{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T02:40:39Z","timestamp":1777430439206,"version":"3.51.4"},"reference-count":49,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2016,10,10]],"date-time":"2016-10-10T00:00:00Z","timestamp":1476057600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2016,10,10]]},"abstract":"Purpose<\/jats:title>This paper aims to extend current information security compliance research by adapting \u201cwork-stress model\u201d of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, organizational and personal resources and individual security compliance.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>The authors used a multi-case in-depth interview method to explore the relevance and significance of security demands, organizational resources and personal resources on security compliance at work. Seventeen participants in three organizations including a bank, a university and an oil distribution company in Vietnam were interviewed during a four-month period.<\/jats:p><\/jats:sec>Findings<\/jats:title>The study identified three security demands, three security resources and two aspects of personal resources that influence security compliance. The study demonstrates that the security environment factors such as security demands and resources affected compliance burden and security engagement. Personal resources could play an integral role in moderating the impact of security environment on security compliance.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>The findings presented are not generalizable to the wider population of end-users in Vietnam due to the small sample size used in the interviews. Further quantitative studies need to measure the extent of each predictor on security compliance.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>The originality of the research stems from proposing not only stress-based but also motivating factors from the security environment on security compliance. By using qualitative approach, the study provides more insight to understand the impact of the security environments on security compliance.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-10-2014-0067","type":"journal-article","created":{"date-parts":[[2016,10,19]],"date-time":"2016-10-19T09:36:10Z","timestamp":1476869770000},"page":"326-347","source":"Crossref","is-referenced-by-count":25,"title":["Stress-based security compliance model \u2013 an exploratory study"],"prefix":"10.1108","volume":"24","author":[{"given":"Hiep-Cong","family":"Pham","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jamal","family":"El-Den","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joan","family":"Richardson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"issue":"4","key":"key2020121202284730800_ref001","doi-asserted-by":"crossref","first-page":"569","DOI":"10.1080\/08870449808407420","article-title":"From health beliefs to self-regulation: theoretical advances in the psychology of action control","volume":"13","year":"1998","journal-title":"Psychology & Health"},{"issue":"12","key":"key2020121202284730800_ref002","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1145\/322796.322806","article-title":"Users are not the enemy","volume":"42","year":"1999","journal-title":"Communications of the ACM"},{"issue":"7","key":"key2020121202284730800_ref005","article-title":"The role of personality in the job demands-resources model: a study of Australian academic staff","volume":"15","year":"2010","journal-title":"Career Development International"},{"issue":"3","key":"key2020121202284730800_ref003","doi-asserted-by":"crossref","first-page":"309","DOI":"10.1108\/02683940710733115","article-title":"The job demands-resources model: state of the art","volume":"22","year":"2007","journal-title":"Journal of Managerial Psychology"},{"issue":"4","key":"key2020121202284730800_ref004","doi-asserted-by":"crossref","first-page":"393","DOI":"10.1080\/13594320344000165","article-title":"Dual processes at work in a call centre: an application of the Job Demands-Resources Model","volume":"12","year":"2003","journal-title":"European Journal of Work and Organizational Psychology"},{"key":"key2020121202284730800_ref006","volume-title":"Self-Efficacy: The Exercise of Control","year":"1997"},{"issue":"2","key":"key2020121202284730800_ref007","article-title":"Crime and punishment: an economic approach","volume":"76","year":"1968","journal-title":"Journal of Political Economy"},{"issue":"2","key":"key2020121202284730800_ref008","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1016\/j.jbusres.2009.02.006","article-title":"Fear, guilt and shame appeals in social marketing","volume":"63","year":"2010","journal-title":"Journal of Business Research"},{"key":"key2020121202284730800_ref009","doi-asserted-by":"crossref","first-page":"336","DOI":"10.1006\/jvbe.2001.1836","article-title":"The relation between work-family conflict and job satisfaction: a finer-grained analysis","volume":"60","year":"2002","journal-title":"Journal of Vocational Behavior"},{"issue":"3","key":"key2020121202284730800_ref010","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"key":"key2020121202284730800_ref011","doi-asserted-by":"crossref","unstructured":"Colwill, C. (2009), \u201cHuman factors in information security: the insider threat - who can you trust these days?\u201d, Information Security Technical Report, Vol. 14 No. 4, pp. 186-196.","DOI":"10.1016\/j.istr.2010.04.004"},{"issue":"5","key":"key2020121202284730800_ref012","doi-asserted-by":"crossref","first-page":"1849","DOI":"10.1016\/j.chb.2012.05.003","article-title":"Information systems user security: a structured model of the knowing \u2013 doing gap","volume":"28","year":"2012","journal-title":"Computers in Human Behavior"},{"issue":"5","key":"key2020121202284730800_ref013","doi-asserted-by":"crossref","first-page":"834","DOI":"10.1037\/a0019364","article-title":"Linking job demands and resources to employee engagement and burnout: a theoretical extension and meta-analytic test","volume":"95","year":"2010","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"key2020121202284730800_ref014","first-page":"90","article-title":"Future directions for behavioral information security research","volume":"32","year":"2013","journal-title":"Computer & Security"},{"issue":"2","key":"key2020121202284730800_ref015","doi-asserted-by":"crossref","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","article-title":"Understanding employee responses to stressful information security requirements: a coping perspective","volume":"31","year":"2014","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"key2020121202284730800_ref016","doi-asserted-by":"crossref","first-page":"499","DOI":"10.1037\/0021-9010.86.3.499","article-title":"The job demands-resources model of burnout","volume":"86","year":"2001","journal-title":"Journal of Applied Psychology"},{"key":"key2020121202284730800_ref017","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1108\/13620430910933574","article-title":"Present but sick: a three-wave study on job demands, presenteeism and burnout","volume":"14","year":"2009","journal-title":"Career Development International"},{"key":"key2020121202284730800_ref019","article-title":"Information systems security governance research: a behavioral perspective","year":"2007"},{"issue":"3","key":"key2020121202284730800_ref018","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1111\/j.1365-2575.2006.00219.x","article-title":"Value-focused assessment of information system security in organizations","volume":"16","year":"2006","journal-title":"Information Systems"},{"key":"key2020121202284730800_ref020","first-page":"137","article-title":"Pretty good persuasion: a first step towards effective password security for the real world","volume-title":"The New Security Paradigms Workshop","year":"2001"},{"issue":"2","key":"key2020121202284730800_ref021","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1080\/1359432X.2011.632161","article-title":"How do job characteristics contribute to burnout? Exploring the distinct mediating roles of perceived autonomy, competence, and relatedness","volume":"22","year":"2013","journal-title":"European Journal of Work and Organizational Psychology"},{"issue":"3","key":"key2020121202284730800_ref022","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1016\/S1361-3723(12)70053-2","article-title":"Understanding the influences on information security behavior","volume":"2012","year":"2012","journal-title":"Computer Fraud & Security"},{"issue":"6","key":"key2020121202284730800_ref024","doi-asserted-by":"crossref","first-page":"320","DOI":"10.1016\/j.im.2012.08.001","article-title":"The effects of multilevel sanctions on information security violations: a mediating model","volume":"49","year":"2012","journal-title":"Information & Management"},{"issue":"2","key":"key2020121202284730800_ref025","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: a framework for security policy compliance in organisations","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"key2020121202284730800_ref026","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","article-title":"Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness","volume":"47","year":"2009","journal-title":"Decision Support Systems"},{"key":"key2020121202284730800_ref027","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1145\/1953122.1953142","article-title":"Does deterrence work in reducing information security policy abuse by employees?","volume":"54","year":"2011","journal-title":"Communications of the ACM"},{"issue":"1","key":"key2020121202284730800_ref028","first-page":"83","article-title":"Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory","volume":"31","year":"2011","journal-title":"Computers & Security"},{"issue":"2","key":"key2020121202284730800_ref029","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/S0268-4012(02)00105-6","article-title":"An integrative study of information systems security effectiveness","volume":"23","year":"2003","journal-title":"International Journal of Information Management"},{"issue":"1","key":"key2020121202284730800_ref030","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1108\/09685221011035223","article-title":"Understanding and transforming organizational security culture","volume":"18","year":"2010","journal-title":"Information Management & Computer Security"},{"issue":"6","key":"key2020121202284730800_ref031","doi-asserted-by":"crossref","first-page":"707","DOI":"10.1016\/j.im.2003.08.008","article-title":"An integrative model of computer abuse based on social control and general deterrence theories","volume":"41","year":"2004","journal-title":"Information & Management"},{"issue":"5","key":"key2020121202284730800_ref032","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1016\/0022-1031(83)90023-9","article-title":"Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change","volume":"19","year":"1983","journal-title":"Journal of Experimental Social Psychology"},{"issue":"5","key":"key2020121202284730800_ref033","doi-asserted-by":"crossref","first-page":"673","DOI":"10.1016\/j.cose.2012.04.004","article-title":"Taxonomy of compliant information security behavior","volume":"31","year":"2012","journal-title":"Computer & Security"},{"key":"key2020121202284730800_ref034","first-page":"233","article-title":"Investigating information systems with positivist case study research","volume":"13","year":"2004","journal-title":"Communications of the AIS"},{"key":"key2020121202284730800_ref035","article-title":"Human factors and information security: individual, culture and security environment","volume-title":"DSTO Defence Science and Technology Organisation","year":"2010"},{"issue":"1","key":"key2020121202284730800_ref036","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change","volume":"91","year":"1975","journal-title":"Journal of Psychology"},{"key":"key2020121202284730800_ref037","volume-title":"Research Methods for Business Students","year":"2012"},{"issue":"3","key":"key2020121202284730800_ref038","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1002\/job.248","article-title":"Job demands, job resources, and their relationship with burnout and engagement: a multi-sample study","volume":"25","year":"2004","journal-title":"Journal of Orgnizational Behavior"},{"key":"key2020121202284730800_ref039","article-title":"A critical review of job demands-resources model: Implications for improving work and health","volume-title":"Bridging Occupational, Organizational and Public Health: A Transdisciplinary Approach","year":"2014"},{"key":"key2020121202284730800_ref040","doi-asserted-by":"crossref","unstructured":"Schneier, B. (2008), \u201cThe psychology of security\u201d, available at: www.schneier.com\/essay-155.html, www.schneier.com\/essay-155.html (accessed 20 July 2013).","DOI":"10.1038\/452155b"},{"key":"key2020121202284730800_ref041","volume-title":"Basics of Qualitative Research","year":"1998"},{"issue":"5","key":"key2020121202284730800_ref042","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1016\/j.paid.2011.12.014","article-title":"Character strengths and wellbeing in adolescence: structure and correlates of the values in action inventory of strengths for children","volume":"52","year":"2012","journal-title":"Personality and Individual Differences"},{"issue":"1","key":"key2020121202284730800_ref043","doi-asserted-by":"crossref","first-page":"21","DOI":"10.4018\/joeuc.2012010102","article-title":"Is security policy violations: a rational choice perspective","volume":"24","year":"2012","journal-title":"Journal of Organizational and End User Computing"},{"issue":"3\/4","key":"key2020121202284730800_ref044","first-page":"190","article-title":"Motivating is security compliance: insights from habit and protection motivation theory","volume":"49","year":"2012","journal-title":"Information & Management"},{"issue":"2","key":"key2020121202284730800_ref045","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1037\/0022-3514.85.2.217","article-title":"Self-regulation and the extended now: controlling the self alters the subjective experience of time","volume":"85","year":"2003","journal-title":"Journal of Personality and Social Psychology"},{"key":"key2020121202284730800_ref047","article-title":"The IT security adoption conundrum: an initial step towards validation of applicable measures","year":"2007"},{"issue":"2","key":"key2020121202284730800_ref046","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1057\/ejis.2009.12","article-title":"Behavioral and policy issues in information systems security: the insider threat","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"key2020121202284730800_ref048","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1145\/1330311.1330320","article-title":"The psychology of security: why do good users make bad decisions?","volume":"51","year":"2008","journal-title":"Communications of the ACM"},{"issue":"2","key":"key2020121202284730800_ref049","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1037\/1072-5245.14.2.121","article-title":"The role of personal resources in the job demands-resources model","volume":"14","year":"2007","journal-title":"International Journal of Stress Management"},{"key":"key2020121202284730800_ref050","volume-title":"Case study research: Design and Methods","year":"2009"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-10-2014-0067","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0067\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0067\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:14Z","timestamp":1753406594000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/4\/326-347\/107828"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,10]]},"references-count":49,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,10,10]]}},"alternative-id":["10.1108\/ICS-10-2014-0067"],"URL":"https:\/\/doi.org\/10.1108\/ics-10-2014-0067","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2016,10,10]]}}}