{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T12:08:54Z","timestamp":1773922134239,"version":"3.50.1"},"reference-count":48,"publisher":"Elsevier BV","issue":"2","license":[{"start":{"date-parts":[[2017,12,1]],"date-time":"2017-12-01T00:00:00Z","timestamp":1512086400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2017,12,1]],"date-time":"2017-12-01T00:00:00Z","timestamp":1512086400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2017,12,29]],"date-time":"2017-12-29T00:00:00Z","timestamp":1514505600000},"content-version":"vor","delay-in-days":28,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["71473182"],"award-info":[{"award-number":["71473182"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Data and Information Management"],"published-print":{"date-parts":[[2017,12]]},"DOI":"10.1515\/dim-2017-0006","type":"journal-article","created":{"date-parts":[[2018,1,14]],"date-time":"2018-01-14T17:15:57Z","timestamp":1515950157000},"page":"104-114","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":15,"title":["Information Security Compliance in Organizations: An Institutional Perspective"],"prefix":"10.1016","volume":"1","author":[{"given":"Ahmed","family":"AlKalbani","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hepu","family":"Deng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Booi","family":"Kam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaojuan","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1515\/dim-2017-0006_bib001","series-title":"Proceedings of the 26thAustralasian Conference on Information Systems (ACIS 2015)","first-page":"1","article-title":"Investigating the role of socio-organizational factors in the information security compliance in organizations","author":"Al-Kalbani","year":"2015"},{"key":"10.1515\/dim-2017-0006_bib002","series-title":"Proceedings of the 19th Pacific Asia Conference on Information Systems (PACIS 2015)","first-page":"1","article-title":"Organisational security culture and information security compliance for e-government development: the moderating effect of social pressure","author":"Al-Kelbani","year":"2015"},{"key":"10.1515\/dim-2017-0006_bib003","series-title":"Proceedings of the 25th Australasian Conference on Information Systems (ACIS 2014)","first-page":"1","article-title":"A Conceptual Framework for Information Security in Public Organizations for E-Government Development","author":"Al-Kalbani","year":"2014"},{"key":"10.1515\/dim-2017-0006_bib004","series-title":"Proceedings of the Amercian Confernece on Information Systems","first-page":"252","article-title":"HIPAA Compliance: An Institutional Theory Perspective","author":"Appari","year":"2009"},{"key":"10.1515\/dim-2017-0006_bib005","series-title":"Icis 2007","first-page":"103","article-title":"The Last Line of Defense: Motivating Employees to Follow Corporate Security Guidelines. International Conference on Information Systems","author":"Kirsch","year":"2007"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib006","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib007","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1046\/j.1365-2575.2003.00151.x","article-title":"An Institutional Perspective on Developing and Implementing Intranet-and Internet-Based Information Systems","volume":"13","author":"Butler","year":"2003","journal-title":"Information Systems Journal"},{"key":"10.1515\/dim-2017-0006_bib008","series-title":"Structural Equation Modeling with AMOS: Basic Concepts, Applications, and Programming","author":"Byrne","year":"2013"},{"issue":"4","key":"10.1515\/dim-2017-0006_bib009","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1016\/j.im.2014.12.004","article-title":"Institutional pressures in security management: direct and indirect influences on organizational investment in information security control resources","volume":"52","author":"Cavusoglu","year":"2015","journal-title":"Information & Management"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib010","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1016\/S0361-3682(03)00013-8","article-title":"Implementing Performance Measurement Innovations: Evidence from Government","volume":"29","author":"Cavalluzzo","year":"2004","journal-title":"Accounting, Organizations and Society"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib011","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1177\/0266242606061834","article-title":"Institutional forces: the invisible hand that shapes venture ideas?","volume":"24","author":"Davidsson","year":"2006","journal-title":"International Small Business Journal"},{"issue":"10","key":"10.1515\/dim-2017-0006_bib012","doi-asserted-by":"crossref","first-page":"1027","DOI":"10.1002\/smj.701","article-title":"Organizational responses to environmental demands: opening the black box","volume":"29","author":"Delmas","year":"2008","journal-title":"Strategic Management Journal"},{"issue":"3\/4","key":"10.1515\/dim-2017-0006_bib013","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1108\/01409171211210172","article-title":"Evaluating the critical determinants for adopting e-market in australian small-and-medium sized enterprises","volume":"35","author":"Duan","year":"2012","journal-title":"Management Research Review"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib014","doi-asserted-by":"crossref","first-page":"147","DOI":"10.2307\/2095101","article-title":"The Iron Cage Revisited: Collective Rationality and Institutional Isomorphism in Organizational Fields","volume":"48","author":"DiMaggio","year":"1983","journal-title":"American Sociological Review"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib015","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1504\/IJSMM.2009.028798","article-title":"Institutional Pressures, Government Funding and Provincial Sport Organisations","volume":"6","author":"Edwards","year":"2009","journal-title":"International Journal of Sport Management and Marketing"},{"key":"10.1515\/dim-2017-0006_bib016","series-title":"Handbook of Research on Information Security and Assurance","first-page":"1","author":"Gupta","year":"2009"},{"key":"10.1515\/dim-2017-0006_bib017","series-title":"Multivariate Data Analysis: A Global Perspective","author":"Hair","year":"2010"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib018","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib019","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1016\/j.im.2011.12.005","article-title":"Does Culture Really Matter? A Cross-Cultural Analysis of Security Countermeasure Effectiveness based on Deterrence Theory","volume":"49","author":"Hovav","year":"2012","journal-title":"Information & Management"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib020","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1016\/j.jsis.2007.05.004","article-title":"The Role of External and Internal Influences on Information Systems Security \u2013 A Neo-Institutional Perspective,\u201d","volume":"16","author":"Hu","year":"2007","journal-title":"The Journal of Strategic Information Systems"},{"issue":"1","key":"10.1515\/dim-2017-0006_bib021","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.im.2013.10.001","article-title":"Information Systems Security Policy Compliance: An Empirical Study of the Effects of Socialization, Influence, and Cognition","volume":"51","author":"Ifinedo","year":"2013","journal-title":"Information & Management"},{"key":"10.1515\/dim-2017-0006_bib022","author":"Information Security Compliance (ISC)"},{"key":"10.1515\/dim-2017-0006_bib023","series-title":"Computational Intelligence and Security: International Conference, CIS 2006. Guangzhou, China, November 3-6, 2006. Revised Selected Papers Berlin, Heidelberg","first-page":"833","article-title":"Senior Executives Commitment to Information Security \u2013 from Motivation to Responsibility","author":"Kajava","year":"2007"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib024","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/S0268-4012(02)00105-6","article-title":"An Integrative Study of Information Systems Security Effectiveness","volume":"23","author":"Kankanhalli","year":"2003","journal-title":"International Journal of Information Management"},{"key":"10.1515\/dim-2017-0006_bib025","first-page":"271","article-title":"Information Security Policy Compliance in Higher Education: A Neo-Institutional Perspective","volume":"52","author":"Kam","year":"2013","journal-title":"Proceedings of Pacific Asia Conference on Information Systems (PACIS) 2013"},{"key":"10.1515\/dim-2017-0006_bib026","series-title":"Proceedings of the 20th Australasian Conference on Information Systems","article-title":"A Conceptual Framework for Evaluating the Public Value of E-Government: A Case Study from Sri Lanka","author":"Karunasena","year":"2009"},{"key":"10.1515\/dim-2017-0006_bib027","series-title":"Proceedings of the Amercian Confernece on Information Systems","first-page":"180","article-title":"The Influence of Regulations on Innovation in Information Security","author":"Khansa","year":"2007"},{"issue":"4","key":"10.1515\/dim-2017-0006_bib028","doi-asserted-by":"crossref","first-page":"209","DOI":"10.14400\/JDC.2016.14.4.209","article-title":"A Study on Employee's Compliance Behavior towards Information Security Policy: A Modified Triandis Model","volume":"14","author":"Kim","year":"2016","journal-title":"Journal of Digital Convergence"},{"issue":"1","key":"10.1515\/dim-2017-0006_bib029","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1108\/09685220610648355","article-title":"Information Security: Management's Effect on Culture and Policy","volume":"14","author":"Knapp","year":"2006","journal-title":"Information Management & Computer Security"},{"key":"10.1515\/dim-2017-0006_bib030","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/j.cose.2012.07.001","article-title":"Organizational Power and Information Security Rule Compliance","volume":"33","author":"Kolkowska","year":"2012","journal-title":"Computers & Security"},{"key":"10.1515\/dim-2017-0006_bib031","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1016\/j.cose.2016.02.004","article-title":"Understanding Information Security Stress: Focusing on the Type of Information Security Compliance Activity","volume":"59","author":"Lee","year":"2016","journal-title":"Computers & Security"},{"issue":"1","key":"10.1515\/dim-2017-0006_bib032","doi-asserted-by":"crossref","first-page":"59","DOI":"10.2307\/25148781","article-title":"Assimilation of Enterprise Systems: the Effect of Institutional Pressures and the Mediating Role of Top Management","volume":"31","author":"Liang","year":"2007","journal-title":"MIS quarterly"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib033","doi-asserted-by":"crossref","first-page":"329","DOI":"10.1016\/j.giq.2010.08.007","article-title":"Using Institutional Theory and Dynamic Simulation to Understand Complex E-Government Phenomena","volume":"28","author":"Luna-Reyes","year":"2011","journal-title":"Government Information Quarterly"},{"key":"10.1515\/dim-2017-0006_bib034","series-title":"Proceedings of the 40th Annual Hawaii International Conference on Systems Science","article-title":"Employees' Behavior towards IS Security Policy Compliance","author":"Pahnila","year":"2007"},{"key":"10.1515\/dim-2017-0006_bib035","unstructured":"Reddy, D. S., & Rao, S. V. (2016). Cybersecurity skills: The moderating role in the relationship between cybersecurity awareness and compliance. In AMCIS 2016: Surfing the IT Innovation Wave - 22nd American Conference on Information Systems Association for Information Systems."},{"key":"10.1515\/dim-2017-0006_bib036","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1016\/j.cose.2015.10.006","article-title":"Information Security Policy Compliance Model in Organizations","volume":"56","author":"Safa","year":"2016","journal-title":"computers & security"},{"key":"10.1515\/dim-2017-0006_bib037","series-title":"Institutions and Organizations: Ideas, Interests, and Identities","author":"Scott","year":"2013"},{"issue":"5","key":"10.1515\/dim-2017-0006_bib038","first-page":"67","article-title":"The influence of organizational culture on employee attitudes towards information security policy","volume":"10","author":"Shaw","year":"2012","journal-title":"Dissertations & Theses - Gradworks"},{"key":"10.1515\/dim-2017-0006_bib039","series-title":"New Approaches for Security, Privacy and Trust in Complex Environments","first-page":"133","article-title":"Employees' Adherence to Information Security Policies: An Empirical Study","author":"Siponen","year":"2007"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib040","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1109\/MC.2010.35","article-title":"Compliance with Information Security Policies: An Empirical Investigation","volume":"43","author":"Siponen","year":"2010","journal-title":"Computer"},{"issue":"2","key":"10.1515\/dim-2017-0006_bib041","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1201\/1078.10580530\/45925.23.2.20060301\/92671.4","article-title":"Determining Key Factors in E-Government Information System Security","volume":"23","author":"Smith","year":"2006","journal-title":"Information Systems Management"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib042","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1016\/j.accinf.2012.06.007","article-title":"The Relationship between Internal Audit and Information Security: An Exploratory Investigation","volume":"13","author":"Steinbart","year":"2012","journal-title":"International Journal of Accounting Information Systems"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib043","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/jcec.2007070101","article-title":"Generating Citizen Trust in E-Government Security: Challenging Perceptions","volume":"3","author":"Tassabehji","year":"2007","journal-title":"International Journal of Cases on Electronic Commerce"},{"key":"10.1515\/dim-2017-0006_bib044","series-title":"IEEE International Conference on Trust, Security and Privacy in Computing and Communications 8","first-page":"1587","article-title":"Towards Building an Automated Security Compliance Tool for the Cloud","author":"Ullah","year":"2013"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib045","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1016\/j.im.2012.04.002","article-title":"Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory","volume":"49","author":"Vance","year":"2012","journal-title":"Information & Management"},{"issue":"6","key":"10.1515\/dim-2017-0006_bib046","doi-asserted-by":"crossref","first-page":"443","DOI":"10.1016\/j.cose.2005.07.003","article-title":"Information Security Governance \u2013 Compliance Management vs Operational Management","volume":"24","author":"Von Solms","year":"2005","journal-title":"Computers & Security"},{"issue":"3","key":"10.1515\/dim-2017-0006_bib047","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1057\/ejis.2010.72","article-title":"The Influence of the Informal Social Learning Environment on Information Privacy Policy Compliance Efficacy and Intention","volume":"20","author":"Warkentin","year":"2011","journal-title":"European Journal of Information Systems"},{"issue":"5","key":"10.1515\/dim-2017-0006_bib048","doi-asserted-by":"crossref","first-page":"548","DOI":"10.1108\/17410390510624007","article-title":"Exploring Stakeholders' Expectations of the Benefits and Barriers of E-Government Knowledge Sharing","volume":"18","author":"Zhang","year":"2005","journal-title":"Journal of Enterprise Information Management"}],"container-title":["Data and Information Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/content.sciendo.com\/view\/journals\/dim\/1\/2\/article-p104.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2543925122000924?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2543925122000924?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/article\/10.1515\/dim-2017-0006","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,11]],"date-time":"2025-11-11T15:19:45Z","timestamp":1762874385000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2543925122000924"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12]]},"references-count":48,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2017,12]]}},"alternative-id":["S2543925122000924"],"URL":"https:\/\/doi.org\/10.1515\/dim-2017-0006","relation":{},"ISSN":["2543-9251"],"issn-type":[{"value":"2543-9251","type":"print"}],"subject":[],"published":{"date-parts":[[2017,12]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Information Security Compliance in Organizations: An Institutional Perspective","name":"articletitle","label":"Article Title"},{"value":"Data and Information Management","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1515\/dim-2017-0006","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"Copyright \u00a9 2017 \u00a9 2017 Ahmed AlKalbani et al. Published by Elsevier Ltd","name":"copyright","label":"Copyright"}]}}