecurity incidents: An empirical evidence. Information Systems Frontiers.\u00a0https:\/\/doi.org\/10.1007\/s10796-019-09977-z.","DOI":"10.1007\/s10796-019-09977-z"},{"issue":"3","key":"10113_CR49","doi-asserted-by":"publisher","first-page":"710","DOI":"10.5465\/amr.2008.32465742","volume":"33","author":"D Lange","year":"2008","unstructured":"Lange, D. (2008). A multidimensional conceptualization of organizational corruption control. Academy of Management Review, 33(3), 710\u2013729.","journal-title":"Academy of Management Review"},{"issue":"6","key":"10113_CR50","doi-asserted-by":"publisher","first-page":"707","DOI":"10.1016\/j.im.2003.08.008","volume":"41","author":"SM Lee","year":"2004","unstructured":"Lee, S. M., Lee, S.-G., & Yoo, S. (2004). An integrative model of computer abuse based on social control and general deterrence theories. Information & Management, 41(6), 707\u2013718.","journal-title":"Information & Management"},{"issue":"4","key":"10113_CR51","first-page":"643","volume":"34","author":"DW Lehman","year":"2009","unstructured":"Lehman, D. W., & Ramanujam, R. (2009). Selectivity in organizational rule violations. Academy of Management Review, 34(4), 643\u2013657.","journal-title":"Academy of Management Review"},{"issue":"1","key":"10113_CR52","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1016\/j.im.2003.12.008","volume":"42","author":"LNK Leonard","year":"2004","unstructured":"Leonard, L. N. K., Cronan, T. P., & Kreie, J. (2004). What influences IT ethical behavior intentions\u2014planned behavior, reasoned action, perceived importance, or individual characteristics? Information & Management, 42(1), 143\u2013158.","journal-title":"Information & Management"},{"issue":"4","key":"10113_CR53","doi-asserted-by":"publisher","first-page":"635","DOI":"10.1016\/j.dss.2009.12.005","volume":"48","author":"H Li","year":"2010","unstructured":"Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635\u2013645.","journal-title":"Decision Support Systems"},{"issue":"1","key":"10113_CR54","doi-asserted-by":"publisher","first-page":"153","DOI":"10.2753\/MIS0742-1222300105","volume":"30","author":"PB Lowry","year":"2012","unstructured":"Lowry, P. B., Moody, G., Galletta, D., & Vance, A. (2012). The drivers in the use of online whistle-blowing reporting systems. Journal of Management Information Systems, 30(1), 153\u2013189.","journal-title":"Journal of Management Information Systems"},{"key":"10113_CR55","volume-title":"Organizations","author":"JG March","year":"1958","unstructured":"March, J. G., & Simon, H. A. (1958). Organizations. New York: Wiley."},{"issue":"4","key":"10113_CR56","first-page":"1255","volume":"42","author":"ML Markus","year":"2018","unstructured":"Markus, M. L., & Rowe, F. (2018). Is IT changing the world? Conceptions of causality for information systems theorizing. MIS Quarterly, 42(4), 1255\u20131280.","journal-title":"MIS Quarterly"},{"issue":"2","key":"10113_CR57","doi-asserted-by":"publisher","first-page":"276","DOI":"10.3758\/s13415-014-0324-5","volume":"15","author":"KE Marsden","year":"2015","unstructured":"Marsden, K. E., Ma, W. J., Deci, E. L., Ryan, R. M., & Chiu, P. H. (2015). Diminished neural responses predict enhanced intrinsic motivation and sensitivity to external incentive. Cognitive, Affective, & Behavioral Neuroscience, 15(2), 276\u2013286.","journal-title":"Cognitive, Affective, & Behavioral Neuroscience"},{"issue":"4","key":"10113_CR58","doi-asserted-by":"publisher","first-page":"1203","DOI":"10.1080\/07421222.2017.1394083","volume":"34","author":"P Menard","year":"2017","unstructured":"Menard, P., Bott, G. J., & Crossler, R. E. (2017). User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems, 34(4), 1203\u20131230.","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"10113_CR59","first-page":"112","volume":"144","author":"EK Miller","year":"2015","unstructured":"Miller, E. K., & Buschman, T. J. (2015). Working memory capacity: Limits on the bandwidth of cognition. D\u00e6dalus, 144(1), 112\u2013122.","journal-title":"D\u00e6dalus"},{"issue":"2","key":"10113_CR60","doi-asserted-by":"publisher","first-page":"324","DOI":"10.1287\/isre.2016.0619","volume":"27","author":"GD Moody","year":"2016","unstructured":"Moody, G. D., Kirsch, L. J., Slaughter, S. A., Dunn, B. K., & Weng, Q. (2016). Facilitating the transformational: An exploration of control in cyberinfrastructure projects and the discovery of field control. Information Systems Research, 27(2), 324\u2013346.","journal-title":"Information Systems Research"},{"issue":"1","key":"10113_CR61","first-page":"147","volume":"42","author":"F Mwagwabi","year":"2018","unstructured":"Mwagwabi, F., McGill, T., & Dixon, M. (2018). Short-term and long-term effects of fear appeals in improving compliance with password guidelines. Communications of the AIS, 42(1), 147\u2013182.","journal-title":"Communications of the AIS"},{"issue":"2","key":"10113_CR62","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1057\/ejis.2009.10","volume":"18","author":"L Myyry","year":"2009","unstructured":"Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., & Vance, A. (2009). What levels of moral reasoning and values explain adherence to information security rules? An empirical study. European Journal of Information Systems, 18(2), 126\u2013139.","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"10113_CR63","doi-asserted-by":"publisher","first-page":"815","DOI":"10.1016\/j.dss.2008.11.010","volume":"46","author":"B-Y Ng","year":"2009","unstructured":"Ng, B.-Y., Kankanhalli, A., & Xu, Y. C. (2009). Studying users\u2019 computer security behavior: A health belief perspective. Decision Support Systems, 46(4), 815\u2013825.","journal-title":"Decision Support Systems"},{"issue":"1","key":"10113_CR64","doi-asserted-by":"publisher","first-page":"95","DOI":"10.2307\/2391748","volume":"22","author":"WG Ouchi","year":"1977","unstructured":"Ouchi, W. G. (1977). The relationship between organizational structure and organizational control. Administrative Science Quarterly, 22(1), 95\u2013113.","journal-title":"Administrative Science Quarterly"},{"issue":"9","key":"10113_CR65","doi-asserted-by":"publisher","first-page":"833","DOI":"10.1287\/mnsc.25.9.833","volume":"25","author":"WG Ouchi","year":"1979","unstructured":"Ouchi, W. G. (1979). A conceptual framework for the design of organizational control mechanisms. Management Science, 25(9), 833\u2013848.","journal-title":"Management Science"},{"issue":"4","key":"10113_CR66","doi-asserted-by":"publisher","first-page":"559","DOI":"10.2307\/2392023","volume":"20","author":"WG Ouchi","year":"1975","unstructured":"Ouchi, W. G., & Maguire, M. A. (1975). Organizational control: Two functions. Administrative Science Quarterly, 20(4), 559\u2013569.","journal-title":"Administrative Science Quarterly"},{"issue":"6","key":"10113_CR67","doi-asserted-by":"publisher","first-page":"486","DOI":"10.1016\/j.cose.2011.05.002","volume":"30","author":"C Posey","year":"2011","unstructured":"Posey, C., Bennett, R. J., & Roberts, T. L. (2011a). Understanding the mindset of the abusive insider: An examination of insiders\u2019 causal reasoning following internal security changes. Computers & Security, 30(6), 486\u2013497.","journal-title":"Computers & Security"},{"issue":"1","key":"10113_CR68","first-page":"24","volume":"7","author":"C Posey","year":"2011","unstructured":"Posey, C., Bennett, R. J., Roberts, T. L., & Lowry, P. B. (2011b). When computer monitoring backfires: Privacy invasions and organizational injustice as precursors to computer abuse. Journal of Information Systems Security, 7(1), 24\u201347.","journal-title":"Journal of Information Systems Security"},{"issue":"5","key":"10113_CR69","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1016\/j.im.2014.03.009","volume":"51","author":"C Posey","year":"2014","unstructured":"Posey, C., Roberts, T. L., Lowry, P. B., & Hightower, R. T. (2014). Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & Management, 51(5), 551\u2013567.","journal-title":"Information & Management"},{"issue":"4","key":"10113_CR70","doi-asserted-by":"publisher","first-page":"757","DOI":"10.2307\/25750704","volume":"34","author":"P Puhakainen","year":"2010","unstructured":"Puhakainen, P., & Siponen, M. (2010). Improving employees\u2019 compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757\u2013778.","journal-title":"MIS Quarterly"},{"key":"10113_CR71","volume-title":"Intrinsic motivation and self-determination in human behavior","author":"RM Ryan","year":"1985","unstructured":"Ryan, R. M., & Deci, E. L. (1985). Intrinsic motivation and self-determination in human behavior. New York: Plenum Press."},{"issue":"1","key":"10113_CR72","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1037\/0003-066X.55.1.68","volume":"55","author":"RM Ryan","year":"2000","unstructured":"Ryan, R. M., & Deci, E. L. (2000). Self-determination theory and the facilitation of intrinsic motivation, social development, and well-being. American Psychologist, 55(1), 68\u201378.","journal-title":"American Psychologist"},{"issue":"3","key":"10113_CR73","doi-asserted-by":"publisher","first-page":"723","DOI":"10.1080\/07421222.2020.1790187","volume":"37","author":"SW Schuetz","year":"2020","unstructured":"Schuetz, S. W., Lowry, P. B., Pienta, D. A., & Thatcher, J. B. (2020). The effectivness of abstract versus concrete fear appeals in information security. Journal of Management Information Systems, 37(3), 723\u2013757.","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"10113_CR74","doi-asserted-by":"publisher","first-page":"487","DOI":"10.2307\/25750688","volume":"34","author":"M Siponen","year":"2010","unstructured":"Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487\u2013502.","journal-title":"MIS Quarterly"},{"issue":"7","key":"10113_CR75","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","volume":"48","author":"J-Y Son","year":"2011","unstructured":"Son, J.-Y. (2011). Out of fear or desire? Toward a better understanding of employees\u2019 motivation to follow IS security policies. Information & Management, 48(7), 296\u2013302.","journal-title":"Information & Management"},{"issue":"3","key":"10113_CR76","doi-asserted-by":"publisher","first-page":"503","DOI":"10.2307\/25750689","volume":"34","author":"JL Spears","year":"2010","unstructured":"Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503\u2013522.","journal-title":"MIS Quarterly"},{"issue":"4","key":"10113_CR77","doi-asserted-by":"publisher","first-page":"441","DOI":"10.2307\/249551","volume":"22","author":"D Straub","year":"1998","unstructured":"Straub, D., & Welke, R. (1998). Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22(4), 441\u2013469.","journal-title":"MIS Quarterly"},{"issue":"3","key":"10113_CR78","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1287\/isre.1.3.255","volume":"1","author":"DW Straub","year":"1990","unstructured":"Straub, D. W. (1990). Effective IS security: An empirical study. Information Systems Research, 1(3), 255\u2013276.","journal-title":"Information Systems Research"},{"issue":"1","key":"10113_CR79","doi-asserted-by":"publisher","first-page":"45","DOI":"10.2307\/249307","volume":"14","author":"DWJ Straub","year":"1990","unstructured":"Straub, D. W. J., & Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: A field study. MIS Quarterly, 14(1), 45\u201360.","journal-title":"MIS Quarterly"},{"issue":"6","key":"10113_CR80","doi-asserted-by":"publisher","first-page":"664","DOI":"10.2307\/2089195","volume":"22","author":"G Sykes","year":"1957","unstructured":"Sykes, G., & Matza, D. (1957). Techniques of neutralization: A theory of delinquency. American Sociological Review, 22(6), 664\u2013670.","journal-title":"American Sociological Review"},{"issue":"1","key":"10113_CR81","doi-asserted-by":"publisher","first-page":"1265","DOI":"10.1007\/s10796-019-09956-4","volume":"21","author":"S Trang","year":"2019","unstructured":"Trang, S., & Brendel, B. (2019). A meta-analysis of deterrence theory in information security policy compliance research. Information Systems Frontiers, 21(1), 1265\u20131284.","journal-title":"Information Systems Frontiers"},{"key":"10113_CR82","doi-asserted-by":"publisher","DOI":"10.7591\/9781501737985","volume-title":"Occupational subcultures in the workplace","author":"H Trice","year":"1993","unstructured":"Trice, H. (1993). Occupational subcultures in the workplace. Ithaca: ILR Press."},{"issue":"4","key":"10113_CR83","doi-asserted-by":"publisher","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","volume":"29","author":"JF Van Niekerk","year":"2010","unstructured":"Van Niekerk, J. F., & Von Solms, R. (2010). Information security culture: A management perspective. Computers & Security, 29(4), 476\u2013486.","journal-title":"Computers & Security"},{"issue":"1","key":"10113_CR84","doi-asserted-by":"publisher","first-page":"21","DOI":"10.4018\/joeuc.2012010102","volume":"24","author":"A Vance","year":"2012","unstructured":"Vance, A., & Siponen, M. (2012). IS security policy violations: A rational choice perspective. Journal of Organizational and End User Computing, 24(1), 21\u201341.","journal-title":"Journal of Organizational and End User Computing"},{"issue":"3","key":"10113_CR85","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1016\/j.im.2012.04.002","volume":"49","author":"A Vance","year":"2012","unstructured":"Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3), 190\u2013198.","journal-title":"Information & Management"},{"key":"10113_CR86","volume-title":"Work and Motivation","author":"VH Vroom","year":"1964","unstructured":"Vroom, V. H. (1964). Work and Motivation. Oxford: Wiley."},{"issue":"1","key":"10113_CR87","first-page":"277","volume":"41","author":"JD Wall","year":"2017","unstructured":"Wall, J. D., & Buche, M. W. (2017). To fear or not to fear? A critical review and analysis of fear appeals in the information security context. Communications of the AIS, 41(1), 277\u2013300.","journal-title":"Communications of the AIS"},{"issue":"1","key":"10113_CR88","doi-asserted-by":"publisher","first-page":"39","DOI":"10.17705\/1jais.00420","volume":"17","author":"JD Wall","year":"2016","unstructured":"Wall, J. D., Lowry, P. B., & Barlow, J. B. (2016). Organizational violations of externally governed privacy and security rules: Explaining and predicting selective violations under conditions of strain and excess. Journal of the Association for Information Systems, 17(1), 39\u201376.","journal-title":"Journal of the Association for Information Systems"},{"key":"10113_CR89","doi-asserted-by":"crossref","unstructured":"Wall, J. D., & Palvia, P. (2021). Understanding employees\u2019 information security identities: An interpretive narrative approach. Information Technology & People, forthcoming.","DOI":"10.1108\/ITP-04-2020-0197"},{"issue":"4","key":"10113_CR90","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1080\/15536548.2013.10845690","volume":"9","author":"JD Wall","year":"2013","unstructured":"Wall, J. D., Palvia, P., & Lowry, P. B. (2013). Control-related motivations and information security policy compliance: The role of autonomy and efficacy. Journal of Information Privacy and Security, 9(4), 52\u201379.","journal-title":"Journal of Information Privacy and Security"},{"issue":"SI","key":"10113_CR91","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1145\/3210530.3210536","volume":"49","author":"JD Wall","year":"2018","unstructured":"Wall, J. D., & Singh, R. (2018). The Organization Man and the Innovator: Theoretical archetypes to information behavioral information security research. The Data Base for Advances in Information Systems, 49(SI), 67\u201380.","journal-title":"The Data Base for Advances in Information Systems"},{"issue":"8","key":"10113_CR92","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2019.03.002","volume":"56","author":"JD Wall","year":"2019","unstructured":"Wall, J. D., & Warkentin, M. (2019). Perceived argument quality\u2019s effect on threat and coping appraisals in fear appeals: An experiment and exploration of realism check heuristics. Information & Management, 56(8), 1\u201313.","journal-title":"Information & Management"},{"issue":"1","key":"10113_CR93","doi-asserted-by":"publisher","first-page":"1","DOI":"10.25300\/MISQ\/2013\/37.1.01","volume":"37","author":"R Willison","year":"2013","unstructured":"Willison, R., & Warkentin, M. (2013). Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37(1), 1\u201320.","journal-title":"MIS Quarterly"},{"issue":"2","key":"10113_CR94","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1111\/isj.12129","volume":"28","author":"R Willison","year":"2018","unstructured":"Willison, R., Warkentin, M., & Johnston, A. C. (2018). Examining employee computer abuse intentions: Insights from justice, deterrence, and neutralization perspectives. Information Systems Journal, 28(2), 266\u2013293.","journal-title":"Information Systems Journal"},{"issue":"2","key":"10113_CR95","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1287\/isre.1090.0266","volume":"22","author":"Y Xue","year":"2011","unstructured":"Xue, Y., Liang, H., & Wu, L. (2011). Punishment, justice, and compliance in mandatory IT settings. Information Systems Research, 22(2), 400\u2013414.","journal-title":"Information Systems Research"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-021-10113-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10796-021-10113-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-021-10113-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,8]],"date-time":"2022-07-08T07:30:40Z","timestamp":1657265440000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10796-021-10113-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,9]]},"references-count":95,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["10113"],"URL":"https:\/\/doi.org\/10.1007\/s10796-021-10113-z","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,9]]},"assertion":[{"value":"31 January 2021","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 February 2021","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}