{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T01:22:17Z","timestamp":1762305737832,"version":"build-2065373602"},"reference-count":19,"publisher":"Emerald","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,6,13]]},"abstract":"<jats:sec>\n                    <jats:title>Purpose<\/jats:title>\n                    <jats:p>This study aims to replicate and assess the applicability and generalizability of Bulgurcu et\u00a0al.'s (2010) information security policy compliance model to participants from Ethiopia, focusing on understanding compliance behavior with information security policies (ISPs).<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Design\/methodology\/approach<\/jats:title>\n                    <jats:p>The study replicates Bulgurcu et\u00a0al.\u2019s (2010) research methodology. They empirically tested their model using data collected through a survey of 464 employees from a diverse set of organizations in the United States. In this study, the authors used a self-administered survey approach to collect data from 318 valid responses from university students in Ethiopia. The structural equation modeling technique with SmartPLS 4.0 is used to test hypotheses derived from the original model.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Findings<\/jats:title>\n                    <jats:p>The replication results confirm most of the hypotheses from the original study, indicating that their model is generalizable to the Ethiopian population. However, the study also identifies differences between the original and replicated results, suggesting potential cultural variations requiring further examination.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Originality\/value<\/jats:title>\n                    <jats:p>This study contributes to the literature by replicating and extending the original study\u2019s findings in a different cultural context, namely Ethiopia. It highlights the importance of understanding compliance behavior with ISPs across diverse populations and emphasizes the need for future replication studies to explore the impact of culture on intention toward information security behavior.<\/jats:p>\n                  <\/jats:sec>","DOI":"10.1108\/ics-03-2024-0066","type":"journal-article","created":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T11:25:14Z","timestamp":1732706714000},"page":"408-426","source":"Crossref","is-referenced-by-count":0,"title":["Information security policy compliance: a replication study in Ethiopia"],"prefix":"10.1108","volume":"33","author":[{"given":"Berhanu","family":"Aebissa","sequence":"first","affiliation":[{"name":"Addis Ababa University School of Information Science, , Addis Ababa, and , Debre Berhan,","place":["Ethiopia Ethiopia"]},{"name":"Debre Berhan University School of Information Science, , Addis Ababa, and , Debre Berhan,","place":["Ethiopia Ethiopia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gurpreet","family":"Dhillon","sequence":"additional","affiliation":[{"name":"University of North Texas Department of ITDS, , Denton, Texas,","place":["USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Million","family":"Meshesha","sequence":"additional","affiliation":[{"name":"Addis Ababa University School of Information Science, , Addis Ababa,","place":["Ethiopia"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2024,11,29]]},"reference":[{"issue":"2","key":"2025110420183147600_ref001","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/0749-5978(91)90020-T","article-title":"The theory of planned behavior","volume":"50","author":"Ajzen","year":"1991","journal-title":"Organizational Behavior and Human Decision Processes"},{"key":"2025110420183147600_ref002","first-page":"3","article-title":"Predicting and changing behavior: a reasoned action approach","volume-title":"Prediction and Change of Health Behavior: Applying the Reasoned Action Approach","author":"Albarracin","year":"2007"},{"issue":"4","key":"2025110420183147600_ref003","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1287\/isre.13.4.416.71","article-title":"Potential research space in MIS: a framework for envisioning and evaluating research replication, extension, and generation","volume":"13","author":"Berthon","year":"2002","journal-title":"Information Systems Research"},{"issue":"3","key":"2025110420183147600_ref004","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"article-title":"Information security control resources in organizations: a multidimensional view and their key drivers","year":"2009","author":"Cavusoglu","key":"2025110420183147600_ref005"},{"key":"2025110420183147600_ref006","doi-asserted-by":"crossref","first-page":"1","DOI":"10.17705\/1atrr.00001","article-title":"A replication manifesto","volume":"1","author":"Dennis","year":"2015","journal-title":"AIS Transactions on Replication Research"},{"issue":"2","key":"2025110420183147600_ref007","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","article-title":"Current directions in is security research: towards socio-organizational perspectives","volume":"11","author":"Dhillon","year":"2001","journal-title":"Information Systems Journal"},{"volume-title":"Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research","year":"1975","author":"Fishbein","key":"2025110420183147600_ref008"},{"issue":"1","key":"2025110420183147600_ref009","first-page":"5","article-title":"A practical guide to factorial validity using PLS-Graph: tutorial and annotated example","volume":"16","author":"Gefen","year":"2005","journal-title":"Communications of the Association for Information Systems"},{"issue":"1","key":"2025110420183147600_ref010","first-page":"7","article-title":"Structural equation modeling and regression: guidelines for research practice","volume":"4","author":"Gefen","year":"2000","journal-title":"Communications of the Association for Information Systems"},{"issue":"1","key":"2025110420183147600_ref011","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1108\/EBR-11-2018-0203","article-title":"When to use and how to report the results of PLS-SEM","volume":"31","author":"Hair","year":"2019","journal-title":"European Business Review"},{"issue":"2","key":"2025110420183147600_ref012","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: a framework for security policy compliance in organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025110420183147600_ref013","article-title":"Sharing confidential information and privacy calculus","volume":"18","author":"Kaur","year":"2022","journal-title":"Journal of Information Systems Security"},{"key":"2025110420183147600_ref014","first-page":"103","article-title":"The last line of defense: motivating employees to follow corporate security guidelines","author":"Kirsch","year":"2007"},{"key":"2025110420183147600_ref015","first-page":"156b","article-title":"Employees\u2019 behavior towards is security policy compliance","author":"Pahnila","year":"2007"},{"key":"2025110420183147600_ref016","doi-asserted-by":"crossref","DOI":"10.4324\/9780203994627","volume-title":"The Logic of Scientific Discovery","author":"Popper","year":"2005"},{"volume-title":"SmartPLS 4","year":"2022","author":"Ringle","key":"2025110420183147600_ref017"},{"key":"2025110420183147600_ref018","volume-title":"Diffusion of Innovations","author":"Rogers","year":"2003","edition":"5th ed"},{"issue":"1","key":"2025110420183147600_ref019","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1111\/joop.12042","article-title":"Student-recruited samples in organizational research: a review, analysis, and guidelines for future research","volume":"87","author":"Wheeler","year":"2014","journal-title":"Journal of Occupational and Organizational Psychology"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-03-2024-0066\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/33\/3\/408\/9745426\/ics-03-2024-0066.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/33\/3\/408\/9745426\/ics-03-2024-0066.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T01:18:41Z","timestamp":1762305521000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ics\/article\/33\/3\/408\/1249858\/Information-security-policy-compliance-a"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,29]]},"references-count":19,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6,13]]}},"URL":"https:\/\/doi.org\/10.1108\/ics-03-2024-0066","relation":{},"ISSN":["2056-4961","2056-497X"],"issn-type":[{"type":"print","value":"2056-4961"},{"type":"electronic","value":"2056-497X"}],"subject":[],"published":{"date-parts":[[2024,11,29]]}}}