{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T07:49:55Z","timestamp":1775202595060,"version":"3.50.1"},"reference-count":71,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2019,10,14]],"date-time":"2019-10-14T00:00:00Z","timestamp":1571011200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,10,14]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>Understanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization\u2019s cybersecurity program. This study aims to explore how the 7Ps (product, price, promotion, place, physical evidence, process and people) marketing mix, as part of an internal social marketing approach, can be used to gain an understanding of employees\u2019 interactions within an organization\u2019s cybersecurity environment. This understanding could inform the design of servicescapes and behavioral infrastructure to promote and maintain cybersecurity compliance.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>This study adopted an inductive qualitative approach using in-depth interviews with employees in several Vietnamese organizations. Discussions were centered on employee experiences and their perceptions of cybersecurity initiatives, as well as the impact of initiatives on compliance behavior. Responses were then categorized under the 7Ps marketing mix framework.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The study shows that assessing a cybersecurity program using the 7P mix enables the systematic capture of users\u2019 security compliance and acceptance of IT systems. Additionally, understanding the interactions between system elements permits the design of behavioral infrastructure to enhance security efforts. Results also show that user engagement is essential in developing secure systems. User engagement requires developing shared objectives, localized communications, co-designing of efficient processes and understanding the \u201cpain points\u201d of security compliance. The knowledge developed from this research provides a framework for those managing cybersecurity systems and enables the design human-centered systems conducive to compliance.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The study is one of the first to use a cross-disciplinary social marketing approach to examine how employees experience and comply with security initiatives. Previous studies have mostly focused on determinants of compliance behavior without providing a clear platform for management action. Internal social marketing using 7Ps provides a simple but innovative approach to reexamine existing compliance approaches. Findings from the study could leverage proven successful marketing techniques to promote security compliance.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2019-0023","type":"journal-article","created":{"date-parts":[[2019,10,22]],"date-time":"2019-10-22T06:26:08Z","timestamp":1571725568000},"page":"133-159","source":"Crossref","is-referenced-by-count":15,"title":["Enhancing cyber security behavior: an internal social marketing approach"],"prefix":"10.1108","volume":"28","author":[{"given":"Hiep Cong","family":"Pham","sequence":"first","affiliation":[]},{"given":"Linda","family":"Brennan","sequence":"additional","affiliation":[]},{"given":"Lukas","family":"Parker","sequence":"additional","affiliation":[]},{"given":"Nhat Tram","family":"Phan-Le","sequence":"additional","affiliation":[]},{"given":"Irfan","family":"Ulhaq","sequence":"additional","affiliation":[]},{"given":"Mathews Zanda","family":"Nkhoma","sequence":"additional","affiliation":[]},{"given":"Minh","family":"Nhat Nguyen","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"issue":"2","key":"key2022100513442021900_ref001","first-page":"77","article-title":"An application of services marketing mix framework: how do retailers communicate information on their sales receipts?","volume":"4","year":"2012","journal-title":"Business Studies Journal"},{"key":"key2022100513442021900_ref002","article-title":"Cyber security awareness campaigns: why do they fail to change behaviour?","volume-title":"International Conference on Cyber Security for Sustainable Society","year":"2015"},{"issue":"5","key":"key2022100513442021900_ref003","doi-asserted-by":"crossref","first-page":"510","DOI":"10.1287\/orsc.14.5.510.16765","article-title":"From issues to actions: the importance of individual concerns and organizational values in responding to natural environmental issues","volume":"14","year":"2003","journal-title":"Organization Science"},{"issue":"4","key":"key2022100513442021900_ref004","doi-asserted-by":"crossref","first-page":"13","DOI":"10.2753\/MIS0742-1222260402","article-title":"An interdisciplinary perspective on IT services management and service science","volume":"26","year":"2010","journal-title":"Journal of Management Information Systems"},{"issue":"8","key":"key2022100513442021900_ref005","first-page":"689","article-title":"Don't even think about IT! the effects of anti neutralization, informational, and normative communication on information security compliance","volume":"19","year":"2018","journal-title":"Journal of the Association for Information Systems"},{"key":"key2022100513442021900_ref006","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1016\/j.cose.2016.02.007","article-title":"Information system security commitment: a study of external influences on senior management","volume":"59","year":"2016","journal-title":"Computers and Security"},{"issue":"3","key":"key2022100513442021900_ref007","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1177\/1524839909336329","article-title":"A social marketing approach to building a behavioral intervention for congenital cytomegalovirus","volume":"12","year":"2011","journal-title":"Health Promotion Practice"},{"key":"key2022100513442021900_ref008","volume-title":"Handbook of Qualitative Research Methods in Marketing","year":"2007"},{"issue":"4","key":"key2022100513442021900_ref009","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1002\/nvsm.280","article-title":"The nature and influence of motivation within the moa framework: implications for social marketing","volume":"11","year":"2006","journal-title":"International Journal of Nonprofit and Voluntary Sector Marketing"},{"issue":"2","key":"key2022100513442021900_ref010","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1177\/002224299205600205","article-title":"Servicescapes: the impact of physical surroundings on customers and employees","volume":"56","year":"1992","journal-title":"Journal of Marketing"},{"key":"key2022100513442021900_ref011","first-page":"47","article-title":"Marketing strategies and organizational structures for service firms","volume-title":"Marketing of Services","year":"1981","edition":"Eds"},{"issue":"2","key":"key2022100513442021900_ref012","first-page":"2","article-title":"The concept of the marketing mix","volume":"4","year":"1964","journal-title":"Journal of Advertising Research"},{"key":"key2022100513442021900_ref013","first-page":"87","article-title":"Internal social marketing, servicescapes and sustainability: a behavioural infrastructure approach","volume-title":"Innovations in Social Marketing and Public Health Communication","year":"2015","edition":"Ed."},{"key":"key2022100513442021900_ref014","first-page":"7","article-title":"Theories and their uses in social marketing","volume-title":"Social Marketing and Behaviour Change: Models, Theory and Applications","year":"2014"},{"issue":"3","key":"key2022100513442021900_ref015","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"key":"key2022100513442021900_ref016","volume-title":"Gamify: How Gamification Motivates People to Do Extraordinary Things","year":"2016"},{"key":"key2022100513442021900_ref017","first-page":"87","volume-title":"Nine Big Questions about Behaviour Change","year":"2009"},{"key":"key2022100513442021900_ref018","unstructured":"Coventry, L. Briggs, P. Blythe, J. and Tran, M. (2014), \u201cUsing behavioural insights to improve the public\u2019s use of cyber security best practices\u201d, available at: https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/309652\/14-835-cyber-security-behavioural-insights.pdf"},{"issue":"5","key":"key2022100513442021900_ref019","doi-asserted-by":"crossref","first-page":"1849","DOI":"10.1016\/j.chb.2012.05.003","article-title":"Information systems user security: a structured model of the knowing\u2013doing gap","volume":"28","year":"2012","journal-title":"Computers in Human Behavior"},{"key":"key2022100513442021900_ref020","volume-title":"The Sage Handbook of Qualitative Research","year":"2018","edition":"5th ed."},{"key":"key2022100513442021900_ref021","doi-asserted-by":"crossref","first-page":"544","DOI":"10.1016\/j.jclepro.2017.06.007","article-title":"Mindfulness and sustainable consumption: a systematic literature review of research approaches and findings","volume":"162","year":"2017","journal-title":"Journal of Cleaner Production"},{"issue":"3","key":"key2022100513442021900_ref022","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1016\/S1361-3723(12)70053-2","article-title":"Understanding the influences on information security behaviour","volume":"2012","year":"2012","journal-title":"Computer Fraud and Security"},{"issue":"9","key":"key2022100513442021900_ref023","doi-asserted-by":"crossref","first-page":"1525","DOI":"10.1108\/EJM-09-2011-0523","article-title":"Unlocking the potential of upstream social marketing","volume":"47","year":"2013","journal-title":"European Journal of Marketing"},{"issue":"4","key":"key2022100513442021900_ref024","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1108\/EUM0000000004784","article-title":"A service quality model and its marketing implications","volume":"18","year":"1984","journal-title":"European Journal of Marketing"},{"issue":"2","key":"key2022100513442021900_ref025","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1108\/08858620410523981","article-title":"The relationship marketing process: communication, interaction, dialogue, value","volume":"19","year":"2004","journal-title":"Journal of Business and Industrial Marketing"},{"issue":"11","key":"key2022100513442021900_ref026","doi-asserted-by":"crossref","first-page":"961","DOI":"10.1002\/mar.20043","article-title":"Fear appeals in social marketing: strategic and ethical reasons for concern","volume":"21","year":"2004","journal-title":"Psychology and Marketing"},{"issue":"2","key":"key2022100513442021900_ref027","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","article-title":"Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness","volume":"47","year":"2009","journal-title":"Decision Support Systems"},{"key":"key2022100513442021900_ref028","volume-title":"Big Pocket Guide to Using Social Marketing for Behaviour Change","year":"2011","edition":"Ed."},{"key":"key2022100513442021900_ref029","unstructured":"Ismail, N. (2018), \u201c10 Cyber security trends to look out for in 2019\u201d, available at:, www.information-age.com\/10-cyber-security-trends-look-2019-123463680 (accessed 20 January 2019)."},{"issue":"4","key":"key2022100513442021900_ref030","first-page":"288","article-title":"A new higher education marketing mix: the 7ps for MBA marketing","volume":"22","year":"2008","journal-title":"International Journal of Educational Management"},{"issue":"1","key":"key2022100513442021900_ref031","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1007\/s40865-018-0101-1","article-title":"Agency, self-efficacy, and desistance from crime: an application of social cognitive theory","volume":"5","year":"2019","journal-title":"Journal of Developmental and Life-Course Criminology"},{"key":"key2022100513442021900_ref032","unstructured":"Kaspersky (2018), \u201cTop 7 mobile security threats: smart phones, tablets, and mobile internet devices \u2013 what the future has in store\u201d, available at: www.kaspersky.com\/resource-center\/threats\/top-seven-mobile-security-threats-smart-phones-tablets-and-mobile-internet-devices-what-the-future-has-in-store (accessed 22 November 2018)."},{"key":"key2022100513442021900_ref033","doi-asserted-by":"crossref","first-page":"122","DOI":"10.1016\/j.cose.2015.07.002","article-title":"Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon","volume":"64","year":"2017","journal-title":"Computers and Security"},{"issue":"3","key":"key2022100513442021900_ref034","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1016\/j.jretconser.2005.08.004","article-title":"Technology readiness and the evaluation and adoption of self-service technologies","volume":"13","year":"2006","journal-title":"Journal of Retailing and Consumer Services"},{"key":"key2022100513442021900_ref035","article-title":"Enabling employees and breaking down barriers to sustainability: internal social marketing and pro-environmental behaviour","volume-title":"Research Handbook on Employee Pro-Environmental Behaviour","year":"2018"},{"issue":"5\/6","key":"key2022100513442021900_ref036","first-page":"545","article-title":"What is and what is not social marketing: the challenge of reviewing the evidence","volume":"21","year":"2005","journal-title":"Journal of Marketing Management"},{"key":"key2022100513442021900_ref037","volume-title":"Designing Qualitative Research","year":"2014"},{"issue":"6","key":"key2022100513442021900_ref038","first-page":"904","article-title":"An empirical study of information security management success factors","volume":"6","year":"2016","journal-title":"International Journal on Advanced Science"},{"key":"key2022100513442021900_ref039","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1016\/j.jisa.2019.03.012","article-title":"Information security burnout: identification of sources and mitigating factors from security demands and resources","volume":"46","year":"2019","journal-title":"Journal of Information Security and Applications"},{"key":"key2022100513442021900_ref040","first-page":"872","article-title":"Intrinsic motivators and security compliance: an internal social marketing approach","volume-title":"ANZMAC: Marketing in a Post-Disciplinary Era","year":"2016"},{"key":"key2022100513442021900_ref041","first-page":"1","article-title":"Information security and people: a conundrum for compliance","volume":"21","year":"2017","journal-title":"Australasian Journal of Information System"},{"issue":"4","key":"key2022100513442021900_ref042","doi-asserted-by":"crossref","first-page":"326","DOI":"10.1108\/ICS-10-2014-0067","article-title":"Stress-based security compliance model-an exploratory study","volume":"24","year":"2016","journal-title":"Information and Computer Security"},{"issue":"5","key":"key2022100513442021900_ref043","doi-asserted-by":"crossref","first-page":"551","DOI":"10.1016\/j.im.2014.03.009","article-title":"Bridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders","volume":"51","year":"2014","journal-title":"Information and Management"},{"key":"key2022100513442021900_ref044","first-page":"326","article-title":"The need for internal social marketing (ism): extending the people focus to service employees","volume-title":"Social Marketing: From Tunes to Symphonies","year":"2013","edition":"Eds"},{"issue":"6","key":"key2022100513442021900_ref045","doi-asserted-by":"crossref","first-page":"449","DOI":"10.1108\/08876040010347589","article-title":"Advances in the internal marketing concept: definition, synthesis and extension","volume":"14","year":"2000","journal-title":"Journal of Services Marketing"},{"issue":"1","key":"key2022100513442021900_ref046","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/s10551-015-2548-x","article-title":"Linking corporate policy and supervisory support with environmental citizenship behaviors: the role of employee environmental beliefs and commitment","volume":"137","year":"2016","journal-title":"Journal of Business Ethics"},{"issue":"8","key":"key2022100513442021900_ref047","doi-asserted-by":"crossref","first-page":"816","DOI":"10.1016\/j.cose.2009.05.008","article-title":"Self-efficacy in information security: its influence on end users\u2019 information security practice behavior","volume":"28","year":"2009","journal-title":"Computer and Security"},{"key":"key2022100513442021900_ref048","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.cose.2016.09.001","article-title":"Security knowledge representation artifacts for creating secure it systems","volume":"64","year":"2017","journal-title":"Computers and Security"},{"issue":"3","key":"key2022100513442021900_ref049","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1108\/JSOCM-02-2013-0017","article-title":"Fresh ideas: services thinking for social marketing","volume":"3","year":"2013","journal-title":"Journal of Social Marketing"},{"issue":"1","key":"key2022100513442021900_ref050","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1037\/0003-066X.55.1.68","article-title":"Self-determination theory and the facilitation of intrinsic motivation, social development, and Well-Being","volume":"55","year":"2000","journal-title":"American Psychologist"},{"key":"key2022100513442021900_ref051","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1016\/j.cose.2015.05.012","article-title":"Information security conscious care behaviour formation in organizations","volume":"53","year":"2015","journal-title":"Computers and Security"},{"key":"key2022100513442021900_ref052","doi-asserted-by":"crossref","first-page":"442","DOI":"10.1016\/j.chb.2015.12.037","article-title":"An information security knowledge sharing model in organizations","volume":"57","year":"2016","journal-title":"Computers in Human Behavior"},{"issue":"3","key":"key2022100513442021900_ref053","doi-asserted-by":"crossref","first-page":"422","DOI":"10.1080\/00207594.2012.680460","article-title":"The dark side of technologies: technostress among users of information and communication technologies","volume":"48","year":"2013","journal-title":"International Journal of Psychology"},{"key":"key2022100513442021900_ref054","volume-title":"Research Methods for Business Students","year":"2012","edition":"6th ed."},{"issue":"4","key":"key2022100513442021900_ref055","doi-asserted-by":"crossref","first-page":"415","DOI":"10.1080\/00913367.2015.1018460","article-title":"Advertising repetition: a meta-analysis on effective frequency in advertising","volume":"44","year":"2015","journal-title":"Journal of Advertising"},{"issue":"5","key":"key2022100513442021900_ref056","doi-asserted-by":"crossref","first-page":"278","DOI":"10.1177\/0886368713515965","article-title":"Impact of compensation, training and development and supervisory support on organizational commitment","volume":"45","year":"2013","journal-title":"Compensation and Benefits Review"},{"issue":"3\/4","key":"key2022100513442021900_ref057","first-page":"469","article-title":"Environmentally responsible behaviour in the workplace: an internal social marketing approach","volume":"28","year":"2012","journal-title":"Journal of Marketing Management"},{"issue":"1","key":"key2022100513442021900_ref058","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1108\/IMCS-08-2012-0045","article-title":"Variables influencing information security policy compliance: a systematic review of quantitative studies","volume":"22","year":"2014","journal-title":"Information Management and Computer Security"},{"issue":"2","key":"key2022100513442021900_ref059","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1108\/ICS-04-2014-0025","article-title":"The sufficiency of the theory of planned behavior for explaining information security policy compliance","volume":"23","year":"2015","journal-title":"Information and Computer Security"},{"issue":"3","key":"key2022100513442021900_ref060","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1108\/20426761211265168","article-title":"Some reasonable but uncomfortable questions about social marketing","volume":"2","year":"2012","journal-title":"Journal of Social Marketing"},{"issue":"2","key":"key2022100513442021900_ref061","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1108\/09654280710731548","article-title":"A systematic review of social marketing effectiveness","volume":"107","year":"2007","journal-title":"Health Education"},{"issue":"4","key":"key2022100513442021900_ref062","doi-asserted-by":"crossref","first-page":"332","DOI":"10.1177\/1524839907308152","article-title":"Developing a promotional strategy: important questions for social marketing","volume":"8","year":"2007","journal-title":"Health Promotion Practice"},{"issue":"1","key":"key2022100513442021900_ref063","first-page":"15","article-title":"Social marketing: a systematic review of research 1998-2012","volume":"20","year":"2012","journal-title":"Social Marketing Quarterly"},{"key":"key2022100513442021900_ref064","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1016\/j.cose.2015.04.006","article-title":"Analyzing the role of cognitive and cultural biases in the internalization of information security policies: recommendations for information security awareness programs","volume":"52","year":"2015","journal-title":"Computers and Security"},{"issue":"3","key":"key2022100513442021900_ref065","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1177\/1094670510375599","article-title":"Customer engagement behavior: theoretical foundations and research directions","volume":"13","year":"2010","journal-title":"Journal of Service Research"},{"issue":"4","key":"key2022100513442021900_ref066","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","article-title":"Information security culture: a management perspective","volume":"29","year":"2010","journal-title":"Computers and Security"},{"key":"key2022100513442021900_ref067","article-title":"The it security adoption conundrum: an initial step towards validation of applicable measures","volume-title":"Proceedings of the 13th Americas Conference on Information Systems","year":"2007"},{"issue":"2","key":"key2022100513442021900_ref068","first-page":"127","article-title":"Revisiting social marketing mix: a socio-cultural perspective","volume":"14","year":"2014","journal-title":"Journal of Services Research"},{"key":"key2022100513442021900_ref069","article-title":"What is social marketing","year":"2006","journal-title":"Weinreich Communications, 2018"},{"issue":"2","key":"key2022100513442021900_ref070","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1111\/isj.12129","article-title":"Examining employee computer abuse intentions: insights from justice, deterrence and neutralization perspectives","volume":"28","year":"2018","journal-title":"Information Systems Journal"},{"issue":"1","key":"key2022100513442021900_ref071","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1177\/0092070300281007","article-title":"Service quality, profitability, and the economic worth of customers: what we know and what we need to learn","volume":"28","year":"2000","journal-title":"Journal of the Academy of Marketing Science"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0023\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0023\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:37Z","timestamp":1753406557000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/28\/2\/133-159\/105001"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10,14]]},"references-count":71,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,10,14]]}},"alternative-id":["10.1108\/ICS-01-2019-0023"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2019-0023","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,10,14]]}}}