{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T03:28:54Z","timestamp":1778815734758,"version":"3.51.4"},"reference-count":104,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2024,4,30]],"date-time":"2024-04-30T00:00:00Z","timestamp":1714435200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2025,1,20]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>Information security (InfoSec) policy violations are of great concern to all organisations worldwide, especially in the financial industry. Although the importance of InfoSec policy has been highlighted for many decades, InfoSec breaches still occur due to a low level of employee compliance and a lack of engagement and competence in high-level management. However, previous studies have primarily investigated the behavioural aspects of InfoSec policy compliance at the individual level rather than the managerial factors involved in constructing InfoSec policy and developing its effectiveness. Thus, drawing on neo-institutional theory and a transformational leadership framework, this research investigated the influence of external mechanisms and transformational leadership on InfoSec policy effectiveness.<\/jats:p>\n<\/jats:sec>\n<jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The research model was implemented using field survey data from professional managers in the financial sector.<\/jats:p>\n<\/jats:sec>\n<jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The results reported that neo-institutional mechanisms and transformational leadership shape InfoSec policy effectiveness in an organisation.<\/jats:p>\n<\/jats:sec>\n<jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>This study broadens current InfoSec policy research from an individual level to a managerial perspective and enhances the existing literature on neo-institutional and transformational leadership in the context of InfoSec. It highlights the need to evaluate InfoSec policy based on external factors and to support transformational leadership styles that promote InfoSec policy enforcement and effectiveness.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-09-2023-0165","type":"journal-article","created":{"date-parts":[[2024,4,29]],"date-time":"2024-04-29T10:25:10Z","timestamp":1714386310000},"page":"77-95","source":"Crossref","is-referenced-by-count":1,"title":["Information security policy effectiveness: a managerial perspective of the financial industry in Vietnam"],"prefix":"10.1108","volume":"33","author":[{"given":"Thai","family":"Pham","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Farkhondeh","family":"Hassandoust","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2024,4,30]]},"reference":[{"issue":"2","key":"key2025011616444784400_ref001","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1007\/s10845-012-0683-0","article-title":"Information security strategies: towards an organisational multi-strategy perspective","volume":"25","year":"2014","journal-title":"Journal of Intelligent Manufacturing"},{"issue":"2","key":"key2025011616444784400_ref002","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1108\/ICS-10-2017-0073","article-title":"Security monitoring and information security assurance behavior among employees: an empirical analysis","volume":"27","year":"2019","journal-title":"Information and Computer Security"},{"issue":"4","key":"key2025011616444784400_ref003","doi-asserted-by":"crossref","first-page":"746","DOI":"10.1016\/j.leaqua.2014.04.005","article-title":"Instrumental leadership: measurement and extension of transformational\u2013transactional leadership theory","volume":"25","year":"2014","journal-title":"The Leadership Quarterly"},{"issue":"4","key":"key2025011616444784400_ref004","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1016\/j.istr.2008.10.006","article-title":"Information security management: a human challenge?","volume":"13","year":"2008","journal-title":"Information Security Technical Report"},{"key":"key2025011616444784400_ref005","first-page":"1","article-title":"Leadership development in balance: MADE\/born","year":"2004","journal-title":"Leadership Development in Balance: MADE\/Born"},{"issue":"6","key":"key2025011616444784400_ref006","doi-asserted-by":"crossref","first-page":"1173","DOI":"10.1037\/0022-3514.51.6.1173","article-title":"The moderator-mediator variable distinction in social psychological research: conceptual, strategic, and statistical considerations","volume":"51","year":"1986","journal-title":"Journal of Personality and Social Psychology"},{"key":"key2025011616444784400_ref007","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1016\/j.cose.2016.02.007","article-title":"Information system security commitment: a study of external influences on senior management","volume":"59","year":"2016","journal-title":"Computers and Security"},{"key":"key2025011616444784400_ref008","volume-title":"Leadership and Performance beyond Expectations","year":"1985"},{"issue":"5","key":"key2025011616444784400_ref009","first-page":"21","article-title":"Developing transformational leadership: 1992 and Beyond","volume":"14","year":"1990","journal-title":"Journal of European Industrial Training"},{"key":"key2025011616444784400_ref010","article-title":"Using situational crime prevention theory to explain the effectiveness of information systems security","year":"2005"},{"issue":"5","key":"key2025011616444784400_ref0190","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1108\/09685221111188593","article-title":"Leadership styles and information security in small businesses","volume":"19","year":"2011","journal-title":"Information Management & Computer Security"},{"issue":"3","key":"key2025011616444784400_ref011","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"key":"key2025011616444784400_ref800","volume-title":"Leadership","year":"1978"},{"issue":"4","key":"key2025011616444784400_ref012","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1016\/j.im.2014.12.004","article-title":"Institutional pressures in security management: direct and indirect influences on organisational investment in information security control resources","volume":"52","year":"2015","journal-title":"Information and Management"},{"issue":"3","key":"key2025011616444784400_ref013","doi-asserted-by":"crossref","first-page":"730","DOI":"10.32709\/akusosbil.548390","article-title":"An overview of four fundamental theories of organizations","volume":"22","year":"2020","journal-title":"Afyon Kocatepe \u00dcniversitesi Sosyal Bilimler Dergisi"},{"issue":"3","key":"key2025011616444784400_ref014","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1108\/02635570610653498","article-title":"Organisational factors to the effectiveness of implementing information security management","volume":"106","year":"2006","journal-title":"Industrial Management and Data Systems"},{"issue":"3","key":"key2025011616444784400_ref015","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1108\/02635570710734316","article-title":"Exploring organisational culture for information security management","volume":"107","year":"2007","journal-title":"Industrial Management and Data Systems"},{"issue":"3","key":"key2025011616444784400_ref016","doi-asserted-by":"crossref","first-page":"157","DOI":"10.2753\/MIS0742-1222290305","article-title":"Organisations\u2019 information security policy compliance: stick or carrot approach?","volume":"29","year":"2012","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"key2025011616444784400_ref017","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1080\/08874417.2015.11645767","article-title":"Impacts of comprehensive information security programs on information security culture","volume":"55","year":"2015","journal-title":"Journal of Computer Information Systems"},{"key":"key2025011616444784400_ref018","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1007\/978-3-540-32827-8_4","article-title":"Bootstrap cross-validation indices for PLS path model assessment","volume-title":"Handbook of Partial Least Squares: Concepts, Methods and Applications","year":"2010"},{"issue":"7","key":"key2025011616444784400_ref019","doi-asserted-by":"crossref","first-page":"638","DOI":"10.3390\/su8070638","article-title":"Leadership of information security manager on the effectiveness of information systems security for secure sustainable computing","volume":"8","year":"2016","journal-title":"Sustainability"},{"issue":"S1","key":"key2025011616444784400_ref020","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/s10551-008-9909-7","article-title":"Does one size fit all? Examining the differential effects of is security countermeasures","volume":"89","year":"2009","journal-title":"Journal of Business Ethics"},{"issue":"1","key":"key2025011616444784400_ref021","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach","volume":"20","year":"2009","journal-title":"Information Systems Research"},{"issue":"2","key":"key2025011616444784400_ref022","doi-asserted-by":"publisher","first-page":"147","DOI":"10.2307\/2095101","article-title":"The iron cage revisited: institutional isomorphism and collective rationality in organisational fields","volume":"48","year":"1983","journal-title":"American Sociological Review"},{"issue":"4","key":"key2025011616444784400_ref023","doi-asserted-by":"crossref","first-page":"767","DOI":"10.1108\/MD-04-2018-0396","article-title":"Supplier relationship management for circular economy: influence of external pressures and top management commitment","volume":"57","year":"2019","journal-title":"Management Decision"},{"key":"key2025011616444784400_ref024","unstructured":"EY (2020), \u201cEY global information security survey\u201d, available at: www.assets.ey.com\/content\/dam\/ey-sites\/ey-com\/en_gl\/topics\/advisory\/ey-global-information-security-survey-2020.pdf"},{"issue":"5","key":"key2025011616444784400_ref025","doi-asserted-by":"crossref","first-page":"410","DOI":"10.1108\/IMCS-07-2013-0053","article-title":"Current challenges in information security risk management","volume":"22","year":"2014","journal-title":"Information Management and Computer Security"},{"key":"key2025011616444784400_ref01919","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/j.cose.2016.01.004","article-title":"Shaping intention to resist social engineering through transformational leadership, information security culture and awareness","volume":"59","year":"2016","journal-title":"Computers & Security"},{"key":"key2025011616444784400_ref026","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1016\/j.cose.2016.06.002","article-title":"Information security policy development and implementation: the what, how and who","volume":"61","year":"2016","journal-title":"Computers and Security"},{"key":"key2025011616444784400_ref027","unstructured":"Gartner (2020a), \u201cGartner forecasts worldwide security and risk management spending growth to slow but remain positive in 2020\u201d, available at: www.gartner.com\/en\/newsroom\/press-releases\/2021-05-17-gartner-forecasts-worldwide-security-and-risk-managem"},{"key":"key2025011616444784400_ref028","unstructured":"Gartner (2020b), \u201cGartner forecasts worldwide IT spending to grow 9% in 2021\u201d, available at: www.gartner.com\/en\/newsroom\/press-releases\/2021-07-14-gartner-forecasts-worldwide-it-spending-to-grow-9-percent-2021"},{"issue":"5","key":"key2025011616444784400_ref029","doi-asserted-by":"crossref","first-page":"549","DOI":"10.1108\/00483481111154432","article-title":"Antecedents of front-line managers\u2019 perceptions of HR role stressors","volume":"40","year":"2011","journal-title":"Personnel Review"},{"issue":"2","key":"key2025011616444784400_ref09191","doi-asserted-by":"publisher","first-page":"340","DOI":"10.1111\/isj.12202","article-title":"The impact of leadership on employees\u2019 intended information security behaviour: an examination of the full-range eadership theory","volume":"29","year":"2019","journal-title":"Information Systems Journal"},{"key":"key2025011616444784400_ref030","volume-title":"A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM)","year":"2016","edition":"2nd ed."},{"key":"key2025011616444784400_ref031","volume-title":"A Primer on Partial Least Squares Structural Equations Modeling (PLS-SEM)","year":"2014"},{"issue":"5","key":"key2025011616444784400_ref032","article-title":"Peering through the lens of high\u2010reliability theory: a competencies driven security culture model of high\u2010reliability organisations","volume":"33","year":"2023","journal-title":"Information Systems Journal"},{"issue":"1","key":"key2025011616444784400_ref033","doi-asserted-by":"crossref","first-page":"103574","DOI":"10.1016\/j.im.2021.103574","article-title":"A neo-institutional perspective on the establishment of information security knowledge sharing practices","volume":"59","year":"2022","journal-title":"Information and Management"},{"key":"key2025011616444784400_ref034","doi-asserted-by":"crossref","first-page":"713","DOI":"10.1007\/978-3-540-32827-8_31","article-title":"Testing moderating effects in PLS path models: an illustration of available procedures","volume-title":"Handbook of Partial Least Squares: Concepts, Methods and Applications","year":"2010"},{"issue":"1","key":"key2025011616444784400_ref035","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1007\/s11747-014-0403-8","article-title":"A new criterion for assessing discriminant validity in variance-based structural equation modeling","volume":"43","year":"2015","journal-title":"Journal of the Academy of Marketing Science"},{"issue":"2","key":"key2025011616444784400_ref036","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","article-title":"Encouraging information security behaviours in organisations: role of penalties, pressures and perceived effectiveness","volume":"47","year":"2009","journal-title":"Decision Support Systems"},{"issue":"1","key":"key2025011616444784400_ref037","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/00213624.2006.11506879","article-title":"What are institutions?","volume":"40","year":"2006","journal-title":"Journal of Economic Issues"},{"issue":"3-part-2","key":"key2025011616444784400_ref038","doi-asserted-by":"publisher","first-page":"918","DOI":"10.1287\/isre.1110.0393","article-title":"Institutional influences on information systems security innovations","volume":"23","year":"2012","journal-title":"Information Systems Research"},{"issue":"2","key":"key2025011616444784400_ref039","doi-asserted-by":"crossref","first-page":"282","DOI":"10.1287\/isre.2015.0569","article-title":"The role of extra-role behaviors and social controls in information security policy effectiveness","volume":"26","year":"2015","journal-title":"Information Systems Research"},{"issue":"2","key":"key2025011616444784400_ref040","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1016\/j.jsis.2007.05.004","article-title":"The role of external and internal influences on information systems security \u2013 a neo-institutional perspective","volume":"16","year":"2007","journal-title":"The Journal of Strategic Information Systems"},{"key":"key2025011616444784400_ref041","first-page":"127a","article-title":"The role of external influences on organizational information security practices: an institutional perspective","year":"2006"},{"issue":"1","key":"key2025011616444784400_ref042","doi-asserted-by":"crossref","first-page":"84","DOI":"10.4018\/irmj.2006010105","article-title":"The institutionalization of IT budgeting: empirical evidence from the financial sector","volume":"19","year":"2006","journal-title":"Information Resources Management Journal"},{"issue":"2","key":"key2025011616444784400_ref043","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1016\/j.giq.2017.02.001","article-title":"Effects of innovation-supportive culture and organisational citizenship behavior on e-government information system security stemming from mimetic isomorphism","volume":"34","year":"2017","journal-title":"Government Information Quarterly"},{"issue":"1","key":"key2025011616444784400_ref044","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","article-title":"Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory","volume":"31","year":"2012","journal-title":"Computers and Security"},{"key":"key2025011616444784400_ref045","unstructured":"ISACA (2019), \u201cState of cybersecurity 2019\u201d, available at: www.isaca.org\/cyber\/Documents\/state-of-cybersecurity_res_eng_0316.pdf"},{"key":"key2025011616444784400_ref046","unstructured":"ITU (2017), \u201cGlobal cybersecurity index and cyberwellness profiles 2017\u201d, available at: www.itu.int\/epublications\/publication\/D-STRGCI.01-2021-HTM-E\/"},{"key":"key2025011616444784400_ref047","unstructured":"ITU (2022), \u201cGlobal cybersecurity index 2020\u201d, available at: www.itu.int\/epublications\/publication\/D-STR-GCI.01-2021-HTM-E\/"},{"issue":"2","key":"key2025011616444784400_ref048","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1086\/376806","article-title":"A critical review of construct indicators and measurement model specification in marketing and consumer research","volume":"30","year":"2003","journal-title":"Journal of Consumer Research"},{"issue":"1","key":"key2025011616444784400_ref049","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1080\/15536548.2009.10855855","article-title":"Business and security executives views of information security investment drivers: results from a Delphi study","volume":"5","year":"2009","journal-title":"Journal of Information Privacy and Security"},{"issue":"5","key":"key2025011616444784400_ref050","doi-asserted-by":"crossref","first-page":"751","DOI":"10.1037\/0021-9010.85.5.751","article-title":"Five-factor model of personality and transformational leadership","volume":"85","year":"2000","journal-title":"Journal of Applied Psychology"},{"issue":"5","key":"key2025011616444784400_ref051","doi-asserted-by":"publisher","first-page":"755","DOI":"10.1037\/0021-9010.89.5.755","article-title":"Transformational and transactional leadership: a meta-analytic test of their relative validity","volume":"89","year":"2004","journal-title":"Journal of Applied Psychology"},{"issue":"2","key":"key2025011616444784400_ref052","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1108\/ICS-09-2017-0066","article-title":"Escalation of commitment as an antecedent to non-compliance with information security policy","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"issue":"2","key":"key2025011616444784400_ref053","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1037\/0021-9010.88.2.246","article-title":"The two faces of transformational leadership: empowerment and dependency","volume":"88","year":"2003","journal-title":"Journal of Applied Psychology"},{"key":"key2025011616444784400_ref054","first-page":"66","article-title":"Policy awareness, enforcement and maintenance: critical to information security effectiveness in organisations","volume":"13","year":"2012","journal-title":"Journal of Management Policy and Practice"},{"issue":"1","key":"key2025011616444784400_ref055","doi-asserted-by":"crossref","first-page":"27","DOI":"10.4018\/joeuc.2014010102","article-title":"Information security program effectiveness in organisations: the moderating role of task interdependence","volume":"26","year":"2014","journal-title":"Journal of Organizational and End User Computing"},{"issue":"1","key":"key2025011616444784400_ref056","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1108\/09685220610648355","article-title":"Information security: Management's effect on culture and policy","volume":"14","year":"2006","journal-title":"Information Management and Computer Security"},{"issue":"2","key":"key2025011616444784400_ref057","doi-asserted-by":"crossref","first-page":"37","DOI":"10.4018\/jisp.2007040103","article-title":"Information security effectiveness: conceptualisation and validation of a theory","volume":"1","year":"2007","journal-title":"International Journal of Information Security and Privacy (IJISP)"},{"key":"key2025011616444784400_ref058","volume-title":"Research Design: quantitative, Qualitative, Mixed Methods, Arts-Based, and Community-Based Participatory Research Approaches","year":"2017"},{"issue":"1","key":"key2025011616444784400_ref059","doi-asserted-by":"crossref","first-page":"59","DOI":"10.2307\/25148781","article-title":"Assimilation of enterprise systems: the effect of institutional pressures and the mediating role of top management","volume":"31","year":"2007","journal-title":"MIS Quarterly"},{"key":"key2025011616444784400_ref060","first-page":"134","article-title":"Information systems security policies adoption: an institutional theory view","year":"2014"},{"issue":"3","key":"key2025011616444784400_ref5151","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1016\/S1048-9843(96)90027-2","article-title":"Effectiveness correlates of transformational and transactional leadership: a meta-analytic review of the mlq literature","volume":"7","year":"1996","journal-title":"The Leadership Quarterly"},{"issue":"2","key":"key2025011616444784400_ref061","doi-asserted-by":"crossref","first-page":"331","DOI":"10.1353\/pla.2015.0015","article-title":"Transformational and transactional leadership: an exploration of gender, experience, and institution type","volume":"15","year":"2015","journal-title":"Portal: Libraries and the Academy"},{"issue":"1","key":"key2025011616444784400_ref062","first-page":"1","article-title":"PLS-SEM: the holy grail for advanced analysis","volume":"28","year":"2018","journal-title":"Marketing Management Journal"},{"issue":"3","key":"key2025011616444784400_ref063","first-page":"3","article-title":"Defining the strategic role of the chief information security officer","volume":"10","year":"2018","journal-title":"Pacific Asia Journal of the Association for Information Systems"},{"issue":"2","key":"key2025011616444784400_ref064","doi-asserted-by":"crossref","first-page":"340","DOI":"10.1086\/226550","article-title":"Institutionalised organisations: formal structure as myth and ceremony","volume":"83","year":"1977","journal-title":"American Journal of Sociology"},{"issue":"2","key":"key2025011616444784400_ref065","first-page":"351","article-title":"Current security threats in the national and international context","volume":"19","year":"2020","journal-title":"Accounting and Management Information Systems\/Contabilitate si Informatica de Gestiune"},{"issue":"1","key":"key2025011616444784400_ref066","first-page":"22","article-title":"Information security behavioral model: towards employees knowledge and attitude","volume":"2","year":"2014","journal-title":"Journal of Telematics and Informatics"},{"issue":"1","key":"key2025011616444784400_ref067","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1108\/EBHRM-03-2019-0026","article-title":"Ethical leadership, internal CSR, organisational engagement and organisational workplace deviance","volume":"8","year":"2020","journal-title":"Evidence-Based HRM: a Global Forum for Empirical Scholarship"},{"key":"key2025011616444784400_ref068","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1016\/j.ijinfomgt.2018.01.001","article-title":"The impact of relational leadership and social alignment on information security system effectiveness in Korean governmental organisations","volume":"40","year":"2018","journal-title":"International Journal of Information Management"},{"issue":"3","key":"key2025011616444784400_ref069","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1177\/105960119001500307","article-title":"The impact of top-management actions on employee attitudes and perceptions","volume":"15","year":"1990","journal-title":"Group and Organization Studies"},{"issue":"5","key":"key2025011616444784400_ref0860","doi-asserted-by":"publisher","first-page":"455","DOI":"10.1002\/smj.167","article-title":"Guanxi and organizational dynamics: organizational networking in Chinese firms","volume":"22","year":"2001","journal-title":"Strategic Management Journal"},{"key":"key2025011616444784400_ref070","unstructured":"Pham, T. and Hassandoust, F. (2020), \u201cThe role of external mechanisms and transformational leadership in information security policy effectiveness: a managerial perspective of financial industry in Vietnam\u201d, Paper presented at the Australasian Conference on Information Systems, Wellington, New Zealand."},{"issue":"5","key":"key2025011616444784400_ref071","doi-asserted-by":"crossref","first-page":"879","DOI":"10.1037\/0021-9010.88.5.879","article-title":"Common method biases in behavioral research: a critical review of the literature and recommended remedies","volume":"88","year":"2003","journal-title":"Journal of Applied Psychology"},{"issue":"2","key":"key2025011616444784400_ref072","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1016\/1048-9843(90)90009-7","article-title":"Transformational leader behaviors and their effects on followers' trust in leader, satisfaction, and organisational citizenship behaviors","volume":"1","year":"1990","journal-title":"The Leadership Quarterly"},{"issue":"3","key":"key2025011616444784400_ref073","doi-asserted-by":"crossref","first-page":"879","DOI":"10.3758\/BRM.40.3.879","article-title":"Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models","volume":"40","year":"2008","journal-title":"Behavior Research Methods"},{"issue":"2","key":"key2025011616444784400_ref074","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1080\/10413200.2012.725703","article-title":"Relationships among coach leadership, peer leadership, and adolescent athletes\u2019 psychosocial and team outcomes: a test of transformational leadership theory","volume":"25","year":"2013","journal-title":"Journal of Applied Sport Psychology"},{"issue":"3","key":"key2025011616444784400_ref075","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1509\/jmkr.45.3.261","article-title":"Cross-sectional versus longitudinal survey research: Concepts, findings, and guidelines","volume":"45","year":"2008","journal-title":"Journal of Marketing Research"},{"issue":"4","key":"key2025011616444784400_ref076","doi-asserted-by":"crossref","first-page":"559","DOI":"10.1108\/VJIKMS-05-2018-0039","article-title":"The impact of transformational leadership on employees\u2019 acceptance to change: mediating effects of innovative behavior and moderating effect of the use of information technology","volume":"48","year":"2018","journal-title":"VINE Journal of Information and Knowledge Management Systems"},{"key":"key2025011616444784400_ref0140","article-title":"An evaluation of information security management effectiveness","year":"2006"},{"key":"key2025011616444784400_ref077","unstructured":"SBV (2011), \u201cAnnual report\u201d, available at: www.sbv.gov.vn\/webcenter\/ShowProperty?nodeId=\/UCMServer\/CNTHWEBAP01162395542\/\/idcPrimaryFileandrevision=latestreleased"},{"issue":"03","key":"key2025011616444784400_ref078","doi-asserted-by":"crossref","first-page":"637","DOI":"10.4236\/blr.2020.113039","article-title":"An institutional theory perspective on developing a cyber security legal framework: a case of Saudi Arabia","volume":"11","year":"2020","journal-title":"Beijing Law Review"},{"issue":"2","key":"key2025011616444784400_ref079","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/j.ijinfomgt.2015.11.009","article-title":"Information security management needs more holistic approach: a literature review","volume":"36","year":"2016","journal-title":"International Journal of Information Management"},{"key":"key2025011616444784400_ref080","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.aos.2018.04.005","article-title":"The influence of a good relationship between the internal audit and information security functions on information security outcomes","volume":"71","year":"2018","journal-title":"Accounting Organisations and Society"},{"key":"key2025011616444784400_ref081","first-page":"24","article-title":"Validation guidelines for is positivist research","volume":"13","year":"2004","journal-title":"Communications of the Association for Information Systems"},{"issue":"4","key":"key2025011616444784400_ref082","doi-asserted-by":"crossref","first-page":"441","DOI":"10.2307\/249551","article-title":"Coping with systems risk: security planning models for management decision making","volume":"22","year":"1998","journal-title":"MIS Quarterly"},{"issue":"3","key":"key2025011616444784400_ref083","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1287\/isre.1.3.255","article-title":"Effective is security: an empirical study","volume":"1","year":"1990","journal-title":"Information Systems Research"},{"issue":"1","key":"key2025011616444784400_ref084","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1177\/1056492609347564","article-title":"Challenges for institutional theory","volume":"19","year":"2010","journal-title":"Journal of Management Inquiry"},{"issue":"1","key":"key2025011616444784400_ref085","doi-asserted-by":"crossref","first-page":"44","DOI":"10.4018\/jgim.2015010103","article-title":"What drives information security policy violations among banking employees?: insights from neutralization and social exchange theory","volume":"23","year":"2015","journal-title":"Journal of Global Information Management"},{"issue":"1","key":"key2025011616444784400_ref086","doi-asserted-by":"crossref","first-page":"19","DOI":"10.2307\/30036518","article-title":"Predicting intention to adopt interorganisational linkages: an institutional perspective","volume":"27","year":"2003","journal-title":"MIS Quarterly"},{"issue":"1","key":"key2025011616444784400_ref087","first-page":"5","article-title":"Mimetic isomorphism and technology evaluation: does imitation transcend judgment?","volume":"3","year":"2002","journal-title":"Journal of the Association for Information Systems"},{"key":"key2025011616444784400_ref088","article-title":"The institutionalization of institutional theory","year":"1996"},{"key":"key2025011616444784400_ref089","unstructured":"Tu, Z. and Yuan, Y. (2014), \u201cCritical success factors analysis on effective information security management: a literature review\u201d, Paper presented at the AMCIS."},{"issue":"4","key":"key2025011616444784400_ref090","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1080\/10580530701586136","article-title":"An information security governance framework","volume":"24","year":"2007","journal-title":"Information Systems Management"},{"issue":"2","key":"key2025011616444784400_ref091","doi-asserted-by":"publisher","first-page":"99","DOI":"10.2308\/jis.2001.15.2.99","article-title":"The relevance of transformational leadership to nontraditional accounting services: information systems assurance and business consulting","volume":"15","year":"2001","journal-title":"Journal of Information Systems"},{"issue":"3","key":"key2025011616444784400_ref092","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/S0167-4048(01)00305-4","article-title":"Corporate governance and information security","volume":"20","year":"2001","journal-title":"Computers and Security"},{"key":"key2025011616444784400_ref093","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1016\/j.cose.2013.04.004","article-title":"From information security to cyber security","volume":"38","year":"2013","journal-title":"Computers and Security"},{"issue":"1","key":"key2025011616444784400_ref094","doi-asserted-by":"crossref","first-page":"443","DOI":"10.1146\/annurev.so.13.080187.002303","article-title":"Institutional theories of organisation","volume":"13","year":"1987","journal-title":"Annual Review of Sociology"},{"issue":"4","key":"key2025011616444784400_ref095","doi-asserted-by":"crossref","first-page":"615","DOI":"10.1111\/j.1540-5915.2012.00361.x","article-title":"Managing employee compliance with information security policies: the critical role of top management and organisational culture*","volume":"43","year":"2012","journal-title":"Decision Sciences"},{"issue":"4","key":"key2025011616444784400_ref096","doi-asserted-by":"crossref","first-page":"459","DOI":"10.1016\/S1048-9843(00)00059-X","article-title":"Ten years of the leadership quarterly: contributions and challenges for the future","volume":"11","year":"2000","journal-title":"The Leadership Quarterly"},{"issue":"3\/4","key":"key2025011616444784400_ref097","first-page":"190","article-title":"Motivating is security compliance: insights from habit and protection motivation theory","volume":"49","year":"2012","journal-title":"Information and Management"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-09-2023-0165\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-09-2023-0165\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:13Z","timestamp":1753406593000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/33\/1\/77-95\/1239969"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,30]]},"references-count":104,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,4,30]]},"published-print":{"date-parts":[[2025,1,20]]}},"alternative-id":["10.1108\/ICS-09-2023-0165"],"URL":"https:\/\/doi.org\/10.1108\/ics-09-2023-0165","relation":{},"ISSN":["2056-4961","2056-497X"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-497X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,30]]}}}