{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T01:06:04Z","timestamp":1773277564108,"version":"3.50.1"},"reference-count":193,"publisher":"Emerald","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,6,8]]},"abstract":"<jats:sec>\n                  <jats:title>Purpose<\/jats:title>\n                  <jats:p>The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and the way in which the suggested support has been brought about.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Design\/methodology\/approach<\/jats:title>\n                  <jats:p>The results are based on a literature review of ISP management research published between 1990 and 2017.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Findings<\/jats:title>\n                  <jats:p>Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Research limitations\/implications<\/jats:title>\n                  <jats:p>Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Practical implications<\/jats:title>\n                  <jats:p>The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners.<\/jats:p>\n               <\/jats:sec>\n               <jats:sec>\n                  <jats:title>Originality\/value<\/jats:title>\n                  <jats:p>Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.<\/jats:p>\n               <\/jats:sec>","DOI":"10.1108\/ics-07-2019-0079","type":"journal-article","created":{"date-parts":[[2020,1,23]],"date-time":"2020-01-23T06:11:47Z","timestamp":1579759907000},"page":"215-259","source":"Crossref","is-referenced-by-count":10,"title":["The hunt for computerized support in information security policy management"],"prefix":"10.1108","volume":"28","author":[{"given":"Elham","family":"Rostami","sequence":"first","affiliation":[{"name":"Orebro Universitet Handelshogskolan Department of Informatics, , Orebro,","place":["Sweden"]}]},{"given":"Fredrik","family":"Karlsson","sequence":"additional","affiliation":[{"name":"\u00d6rebro University School of Business, , \u00d6rebro,","place":["Sweden"]}]},{"given":"Ella","family":"Kolkowska","sequence":"additional","affiliation":[{"name":"\u00d6rebro University School of Business, , \u00d6rebro,","place":["Sweden"]}]}],"member":"140","published-online":{"date-parts":[[2020,1,8]]},"reference":[{"issue":"1","key":"2025081309504754200_ref001","article-title":"Information security policies and their relationship with the effectiveness of the management information systems of major Palestinian universities in the Gaza Strip","volume":"15","author":"Abdelwahed","year":"2016","journal-title":"International Journal of Information Science and Management (IJISM)"},{"key":"2025081309504754200_ref002","volume-title":"Investigating Continuous Security Compliance Behavior: Insights from Information Systems Continuance Model","author":"Abed","year":"2016"},{"key":"2025081309504754200_ref003","volume-title":"The Role of Conflict Resolution in Designing and Implementing Information Security Policies: An Institutional Perspective","author":"Abraham","year":"2011"},{"key":"2025081309504754200_ref004","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1145\/322796.322806","article-title":"Users are not the enemy","volume":"42","author":"Adams","year":"1999","journal-title":"Communication of the ACM"},{"key":"2025081309504754200_ref005","unstructured":"Albors, J.\n           (2016), \u201cApplication not compatible\u2019: Bayrob may be stealing your info [online]\u201d, welivesecurity: ESET, available at: www.welivesecurity.com\/2016\/01\/28\/application-not-compatible-bayrob-may-be-stealing-your-info\/ (accessed 1 May 2018)."},{"key":"2025081309504754200_ref006","doi-asserted-by":"crossref","DOI":"10.1145\/1940976.1940991","article-title":"Information security policy in small education organization","volume-title":"2009 Information Security Curriculum Development Conference","author":"Al-Hamdani","year":"2009"},{"key":"2025081309504754200_ref007","doi-asserted-by":"crossref","DOI":"10.1109\/CCC.2016.28","article-title":"Management attitudes toward information security in Omani public sector organisations","volume-title":"2016 Cybersecurity and Cyberforensics Conference (CCC)","author":"Al-Izki","year":"2016"},{"issue":"1","key":"2025081309504754200_ref008","doi-asserted-by":"crossref","first-page":"102","DOI":"10.1108\/ICS-03-2014-0018","article-title":"An examination of factors that influence the number of information security policy violations in Qatari organizations","volume":"23","author":"Al-Mukahal","year":"2015","journal-title":"Information and Computer Security"},{"key":"2025081309504754200_ref009","volume-title":"Mismatched Understanding of is Security Policy: A Repgrid Analysis","author":"Almusharraf","year":"2015"},{"key":"2025081309504754200_ref010","doi-asserted-by":"crossref","DOI":"10.1109\/ICITST.2016.7856729","article-title":"Information security policies: a review of challenges and influencing factors","volume-title":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","author":"Alotaibi","year":"2016"},{"key":"2025081309504754200_ref011","article-title":"What matters most among human factors to comply with organisations information security policy","author":"Arif","year":"2011"},{"key":"2025081309504754200_ref012","doi-asserted-by":"crossref","first-page":"328","DOI":"10.1108\/09685221011095245","article-title":"Human-related problems of information security in East African cross-cultural environments","volume":"18","author":"Asai","year":"2010","journal-title":"Information Management and Computer Security"},{"key":"2025081309504754200_ref013","article-title":"Do it or ELSE! Exploring the effectiveness of deterrence on employee compliance with information security policies","author":"Aurigemma","year":"2014"},{"key":"2025081309504754200_ref014","doi-asserted-by":"crossref","first-page":"218","DOI":"10.1016\/j.cose.2017.02.006","article-title":"Privilege or procedure: evaluating the effect of employee status on intent to comply with socially interactive information security threats and controls","volume":"66","author":"Aurigemma","year":"2017","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref015","doi-asserted-by":"crossref","DOI":"10.1108\/ICS-11-2016-0089","article-title":"Deterrence and punishment experience impacts on ISP compliance attitudes","author":"Aurigemma","year":"2017","journal-title":"Information and Computer Security"},{"key":"2025081309504754200_ref016","volume-title":"Is Security Menace: When Security Creates Insecurity","author":"Balozian","year":"2016"},{"issue":"5\/6","key":"2025081309504754200_ref017","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1108\/09576050210447019","article-title":"An information security meta-policy for emergent organizations","volume":"15","author":"Baskerville","year":"2002","journal-title":"Logistics Information Management"},{"issue":"3","key":"2025081309504754200_ref018","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1145\/3130515.3130519","article-title":"From information security awareness to reasoned compliant action: analyzing information security policy compliance in a large banking organization","volume":"48","author":"Bauer","year":"2017","journal-title":"ACM SIGMIS Database: The DATABASE for Advances in Information Systems"},{"key":"2025081309504754200_ref019","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1016\/j.cose.2017.04.009","article-title":"Prevention is better than cure! Designing information security awareness programs to overcome users' non-compliance with information security policies in banks","volume":"68","author":"Bauer","year":"2017","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref020","first-page":"28","article-title":"Compliance with information security policies in the slovene insurance sector","author":"Bernik","year":"2016"},{"issue":"19","key":"2025081309504754200_ref021","doi-asserted-by":"crossref","DOI":"10.17485\/ijst\/2016\/v9i19\/90133","article-title":"Design a resilient network infrastructure security policy framework","volume":"9","author":"Bhardwaj","year":"2016","journal-title":"Indian Journal of Science and Technology"},{"key":"2025081309504754200_ref022","first-page":"13","article-title":"The multimethod approach and its promise","volume":"175","author":"Brewer","year":"1989","journal-title":"Multimethod Research: A Synthesis of Styles"},{"key":"2025081309504754200_ref023","first-page":"419","article-title":"Roles of information security awareness and perceived fairness in information security policy compliance","author":"Bulgurcu","year":"2009"},{"key":"2025081309504754200_ref024","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1109\/CSE.2009.484","article-title":"Effects of individual and organization based beliefs and the moderating role of work experience on insiders' good security behaviors","volume-title":"2009 International Conference on Computational Science and Engineering","author":"Bulgurcu","year":"2009"},{"issue":"3","key":"2025081309504754200_ref025","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"key":"2025081309504754200_ref026","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1007\/978-3-319-31510-2_29","article-title":"Persuasive information security: techniques to help employees protect organizational information security","volume-title":"International Conference on Persuasive Technology","author":"Busch","year":"2016"},{"key":"2025081309504754200_ref027","doi-asserted-by":"crossref","DOI":"10.1109\/CSCI.2016.0254","article-title":"Ambiguity as a barrier to information security policy compliance: a content analysis","volume-title":"2016 International Conference on Computational Science and Computational Intelligence (CSCI)","author":"Buthelezi","year":"2016"},{"issue":"2","key":"2025081309504754200_ref028","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1016\/j.ijproman.2011.05.005","article-title":"The effects of project management information systems on decision making in a multi project environment","volume":"30","author":"Cani\u00ebls","year":"2012","journal-title":"International Journal of Project Management"},{"issue":"3","key":"2025081309504754200_ref029","doi-asserted-by":"crossref","first-page":"157","DOI":"10.2753\/MIS0742-1222290305","article-title":"Organizations' information security policy compliance: stick or carrot approach?","volume":"29","author":"Chen","year":"2012","journal-title":"Journal of Management Information Systems"},{"key":"2025081309504754200_ref030","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1016\/j.cose.2013.09.009","article-title":"Understanding the violation of is security policy in organizations: an integrated model based on social control and deterrence theory","volume":"39","author":"Cheng","year":"2013","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref031","doi-asserted-by":"crossref","DOI":"10.1109\/ARES.2013.72","article-title":"A reference model of information assurance and security","volume-title":"2013 International Conference on Availability, Reliability and Security","author":"Cherdantseva","year":"2013"},{"key":"2025081309504754200_ref032","article-title":"Information security management for higher education institutions","volume":"1","author":"Cheung","year":"2014","journal-title":"Intelligent Data Analysis and Its Applications"},{"issue":"7","key":"2025081309504754200_ref033","doi-asserted-by":"crossref","DOI":"10.3390\/su8070638","article-title":"Leadership of information security manager on the effectiveness of information systems security for secure sustainable computing","volume":"8","author":"Choi","year":"2016","journal-title":"Sustainability"},{"key":"2025081309504754200_ref034","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ISSA.2013.6641035","article-title":"A software gateway to affordable and effective information security governance in SMMEs","volume-title":"2013 Information Security for South Africa","author":"Coertze","year":"2013"},{"key":"2025081309504754200_ref035","doi-asserted-by":"crossref","DOI":"10.1109\/ISSA.2011.6027515","article-title":"A web-based information security management toolbox for small-to-medium enterprises in Southern Africa","volume-title":"2011 Information Security for South Africa","author":"Coertze","year":"2011"},{"key":"2025081309504754200_ref037","article-title":"Enterprise information security policy assessment: an extended framework for metrics development utilising the goal-question-metric approach","volume-title":"Proceedings of the 15th World Multi-Conference on Systemics","author":"Corpuz","year":"2011"},{"key":"2025081309504754200_ref038","article-title":"The enterprise information security policy as a strategic business policy within the corporate strategic plan","volume-title":"Proceedings of the 15th World Multi-Conference on Systemics","author":"Corpuz","year":"2011"},{"key":"2025081309504754200_ref036","article-title":"Integrating information security policy management with corporate risk management for strategic alignment","volume-title":"Proceedings of the 14th World Multi-Conference on Systemics","author":"Corpuz","year":"2010"},{"key":"2025081309504754200_ref039","doi-asserted-by":"crossref","DOI":"10.1109\/SISY.2010.5647216","article-title":"Information security management \u2013 defining approaches to information security policies in ISMS","volume-title":"IEEE 8th International Symposium on Intelligent Systems and Informatics","author":"Cosic","year":"2010"},{"issue":"6","key":"2025081309504754200_ref040","doi-asserted-by":"crossref","first-page":"605","DOI":"10.1057\/s41303-017-0059-9","article-title":"Organizational information security policies: a review and research framework","volume":"26","author":"Cram","year":"2018","journal-title":"European Journal of Information Systems"},{"key":"2025081309504754200_ref041","first-page":"9","volume-title":"A Framework for Design. Research Design: Qualitative, Quantitative, and Mixed Methods Approaches","author":"Creswell","year":"2003"},{"issue":"6","key":"2025081309504754200_ref042","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1057\/ejis.2011.23","article-title":"A review and analysis of deterrence theory in the is security literature: making sense of the disparate findings","volume":"20","author":"D'arcy","year":"2011","journal-title":"European Journal of Information Systems"},{"key":"2025081309504754200_ref043","doi-asserted-by":"crossref","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","article-title":"Understanding employee responses to stressful information security requirements: a coping perspective","volume":"31","author":"D'arcy","year":"2014","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"2025081309504754200_ref044","doi-asserted-by":"crossref","first-page":"391","DOI":"10.1111\/j.1365-2575.2007.00289.x","article-title":"User behaviour towards protective information technologies: the role of national cultural differences","volume":"19","author":"Dinev","year":"2009","journal-title":"Information Systems Journal"},{"issue":"1","key":"2025081309504754200_ref045","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1016\/j.cose.2005.09.009","article-title":"Aligning the information security policy with the strategic information systems plan","volume":"25","author":"Doherty","year":"2006","journal-title":"Computers and Security"},{"issue":"6","key":"2025081309504754200_ref046","doi-asserted-by":"crossref","first-page":"449","DOI":"10.1016\/j.ijinfomgt.2009.05.003","article-title":"The information security policy unpacked: a critical study of the content of university policies","volume":"29","author":"Doherty","year":"2009","journal-title":"International Journal of Information Management"},{"issue":"6","key":"2025081309504754200_ref047","doi-asserted-by":"crossref","first-page":"678","DOI":"10.1057\/ejis.2008.57","article-title":"Profile of is research published in the European journal of information systems","volume":"17","author":"Dwivedi","year":"2008","journal-title":"European Journal of Information Systems"},{"key":"2025081309504754200_ref048","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1007\/978-3-319-48393-1_23","article-title":"A toolbox supporting agile modelling method engineering: ADOxx. org modelling method conceptualization environment","volume-title":"IFIP Working Conference on The Practice of Enterprise Modeling","author":"Efendioglu","year":"2016"},{"key":"2025081309504754200_ref049","volume-title":"ENISA Threat Landscape 2014. Overview of Current and Emerging Cyber-Threats","author":"Enisa","year":"2014"},{"key":"2025081309504754200_ref050","unstructured":"Ernst and Young (2008), \u201cErnst and Young 2008 Global Information Security Survey\u201d, Ernst and Young."},{"key":"2025081309504754200_ref051","unstructured":"Ernst and Young (2010), \u201cBorderless security \u2013 Ernst and Young\u2019s 2010 Global Information Security Survey\u201d, Ernst and Young."},{"key":"2025081309504754200_ref052","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1016\/j.cose.2016.06.002","article-title":"Information security policy development and implementation: the what, how and who","volume":"61","author":"Flowerday","year":"2016","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref053","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-74409-2_25","article-title":"Using the lens of circuits of power in information systems security management","volume-title":"International Conference on Trust, Privacy and Security in Digital Business","author":"Fragos","year":"2007"},{"key":"2025081309504754200_ref054","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.cose.2014.06.008","article-title":"Cyber situational awareness \u2013 a systematic review of the literature","volume":"46","author":"Franke","year":"2014","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref055","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1108\/09685220310480381","article-title":"The application of information security policies in large UK-based organizations: an exploratory investigation","volume":"11","author":"Fulford","year":"2003","journal-title":"Information Management and Computer Security"},{"issue":"2","key":"2025081309504754200_ref056","article-title":"Evaluation of employees awareness and usage of information security policy in organizations of developing countrties: a study of federal inland revenue service, Nigeria","volume":"67","author":"Gadzama","year":"2014","journal-title":"Journal of Theoretical and Applied Information Technology"},{"key":"2025081309504754200_ref057","first-page":"954","article-title":"Web-base group decision support system for information security decision making in case of Indian E-Government systems","volume":"403","author":"Gaigole","year":"2012","journal-title":"Advanced Materials Research"},{"key":"2025081309504754200_ref058","author":"Galliers","year":"1992","journal-title":"Information systems research: issues, methods and practical guidelines. Blackwell scientific"},{"key":"2025081309504754200_ref059","unstructured":"Gara (2015), \u201cMorgan stanley fires rogue employee after customer data leak [online]\u201d, Forbes, available at: www.forbes.com\/sites\/civicnation\/2018\/04\/26\/five-numbers-that-show-the-impact-free-college-can-have\/#2ac2d9f27d01 (accessed 1 May 2018)."},{"issue":"1","key":"2025081309504754200_ref060","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1016\/S1386-5056(98)00022-7","article-title":"Installing an appropriate information security policy","volume":"49","author":"Gaunt","year":"1998","journal-title":"International Journal of Medical Informatics"},{"key":"2025081309504754200_ref061","volume-title":"Understanding Information Security Compliance-Why Goal Setting and Rewards Might Be a Bad Idea","author":"Gerber","year":"2016"},{"issue":"5","key":"2025081309504754200_ref062","article-title":"Awareness training transfer and information security content development for healthcare industry","volume":"7","author":"Ghazvini","year":"2016","journal-title":"International Journal of Advanced Computer Science and Applications)"},{"issue":"7","key":"2025081309504754200_ref063","doi-asserted-by":"crossref","first-page":"875","DOI":"10.14257\/ijsia.2017.11.7.07","article-title":"Information security content development for awareness training programs in healthcare","volume":"11","author":"Ghazvini","year":"2017","journal-title":"International Journal of Security and Its Applications"},{"key":"2025081309504754200_ref064","doi-asserted-by":"crossref","first-page":"312","DOI":"10.17705\/1jais.00129","article-title":"The anatomy of a design theory","volume":"8","author":"Gregor","year":"2007","journal-title":"Journal of the Association for Information Systems"},{"issue":"8","key":"2025081309504754200_ref065","doi-asserted-by":"crossref","first-page":"709","DOI":"10.1016\/S0167-4048(97)00009-6","article-title":"A baseline security policy for distributed healthcare information systems","volume":"16","author":"Gritzalis","year":"1997","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref066","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1016\/j.cose.2012.10.003","article-title":"Security-related behavior in using information systems in the workplace: a review and synthesis","volume":"32","author":"Guo","year":"2013","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref067","doi-asserted-by":"crossref","first-page":"320","DOI":"10.1016\/j.im.2012.08.001","article-title":"The effects of multilevel sanctions on information security violations: a mediating model","volume":"49","author":"Guo","year":"2012","journal-title":"Information and Management"},{"key":"2025081309504754200_ref068","unstructured":"Harmsen, A.F.\n           (1997), \u201cSituational method engineering\u201d, Doctorial Dissertation, University of Twente."},{"key":"2025081309504754200_ref069","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1108\/IMCS-08-2012-0043","article-title":"Social action theory for understanding information security non-compliance in hospitals","volume":"21","author":"Hedstr\u00f6m","year":"2013","journal-title":"Information Management and Computer Security"},{"issue":"4","key":"2025081309504754200_ref070","doi-asserted-by":"crossref","first-page":"373","DOI":"10.1016\/j.jsis.2011.06.001","article-title":"Value conflicts for information security management","volume":"20","author":"Hedstr\u00f6m","year":"2011","journal-title":"The Journal of Strategic Information Systems"},{"issue":"2","key":"2025081309504754200_ref071","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","article-title":"Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness","volume":"47","author":"Herath","year":"2009","journal-title":"Decision Support Systems"},{"key":"2025081309504754200_ref072","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2307\/25148625","article-title":"Design science in information systems research","volume":"28","author":"Hevner","year":"2004","journal-title":"MIS Quarterly"},{"issue":"5","key":"2025081309504754200_ref073","doi-asserted-by":"crossref","first-page":"402","DOI":"10.1016\/S0167-4048(02)00504-7","article-title":"Information security policy \u2013 what do international information security standards say?","volume":"21","author":"H\u00f6ne","year":"2002","journal-title":"Computers and Security"},{"issue":"6","key":"2025081309504754200_ref074","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/S1353-4858(02)06011-7","article-title":"What makes an effective information security policy?","volume":"2002","author":"H\u00f6ne","year":"2002","journal-title":"Network Security"},{"key":"2025081309504754200_ref075","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1108\/09685220610655861","article-title":"An empirical study of information security policy on information security elevation in Taiwan","volume":"14","author":"Hong","year":"2006","journal-title":"Information Management and Computer Security"},{"key":"2025081309504754200_ref076","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/978-0-387-35586-3_1","article-title":"The effective implementation of information security in organizations","volume-title":"Security in the Information Society","author":"Hoppe","year":"2002"},{"key":"2025081309504754200_ref077","volume-title":"The Influence of Institutional Forces on Employee Compliance with Information Security Policies","author":"Hou","year":"2011"},{"key":"2025081309504754200_ref078","first-page":"377","article-title":"The security policy life cycle: functions and responsibilities","volume-title":"Information Security Managemeng Handbook","author":"Howard","year":"2007"},{"issue":"2","key":"2025081309504754200_ref079","doi-asserted-by":"crossref","first-page":"282","DOI":"10.1287\/isre.2015.0569","article-title":"The role of extra-role behaviors and social controls in information security policy effectiveness","volume":"26","author":"Hsu","year":"2015","journal-title":"Information Systems Research"},{"issue":"4","key":"2025081309504754200_ref080","doi-asserted-by":"crossref","first-page":"615","DOI":"10.1111\/j.1540-5915.2012.00361.x","article-title":"Managing employee compliance with information security policies: the critical role of top management and organizational culture","volume":"43","author":"Hu","year":"2012","journal-title":"Decision Sciences"},{"key":"2025081309504754200_ref081","volume-title":"Willingness and Ability to Perform Information Security Compliance Behavior: Psychological Ownership and Self-Efficacy Perspective","author":"Huang","year":"2016"},{"issue":"2","key":"2025081309504754200_ref082","first-page":"70","article-title":"The moderating effect of working experience on health information system security policies compliance behaviour","volume":"28","author":"Humaidi","year":"2015","journal-title":"Malaysian Journal of Computer Science"},{"issue":"4","key":"2025081309504754200_ref083","doi-asserted-by":"crossref","first-page":"311","DOI":"10.7763\/IJIET.2015.V5.522","article-title":"Leadership styles and information security compliance behavior: the mediator effect of information security awareness","volume":"5","author":"Humaidi","year":"2015","journal-title":"International Journal of Information and Education Technology"},{"key":"2025081309504754200_ref084","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","article-title":"Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory","volume":"31","author":"Ifinedo","year":"2012","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref085","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.im.2013.10.001","article-title":"Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition","volume":"51","author":"Ifinedo","year":"2014","journal-title":"Information and Management"},{"issue":"1","key":"2025081309504754200_ref086","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1080\/10580530.2015.1117868","article-title":"Critical times for organizations: what should be done to curb workers\u2019 noncompliance with is security policy guidelines?","volume":"33","author":"Ifinedo","year":"2016","journal-title":"Information Systems Management"},{"key":"2025081309504754200_ref087","unstructured":"Ismail, W.H.B.W. and Widyarto, S.A. (2016), \u201cFormulation and development process of information security policy in higher education\u201d, Paper presented at the 1st International Conference on Engineering Technology and Applied Sciences, Afyonkarahisar."},{"key":"2025081309504754200_ref088","article-title":"Examining information security concerns: case study of malaysian academic setting","volume-title":"14th International-Business-Information-Management-Association Conference","author":"Ismail","year":"2010"},{"issue":"4","key":"2025081309504754200_ref089","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1016\/S0263-7863(97)00037-9","article-title":"Towards a smart project management information system","volume":"16","author":"Jaafari","year":"1998","journal-title":"International Journal of Project Management"},{"key":"2025081309504754200_ref090","article-title":"Integrated business continuity planning and information security policy development approach","author":"J\u00e4rvel\u00e4inen","year":"2016"},{"issue":"1","key":"2025081309504754200_ref091","doi-asserted-by":"crossref","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","article-title":"An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric","volume":"39","author":"Johnston","year":"2015","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025081309504754200_ref092","first-page":"1","article-title":"Engaging remote employees: the moderating role of \u2018remote\u2019 status in determining employee information security policy awareness","volume":"25","author":"Johnston","year":"2013","journal-title":"Journal of Organizational and End User Computing ( Computing)"},{"issue":"3","key":"2025081309504754200_ref093","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1057\/ejis.2015.15","article-title":"Dispositional and situational factors: influences on information security policy violations","volume":"25","author":"Johnston","year":"2016","journal-title":"European Journal of Information Systems"},{"issue":"5\/6","key":"2025081309504754200_ref094","doi-asserted-by":"crossref","first-page":"527","DOI":"10.1007\/s10009-007-0048-8","article-title":"Tools for secure systems development with UML","volume":"9","author":"J\u00fcrjens","year":"2007","journal-title":"International Journal on Software Tools for Technology Transfer"},{"issue":"10","key":"2025081309504754200_ref095","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/07366989409451659","article-title":"Psychosocial factors in the implementation of information security policy","volume":"21","author":"Kabay","year":"1994","journal-title":"EDPACS"},{"issue":"5","key":"2025081309504754200_ref096","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1080\/10658980701744861","article-title":"Information security policy development and implementation","volume":"16","author":"Kadam","year":"2007","journal-title":"Information Systems Security"},{"key":"2025081309504754200_ref097","article-title":"Innovation management, development sustainability, and competitive economic growth information security policies compliance among employees in cybersecurity Malaysia","volume-title":"28th International Business Information Management Association Conference-Vision 2020","author":"Kadir","year":"2016"},{"key":"2025081309504754200_ref098","article-title":"Information security policy compliance: an empirical study on escalation of commitment, an empirical study on escalation of commitment","author":"Kajtazi","year":"2013"},{"issue":"5","key":"2025081309504754200_ref099","doi-asserted-by":"crossref","first-page":"501","DOI":"10.1016\/j.infsof.2011.12.009","article-title":"MC sandbox: devising a tool for method-user-centered method configuration","volume":"54","author":"Karlsson","year":"2012","journal-title":"Information and Software Technology"},{"issue":"3","key":"2025081309504754200_ref0100","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1108\/ICS-05-2014-0033","article-title":"Information security culture\u2013state-of-the-art review between 2000 and 2013","volume":"23","author":"Karlsson","year":"2015","journal-title":"Information and Computer Security"},{"key":"2025081309504754200_ref0101","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1016\/j.cose.2016.12.012","article-title":"Practice-based discourse analysis of information security policies","volume":"67","author":"Karlsson","year":"2017","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0102","doi-asserted-by":"crossref","DOI":"10.1007\/978-0-387-35691-4_13","article-title":"Content, context, process analysis of is security policy formation","volume-title":"IFIP International Information Security Conference Springer","author":"Karyda","year":"2003"},{"key":"2025081309504754200_ref0103","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1016\/j.cose.2004.08.011","article-title":"Information systems security policies: a contextual perspective","volume":"24","author":"Karyda","year":"2005","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0104","unstructured":"Kelion, L.\n           (2013), \u201cCryptolocker ransomware has\u2019infected about 250,000 PCs\u2019 [online]\u201d, BBC, available at: www.bbc.com\/news\/technology-25506020 (accessed 1 May 2018)."},{"key":"2025081309504754200_ref0105","first-page":"1","article-title":"An integrative behavioral model of information security policy compliance","volume":"2014","author":"Kim","year":"2014","journal-title":"The Scientific World Journal"},{"key":"2025081309504754200_ref0106","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1016\/j.cose.2009.07.001","article-title":"Information security policy: an organizational-level process model","volume":"28","author":"Knapp","year":"2009","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0107","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-30436-1_28","article-title":"Analyzing value conflicts for a work-friendly ISS policy implementation","volume-title":"FIP International Information Security Conference","author":"Kolkowska","year":"2012"},{"issue":"1","key":"2025081309504754200_ref0108","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1016\/j.jsis.2016.08.005","article-title":"Towards analysing the rationale of information security non-compliance: devising a value-based compliance analysis method","volume":"26","author":"Kolkowska","year":"2017","journal-title":"The Journal of Strategic Information Systems"},{"key":"2025081309504754200_ref0109","first-page":"126","article-title":"Information security policy creating","volume":"12","author":"Koziel","year":"2011","journal-title":"Actual Problems of Economics"},{"key":"2025081309504754200_ref0110","article-title":"Which are the most effective measures for improving employees\u2019 security compliance?","author":"Kretzer","year":"2015"},{"key":"2025081309504754200_ref0111","article-title":"Information security policy: positioning the technological components of information security services under the perspective of electronic business","volume-title":"Security of Information and Networks: Proceedings of the First International Conference on Security of Information and Networks (SIN 2007)","author":"Kurtel","year":"2008"},{"key":"2025081309504754200_ref0112","doi-asserted-by":"crossref","DOI":"10.1109\/ISSA.2010.5588651","article-title":"Towards a framework to guide compliance with is security policies and regulations in a university","author":"Kyobe","year":"2010"},{"issue":"1","key":"2025081309504754200_ref0113","doi-asserted-by":"crossref","first-page":"62","DOI":"10.4018\/IJISP.2015010104","article-title":"Disassociations in security policy lifecycles","volume":"9","author":"Lapke","year":"2015","journal-title":"International Journal of Information Security and Privacy"},{"key":"2025081309504754200_ref0114","doi-asserted-by":"crossref","first-page":"2978","DOI":"10.1109\/HICSS.2013.192","article-title":"Employees' information security awareness and behavior: a literature review","volume-title":"2013 46th HI International Conference on System Sciences","author":"Lebek","year":"2013"},{"issue":"12","key":"2025081309504754200_ref0115","doi-asserted-by":"crossref","first-page":"1049","DOI":"10.1108\/MRR-04-2013-0085","article-title":"Information security awareness and behavior: a theory-based literature review","volume":"37","author":"Lebek","year":"2014","journal-title":"Management Research Review"},{"key":"2025081309504754200_ref0116","first-page":"1638","article-title":"Cyber security design requirements based on a risk assessment","author":"Lee","year":"2009","journal-title":"Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies"},{"key":"2025081309504754200_ref0117","article-title":"A systems approach to conduct an effective literature review in support of information systems research","volume":"9","author":"Levy","year":"2006","journal-title":"Informing Science"},{"issue":"8","key":"2025081309504754200_ref0118","doi-asserted-by":"crossref","first-page":"691","DOI":"10.1016\/0167-4048(96)81709-3","article-title":"A new model for information security policies","volume":"14","author":"Lindup","year":"1995","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0119","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-16486-1_45","article-title":"Implementation of information systems security policies: a survey in small and medium sized enterprises","volume-title":"New Contributions in Information Systems and Technologies","author":"Lopes","year":"2015"},{"key":"2025081309504754200_ref0120","doi-asserted-by":"crossref","DOI":"10.1109\/CISTI.2015.7170418","article-title":"Evaluation of the adoption of an information systems security policy","volume-title":"2015 10th Iberian Conference on Information Systems and Technologies (CISTI)","author":"Lopes","year":"2015"},{"key":"2025081309504754200_ref0121","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-16486-1_50","article-title":"Applying action research in the formulation of information security policies","volume-title":"New Contributions in Information Systems and Technologies","author":"Lopes","year":"2015"},{"key":"2025081309504754200_ref0122","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1007\/978-3-319-31307-8_37","article-title":"The security policy application process: action research","volume-title":"New Advances in Information Systems and Technologies","author":"Lopes","year":"2016"},{"issue":"5","key":"2025081309504754200_ref0123","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1111\/isj.12043","article-title":"Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies","volume":"25","author":"Lowry","year":"2015","journal-title":"Information Systems Journal"},{"key":"2025081309504754200_ref0124","doi-asserted-by":"crossref","DOI":"10.1145\/1107622.1107634","article-title":"Curriculum development related to information security policies and procedures","volume-title":"Proceedings of the 2nd annual conference on Information security curriculum development","author":"Mader","year":"2005"},{"issue":"1","key":"2025081309504754200_ref0125","doi-asserted-by":"crossref","DOI":"10.22495\/cocv13i1c11p9","article-title":"An empirical study of staff compliance to information security policy in a South African municipality","volume":"13","author":"Mavetera","year":"2015","journal-title":"Corporate Ownership and Control"},{"key":"2025081309504754200_ref0126","article-title":"Stakeholders in security policy development","author":"MaynardRuighaver","year":"2011"},{"key":"2025081309504754200_ref0127","article-title":"Top management can lower resistance toward information security compliance","author":"Merhi","year":"2015"},{"issue":"3","key":"2025081309504754200_ref0128","doi-asserted-by":"crossref","first-page":"233","DOI":"10.1046\/j.1365-2575.2003.00143.x","article-title":"The paucity of multimethod research: a review of the information systems literature","volume":"13","author":"Mingers","year":"2003","journal-title":"Information Systems Journal"},{"issue":"2","key":"2025081309504754200_ref0129","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1057\/ejis.2009.10","article-title":"What levels of moral reasoning and values explain adherence to information security rules? An empirical study","volume":"18","author":"Myyry","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"2025081309504754200_ref0130","article-title":"The global state of information security","author":"Nash","year":"2008"},{"key":"2025081309504754200_ref0131","article-title":"Crafting an information security policy: insights from an ethnographic study","author":"Niemimaa","year":"2016"},{"issue":"1","key":"2025081309504754200_ref0132","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1057\/s41303-016-0025-y","article-title":"Information systems security policy implementation in practice: from best practices to situated practices","volume":"26","author":"Niemimaa","year":"2017","journal-title":"European Journal of Information Systems"},{"key":"2025081309504754200_ref0133","article-title":"The information system security management in the polish banking institutions","author":"NowickiArtur","year":"2006"},{"issue":"3","key":"2025081309504754200_ref0134","doi-asserted-by":"crossref","first-page":"309","DOI":"10.2307\/249774","article-title":"CASE tools as organizational change: investigating incremental and radical changes in systems development","volume":"17","author":"Orlikowski","year":"1993","journal-title":"MIS Quarterly"},{"key":"2025081309504754200_ref0135","first-page":"102","volume-title":"Information Security Behavior: Towards Multi-Stage Models","author":"Pahnila","year":"2013"},{"key":"2025081309504754200_ref0136","unstructured":"Palmer, D.\n           (2017), \u201cLocky ransomware: why this menace keeps coming back. ZDNet: CBS interactive\u201d, available at: www.zdnet.com\/article\/locky-ransomware-why-this-menace-keeps-coming-back\/ (accessed 1 May 2018)."},{"issue":"2","key":"2025081309504754200_ref0137","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1201\/1086\/43314.10.2.20010506\/31399.4","article-title":"Information security policy framework: best practices for security policy in the E-commerce age","volume":"10","author":"Palmer","year":"2001","journal-title":"Information Systems Security"},{"issue":"1","key":"2025081309504754200_ref0138","first-page":"58","article-title":"Research methodologies in MIS: an update","volume":"14","author":"Palvia","year":"2004","journal-title":"Communications of the Association for Information Systems"},{"key":"2025081309504754200_ref0139","doi-asserted-by":"crossref","first-page":"264","DOI":"10.1108\/09685221211267648","article-title":"Identifying linkages between statements in information security policy, procedures and controls","volume":"20","author":"Pathari","year":"2012","journal-title":"Information Management and Computer Security"},{"key":"2025081309504754200_ref0140","first-page":"95","article-title":"A CASE tool to support automated modelling and analysis of security requirements, based on secure tropos","volume-title":"International Conference on Advanced Information Systems Engineering","author":"Pavlidis","year":"2011"},{"key":"2025081309504754200_ref0141","doi-asserted-by":"crossref","DOI":"10.1201\/9780203488737","volume-title":"Information Security Policies and Procedures \u2013 a Practitioner's Reference","author":"Peltier","year":"2004"},{"key":"2025081309504754200_ref0142","unstructured":"PWC (2014), \u201cManaging cyber risks in an interconnected world - key findings from The Global State of Information Security Survey 2015\u201d, PriceWaterhouseCoopers."},{"issue":"2","key":"2025081309504754200_ref0143","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1016\/j.ijproman.2007.06.002","article-title":"Project management information systems: an empirical study of their impact on project managers and project success","volume":"26","author":"Raymond","year":"2008","journal-title":"International Journal of Project Management"},{"issue":"4","key":"2025081309504754200_ref0144","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1080\/10919390802421242","article-title":"The state of risk assessment practices in information security: an exploratory investigation","volume":"18","author":"Rees","year":"2008","journal-title":"Journal of Organizational Computing and Electronic Commerce"},{"issue":"7","key":"2025081309504754200_ref0145","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1145\/792704.792706","article-title":"A policy framework for information security","volume":"46","author":"Rees","year":"2003","journal-title":"Communications of the Acm"},{"key":"2025081309504754200_ref0146","first-page":"22","volume-title":"Challenges in Implementing Information Security Policies","author":"Reichard","year":"2011"},{"key":"2025081309504754200_ref0147","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1108\/09685221211267666","article-title":"Health service employees and information security policies: an uneasy partnership?","volume":"20","author":"Renaud","year":"2012","journal-title":"Information Management and Computer Security"},{"issue":"9","key":"2025081309504754200_ref0148","first-page":"12","article-title":"Managing evolutionary method engineering by method rationale","volume":"5","author":"Rossi","year":"2004","journal-title":"The Association for Information Systems"},{"key":"2025081309504754200_ref0149","doi-asserted-by":"crossref","DOI":"10.1109\/HICSS.2014.427","article-title":"Designing effective knowledge transfer practices to improve is security awareness and compliance","volume-title":"2014 47th HI International Conference on System Sciences","author":"Sannicolas-Rocca","year":"2014"},{"key":"2025081309504754200_ref0150","doi-asserted-by":"crossref","DOI":"10.1109\/CSE.2009.10","article-title":"A study of the methods for improving internet usage policy compliance","volume-title":"2009 International Conference on Computational Science and Engineering","author":"Saran","year":"2009"},{"key":"2025081309504754200_ref0151","article-title":"Users\u2019 perception on the information security policy of the institutions of higher learning","author":"SharifaIsmailb","year":"2009"},{"key":"2025081309504754200_ref0152","doi-asserted-by":"crossref","DOI":"10.1109\/INFOMAN.2016.7477543","article-title":"Taking promotion and prevention mechanisms matter for information systems security policy in Chinese SMEs","volume-title":"2016 2nd International Conference on Information Management (ICIM)","author":"Shih","year":"2016"},{"key":"2025081309504754200_ref0153","doi-asserted-by":"crossref","DOI":"10.1109\/ARES.2009.106","article-title":"Information security optimization: from theory to practice","volume-title":"2009 International Conference on Availability, Reliability and Security","author":"Simms","year":"2009"},{"issue":"7","key":"2025081309504754200_ref0154","doi-asserted-by":"crossref","first-page":"19","DOI":"10.17705\/1jais.00095","article-title":"Six design theories for is security policies and guidelines","volume":"7","author":"Siponen","year":"2006","journal-title":"Journal of the Association for Information Systems"},{"issue":"3","key":"2025081309504754200_ref0155","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1057\/ejis.2012.59","article-title":"Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations","volume":"23","author":"Siponen","year":"2014","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025081309504754200_ref0156","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1145\/1216218.1216224","article-title":"A review of information security issues and respective research contributions","volume":"38","author":"Siponen","year":"2007","journal-title":"ACM SIGMIS Database"},{"key":"2025081309504754200_ref0157","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.im.2013.08.006","article-title":"Employees\u2019 adherence to information security policies: an exploratory field study","volume":"51","author":"Siponen","year":"2014","journal-title":"Information and Management"},{"issue":"12","key":"2025081309504754200_ref0158","doi-asserted-by":"crossref","DOI":"10.1145\/1610252.1610289","article-title":"Technical opinionAre employees putting your company at risk by not following information security policies?","volume":"52","author":"Siponen","year":"2009","journal-title":"Communications of the Acm"},{"key":"2025081309504754200_ref0159","first-page":"48","article-title":"A new model for understanding users' is security compliance","author":"Siponen","year":"2006"},{"key":"2025081309504754200_ref0160","first-page":"26","article-title":"Power and practice in information systems security research","author":"Siponen","year":"2008"},{"key":"2025081309504754200_ref0161","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1016\/j.cose.2015.10.006","article-title":"Information security policy compliance model in organizations","volume":"56","author":"Sohrabi Safa","year":"2016","journal-title":"Computers and Security"},{"issue":"2","key":"2025081309504754200_ref0162","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1108\/ICS-04-2014-0025","article-title":"The sufficiency of the theory of planned behavior for explaining information security policy compliance","volume":"23","author":"Sommestad","year":"2015","journal-title":"Information and Computer Security"},{"issue":"1","key":"2025081309504754200_ref0163","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1108\/IMCS-08-2012-0045","article-title":"Variables influencing information security policy compliance: a systematic review of quantitative studies","volume":"22","author":"Sommestad","year":"2014","journal-title":"Information Management and Computer Security"},{"key":"2025081309504754200_ref0164","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","article-title":"Out of fear or desire? Toward a better understanding of employees\u2019 motivation to follow is security policies","volume":"48","author":"Son","year":"2011","journal-title":"Information and Management"},{"issue":"2","key":"2025081309504754200_ref0165","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/j.ijinfomgt.2015.11.009","article-title":"Information security management needs more holistic approach: a literature review","volume":"36","author":"Soomro","year":"2016","journal-title":"International Journal of Information Management"},{"issue":"1","key":"2025081309504754200_ref0166","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1111\/j.1365-2575.2011.00378.x","article-title":"Information security policies in the UK healthcare sector: a critical evaluation","volume":"22","author":"Stahl","year":"2012","journal-title":"Information Systems Journal"},{"key":"2025081309504754200_ref0167","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.cose.2004.07.001","article-title":"Analysis of end user security behaviors","volume":"24","author":"Stanton","year":"2005","journal-title":"Computers and Security"},{"issue":"1","key":"2025081309504754200_ref0168","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2307\/249307","article-title":"Discovering and disciplining computer abuse in organizations: a field study","volume":"14","author":"Straub","year":"1990","journal-title":"MIS Quarterly"},{"key":"2025081309504754200_ref0169","doi-asserted-by":"crossref","DOI":"10.1145\/2179298.2179337","article-title":"Collaborations, mergers, acquisitions, and security policy conflict analysis","volume-title":"Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research","author":"Subramanian","year":"2011"},{"key":"2025081309504754200_ref0170","article-title":"27th international conference on computer applications in industry and engineering (CAINE-2014)","author":"Superdome","year":"2014"},{"issue":"10","key":"2025081309504754200_ref0171","doi-asserted-by":"crossref","DOI":"10.4304\/jsw.5.10.1162-1169","article-title":"The use of AHP in security policy decision making: an open office calc application","volume":"5","author":"Syamsuddin","year":"2010","journal-title":"Journal of Software"},{"key":"2025081309504754200_ref0172","article-title":"Improving an organisations existing information technology policy to increase security","author":"Talbot","year":"2009"},{"key":"2025081309504754200_ref0173","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1016\/j.procs.2016.09.137","article-title":"Analysis and design of a project management information system: practical case in a consulting company","volume":"100","author":"Teixeira","year":"2016","journal-title":"Procedia Computer Science"},{"key":"2025081309504754200_ref0174","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1016\/j.cose.2015.04.006","article-title":"Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs","volume":"52","author":"Tsohou","year":"2015","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0175","volume-title":"Information Security Policy Development and Implementation: A Content Analysis Approach","author":"Tuyikeze","year":"2014"},{"key":"2025081309504754200_ref0176","article-title":"An information security policy development life cycle","volume-title":"Proceedings of the South African Information Security Multi-Conference (SAISMC)","author":"Tuyikeze","year":"2011"},{"issue":"4","key":"2025081309504754200_ref0177","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","article-title":"Information security culture: a management perspective","volume":"29","author":"Van Niekerk","year":"2010","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0178","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1108\/09685220210431872","article-title":"The information security management toolbox \u2013 taking the pain out of security management","volume":"10","author":"Vermeulen","year":"2002","journal-title":"Information Management and Computer Security"},{"key":"2025081309504754200_ref0179","doi-asserted-by":"crossref","DOI":"10.1109\/ISSA.2011.6027522","article-title":"Information security governance control through comprehensive policy architectures","volume-title":"2011 Information Security for South Africa","author":"Von Solms","year":"2011"},{"key":"2025081309504754200_ref0180","first-page":"401","article-title":"Information security: auditing the behaviour of the employee","volume-title":"IFIP International Information Security Conference","author":"Vroom","year":"2003"},{"issue":"3","key":"2025081309504754200_ref0181","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1016\/j.cose.2004.01.012","article-title":"Towards information security behavioural compliance","volume":"23","author":"Vroom","year":"2004","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0182","volume-title":"Critical Discourse Analysis as a Review Methodology: An Empirical Example","author":"Wall","year":"2015"},{"key":"2025081309504754200_ref0183","doi-asserted-by":"crossref","first-page":"353","DOI":"10.2991\/978-94-6239-100-0_65","article-title":"Using galois lattice to represent and analyze information security policy compliance","volume-title":"Proceedings of the 5th International Asia Conference on Industrial Engineering and Management Innovation (IEMI2014)","author":"Wang","year":"2015"},{"key":"2025081309504754200_ref0184","first-page":"13","article-title":"Analyzing the past to prepare for the future: writing a literature review","author":"Webster","year":"2002","journal-title":"MIS Quarterly"},{"key":"2025081309504754200_ref0185","doi-asserted-by":"crossref","first-page":"448","DOI":"10.1016\/j.cose.2005.03.008","article-title":"Information security policy's impact on reporting security incidents","volume":"24","author":"Wiant","year":"2005","journal-title":"Computers and Security"},{"key":"2025081309504754200_ref0186","first-page":"123","article-title":"Security policy: from design to maintenance","volume-title":"Information Security: Policy, Processes, and Practices","author":"Withman","year":"2008"},{"key":"2025081309504754200_ref0187","article-title":"Cognitive elaboration on potential outcomes and its effects on employees\u2019 information security policy compliance intention \u2013 exploring the key antecedents","volume-title":"Workshop on E-Business","author":"Yang","year":"2011"},{"issue":"2","key":"2025081309504754200_ref0188","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/JITR.2016040101","article-title":"Towards modelling the impact of security policy on compliance","volume":"9","author":"Yaokumah","year":"2016","journal-title":"Journal of Information Technology Research ( Research)"},{"key":"2025081309504754200_ref0189","volume-title":"Enforcing Information Security Policies through Cultural Boundaries: A Multinational Company Approach","author":"Yayla","year":"2011"},{"key":"2025081309504754200_ref0190","doi-asserted-by":"crossref","DOI":"10.1109\/UMC.2008.56","article-title":"Advanced security policy implementation for information systems","volume-title":"2008 International Symposium on Ubiquitous Multimedia Computing","author":"Yusufovna","year":"2008"},{"key":"2025081309504754200_ref0191","doi-asserted-by":"crossref","DOI":"10.17705\/1CAIS.02434","article-title":"Current state of information security research in IS","volume":"24","author":"Zafar","year":"2009","journal-title":"Communications of the Association for Information Systems"},{"key":"2025081309504754200_ref0192","article-title":"The implementation of basic information security policy management framework using java","volume-title":"2nd International Symposium on Electronic Business and Information System, Changsha City, SOUTH KOREA. AUSSINO ACAD PUBL HOUSE, PO BOX 893, MARRICKVILLE, NSW 2204 00000, AUSTRALIA","author":"Zhou","year":"2010"},{"key":"2025081309504754200_ref0193","article-title":"Int business information management Assoc-Ibima","author":"Turkey","year":"2019"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2019-0079\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/28\/2\/215\/10066873\/ics-07-2019-0079.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ics\/article-pdf\/28\/2\/215\/10066873\/ics-07-2019-0079.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T13:51:18Z","timestamp":1755093078000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ics\/article\/28\/2\/215\/1274397\/The-hunt-for-computerized-support-in-information"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,8]]},"references-count":193,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,6,8]]}},"URL":"https:\/\/doi.org\/10.1108\/ics-07-2019-0079","relation":{},"ISSN":["2056-4961","2056-497X"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-497X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,1,8]]}}}