{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T11:41:27Z","timestamp":1769514087097,"version":"3.49.0"},"reference-count":77,"publisher":"American Accounting Association","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,3,1]]},"abstract":"ABSTRACT<\/jats:title>\n The ever-increasing number of security incidents underscores the need to understand the key determinants of an effective information security program. Research that addresses this topic requires objective measures, such as number of incidents, vulnerabilities, and non-compliance issues, as indicators of the effectiveness of an organization's information security activities. However, these measures are not readily available to researchers. While some research has used subjective assessments as a surrogate for objective security measures, such an approach raises questions about scope and reliability. To remedy these deficiencies, this study uses the COBIT Version 4.1 Maturity Model Rubrics to develop an instrument (SECURQUAL) that obtains an objective measure of the effectiveness of enterprise information security programs. We show that SECURQUAL scores reliably predict objective measures of information security program effectiveness. Future research might use the instrument as a surrogate effectiveness measure that avoids asking respondents to disclose sensitive information about information security incidents and vulnerabilities.<\/jats:p>","DOI":"10.2308\/isys-51257","type":"journal-article","created":{"date-parts":[[2015,10,1]],"date-time":"2015-10-01T09:40:22Z","timestamp":1443692422000},"page":"71-92","source":"Crossref","is-referenced-by-count":19,"title":["SECURQUAL: An Instrument for Evaluating the Effectiveness of Enterprise Information Security Programs"],"prefix":"10.2308","volume":"30","author":[{"given":"Paul John","family":"Steinbart","sequence":"first","affiliation":[{"name":"Arizona State University"}]},{"given":"Robyn L.","family":"Raschke","sequence":"additional","affiliation":[{"name":"University of Nevada, Las Vegas"}]},{"given":"Graham","family":"Gal","sequence":"additional","affiliation":[{"name":"University of Massachusetts Amherst"}]},{"given":"William N.","family":"Dilla","sequence":"additional","affiliation":[{"name":"Iowa State University"}]}],"member":"1112","published-online":{"date-parts":[[2015,8,1]]},"reference":[{"key":"2024082915303578500_i1558-7959-30-1-71-Boritz1","article-title":"IT Control Weaknesses, IT Governance and Firm Performance","author":"Boritz","year":"2008","journal-title":"CAAA"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Bulgurcu1","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security compliance: An empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"key":"2024082915303578500_i1558-7959-30-1-71-Campbell1","doi-asserted-by":"crossref","DOI":"10.3233\/JCS-2003-11308","article-title":"The economic cost of publicly announced information security breaches: Empirical evidence from the stock market","author":"Campbell","year":"2003","journal-title":"Journal of Computer Security"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Carter1","doi-asserted-by":"crossref","first-page":"39","DOI":"10.4018\/joeuc.2012040103","article-title":"The impact of information technology internal controls on firm performance","volume":"24","author":"Carter","year":"2012","journal-title":"Journal of Organizational and End User Computing"},{"issue":"1","key":"2024082915303578500_i1558-7959-30-1-71-Cavusoglu1","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1080\/10864415.2004.11044320","article-title":"The effect of Internet security breach announcements on market value of breached firms and Internet security developers","volume":"9","author":"Cavusoglu","year":"2004","journal-title":"International Journal of Electronic Commerce"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Cavusoglu2","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1287\/isre.1080.0180","article-title":"Configuration of and interaction between security technologies: The case of firewalls and intrusion detection systems","volume":"20","author":"Cavusoglu","year":"2009","journal-title":"Information Systems Research"},{"key":"2024082915303578500_i1558-7959-30-1-71-Cenfetelli1","doi-asserted-by":"crossref","DOI":"10.2307\/20650323","article-title":"Interpretation of formative measurement in information systems research","author":"Cenfetelli","year":"2009","journal-title":"MIS Quarterly"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Chang1","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1108\/02635570610653498","article-title":"Organizational factors to the effectiveness of implementing information security management","volume":"106","author":"Chang","year":"2006","journal-title":"Industrial Management & Data Systems"},{"key":"2024082915303578500_i1558-7959-30-1-71-Chapin1","article-title":"How can security be measured?","author":"Chapin","year":"2005","journal-title":"Information Systems Control Journal"},{"key":"2024082915303578500_i1558-7959-30-1-71-CommitteeofSponsoringOrganizationsoftheTreadwayCommissionCOSO1","unstructured":"Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2013. Internal Control\u2014Integrated Framework: Executive Summary. Available at: http:\/\/www.coso.org\/documents\/990025P_Executive_Summary_final_may20_e.pdf"},{"issue":"1","key":"2024082915303578500_i1558-7959-30-1-71-DArcy1","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach","volume":"20","author":"D'Arcy","year":"2009","journal-title":"Information Systems Research"},{"issue":"1","key":"2024082915303578500_i1558-7959-30-1-71-Debreceny1","doi-asserted-by":"crossref","first-page":"157","DOI":"10.2308\/isys-50418","article-title":"IT governance and process maturity: A multinational field study","volume":"27","author":"Debreceny","year":"2013","journal-title":"Journal of Information Systems"},{"key":"2024082915303578500_i1558-7959-30-1-71-Dhillon1","article-title":"Identifying governance dimensions to evaluate information systems security in organizations","author":"Dhillon","year":"2007","journal-title":"Proceedings of the 40th Hawaii International Conference on Systems Sciences"},{"key":"2024082915303578500_i1558-7959-30-1-71-Fritz1","article-title":"Sony pulls Korea film \u201cThe Interview\u201d; U.S. blames Pyongyang for hack","author":"Fritz","year":"2014","journal-title":"Wall Street Journal"},{"issue":"9","key":"2024082915303578500_i1558-7959-30-1-71-Goldstein1","doi-asserted-by":"crossref","first-page":"606","DOI":"10.17705\/1jais.00275","article-title":"An event study analysis of the economic impact of IT operational risk and its subcategories","volume":"12","author":"Goldstein","year":"2011","journal-title":"Journal of the Association for Information Systems"},{"issue":"4","key":"2024082915303578500_i1558-7959-30-1-71-Gordon1","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","author":"Gordon","year":"2002","journal-title":"ACM Transactions on Information Systems Security"},{"key":"2024082915303578500_i1558-7959-30-1-71-Gordon2","doi-asserted-by":"crossref","DOI":"10.2307\/25750692","article-title":"Market value of voluntary disclosures concerning information security","author":"Gordon","year":"2010","journal-title":"MIS Quarterly"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Guo1","doi-asserted-by":"crossref","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","article-title":"Understanding non-malicious security violations in the workplace: A complete behavior model","volume":"28","author":"Guo","year":"2011","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"2024082915303578500_i1558-7959-30-1-71-Hagen1","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1108\/09685220810908796","article-title":"Implementation and effectiveness of organizational information security measures","volume":"16","author":"Hagen","year":"2008","journal-title":"Information Management and Computer Security"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Hair","doi-asserted-by":"crossref","first-page":"139","DOI":"10.2753\/MTP1069-6679190202","article-title":"PLS-SEM: Indeed a silver bullet","volume":"19","author":"Hair","year":"2011","journal-title":"Journal of Marketing Theory and Practice"},{"key":"2024082915303578500_i1558-7959-30-1-71-Haislip1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.accinf.2015.01.002","article-title":"External reputational penalties for CEOs and CFOs following information technology material weaknesses","volume":"17","author":"Haislip","year":"2015","journal-title":"International Journal of Accounting Information Systems"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Herath1","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: A framework for security compliance in organizations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"5","key":"2024082915303578500_i1558-7959-30-1-71-Hong1","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1108\/09685220310500153","article-title":"An integrated system theory of information security management","volume":"11","author":"Hong","year":"2003","journal-title":"Information Management and Computer Security"},{"key":"2024082915303578500_i1558-7959-30-1-71-Iheagwara1","article-title":"The effect of intrusion detection management methods on the return on investment","author":"Iheagwara","year":"2004","journal-title":"Computer Security"},{"key":"2024082915303578500_i1558-7959-30-1-71-InstituteofInternalAuditorsIIA1","unstructured":"Institute of Internal Auditors (IIA). 2005. Change and Patch Management Controls: Critical for Organizational Success. Altamonte Springs, FL: IIA."},{"key":"2024082915303578500_i1558-7959-30-1-71-InstituteofInternalAuditorsIIA2","article-title":"The Three Lines of Defense in Effective Risk Management and Control","author":"Institute of Internal Auditors (IIA)","year":"2013","journal-title":"Position paper"},{"key":"2024082915303578500_i1558-7959-30-1-71-ISACA1","unstructured":"ISACA. 2012a. COBIT 5\u2014A Business Framework for the Governance and Management of Enterprise IT. Rolling Meadows, IL: ISACA."},{"key":"2024082915303578500_i1558-7959-30-1-71-ISACA2","unstructured":"ISACA. 2012b. COBIT 5\u2014Enabling Processes. Rolling Meadows, IL: ISACA."},{"key":"2024082915303578500_i1558-7959-30-1-71-ISACA3","unstructured":"ISACA. 2012c. COBIT for Information Security. Rolling Meadows, IL: ISACA."},{"key":"2024082915303578500_i1558-7959-30-1-71-ITGovernanceInstitute1","unstructured":"IT Governance Institute. 2006. IT Control Objectives for Sarbanes-Oxley: The Role of IT in the Design and Implementation of Internal Control over Financial Reporting. 2nd edition. Framework, 32. Rolling Meadows, IL: IT Governance Institute."},{"key":"2024082915303578500_i1558-7959-30-1-71-ITGovernanceInstitute2","unstructured":"IT Governance Institute. 2007. Control Objectives for Information and Related Technology, 4.1. Rolling Meadows, IL: IT Governance Institute."},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Jarvis1","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1086\/376806","article-title":"A critical review of construct indicators and measurement model misspecification in marketing and consumer research","volume":"30","author":"Jarvis","year":"2003","journal-title":"Journal of Consumer Research"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Johnston1","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear appeals and information security behavior: An empirical study","volume":"34","author":"Johnston","year":"2010","journal-title":"MIS Quarterly"},{"key":"2024082915303578500_i1558-7959-30-1-71-Kankanhalli1","doi-asserted-by":"crossref","DOI":"10.1016\/S0268-4012(02)00105-6","article-title":"An integrative study of information systems security effectiveness","author":"Kankanhalli","year":"2003","journal-title":"International Journal of Information Management"},{"key":"2024082915303578500_i1558-7959-30-1-71-Kerr1","doi-asserted-by":"crossref","DOI":"10.1016\/j.im.2013.07.012","article-title":"The importance of the COBIT framework IT processes for effective internal control over financial reporting in organizations: An international survey","author":"Kerr","year":"2013","journal-title":"Information & Management"},{"key":"2024082915303578500_i1558-7959-30-1-71-King1","article-title":"Cybersecurity at Aetna is a matter of business risk","author":"King","year":"2015","journal-title":"Wall Street Journal"},{"issue":"5","key":"2024082915303578500_i1558-7959-30-1-71-Kotulic1","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1016\/j.im.2003.08.001","article-title":"Why there aren't more information security research studies","volume":"41","author":"Kotulic","year":"2004","journal-title":"Information & Management"},{"key":"2024082915303578500_i1558-7959-30-1-71-Kumar1","doi-asserted-by":"crossref","DOI":"10.2753\/MIS0742-1222250210","article-title":"Understanding the value of countermeasure portfolios in information security","author":"Kumar","year":"2008","journal-title":"Journal of Management Information Systems"},{"key":"2024082915303578500_i1558-7959-30-1-71-Kurane1","article-title":"Health insurer Anthem hit by massive cybersecurity breach","author":"Kurane","year":"2015","journal-title":"Reuters US Edition"},{"issue":"1","key":"2024082915303578500_i1558-7959-30-1-71-Li1","doi-asserted-by":"crossref","first-page":"179","DOI":"10.2307\/41410413","article-title":"The consequences of information technology control weaknesses on management information systems: The case of Sarbanes-Oxley internal control reports","volume":"36","author":"Li","year":"2012","journal-title":"MIS Quarterly"},{"issue":"4","key":"2024082915303578500_i1558-7959-30-1-71-MacKenzie1","doi-asserted-by":"crossref","first-page":"710","DOI":"10.1037\/0021-9010.90.4.710","article-title":"The problem of measurement model misspecification in behavioral and organizational research and some recommended solutions","volume":"90","author":"MacKenzie","year":"2005","journal-title":"Journal of Applied Psychology"},{"key":"2024082915303578500_i1558-7959-30-1-71-MacKenzie2","doi-asserted-by":"crossref","DOI":"10.2307\/23044045","article-title":"Construct measurement and validation procedures in MIS and behavioral research: Integrating new and existing techniques","author":"MacKenzie","year":"2011","journal-title":"MIS Quarterly"},{"key":"2024082915303578500_i1558-7959-30-1-71-Melancon1","article-title":"Security controls that work","author":"Melancon","year":"2007","journal-title":"Information Systems Control Journal"},{"key":"2024082915303578500_i1558-7959-30-1-71-Mishra1","unstructured":"Mishra, S., and G. Dhillon. \n 2006. Information systems security governance research: A behavioral perspective. Proceedings of the 1st Annual Symposium on Information Assurance, Academic Track of 9th Annual NYS Cyber Security Conference, New York, NY."},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Moore1","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1287\/isre.2.3.192","article-title":"Development of an instrument to measure the perceptions of adopting an information technology innovation","volume":"2","author":"Moore","year":"1991","journal-title":"Information Systems Research"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Ngai1","doi-asserted-by":"crossref","first-page":"559","DOI":"10.1016\/j.dss.2010.08.006","article-title":"The application of data mining techniques in financial fraud detection: A classification framework and an academic review of literature","volume":"50","author":"Ngai","year":"2011","journal-title":"Decision Support Systems"},{"key":"2024082915303578500_i1558-7959-30-1-71-NIST","article-title":"Security and Privacy Controls for Federal Information Systems and Organizations","author":"National Institute of Standards and Technology (NIST)","year":"2013","journal-title":"NIST Special Publication"},{"key":"2024082915303578500_i1558-7959-30-1-71-Petter1","doi-asserted-by":"crossref","DOI":"10.2307\/25148814","article-title":"Specifying formative constructs in information systems research","author":"Petter","year":"2007","journal-title":"MIS Quarterly"},{"key":"2024082915303578500_i1558-7959-30-1-71-PricewaterhouseCoopers1","article-title":"10Minutes on the stark realities of cybersecurity","author":"PricewaterhouseCoopers","year":"2013","journal-title":"April"},{"key":"2024082915303578500_i1558-7959-30-1-71-PublicCompanyAccountingOversightBoardPCAOB1","unstructured":"Public Company Accounting Oversight Board (PCAOB). 2007. An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements. Auditing Standard No. 5. Washington, DC: PCAOB."},{"issue":"4","key":"2024082915303578500_i1558-7959-30-1-71-Puhakainen1","doi-asserted-by":"crossref","first-page":"757","DOI":"10.2307\/25750704","article-title":"Improving employees' compliance through information systems security training: An action research study","volume":"34","author":"Puhakainen","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"2024082915303578500_i1558-7959-30-1-71-Ransbotham1","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1287\/isre.1080.0174","article-title":"Choice and chance: A conceptual model of paths to information security compromise","volume":"20","author":"Ransbotham","year":"2009","journal-title":"Information Systems Research"},{"key":"2024082915303578500_i1558-7959-30-1-71-Ross1","article-title":"Modeling resiliency","author":"Ross","year":"2004","journal-title":"ISACA Journal"},{"key":"2024082915303578500_i1558-7959-30-1-71-Ross2","article-title":"Information security and the resilient enterprise","author":"Ross","year":"2005","journal-title":"ISACA Journal"},{"key":"2024082915303578500_i1558-7959-30-1-71-Sidel1","article-title":"Apple Pay sign-ups get tougher as banks respond to fraud","author":"Sidel","year":"2015","journal-title":"Wall Street Journal"},{"key":"2024082915303578500_i1558-7959-30-1-71-Singleton1","article-title":"The minimum IT controls to assess in a financial audit (Part I)","author":"Singleton","year":"2010","journal-title":"ISACA Journal"},{"key":"2024082915303578500_i1558-7959-30-1-71-Singleton2","article-title":"The minimum IT controls to assess in a financial audit (Part II)","author":"Singleton","year":"2010","journal-title":"ISACA Journal"},{"issue":"8","key":"2024082915303578500_i1558-7959-30-1-71-Siponen1","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1145\/1145287.1145316","article-title":"Information security standards focus on the existence of the process, not its content","volume":"49","author":"Siponen","year":"2006","journal-title":"Communications of the ACM"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Siponen2","doi-asserted-by":"crossref","first-page":"487","DOI":"10.2307\/25750688","article-title":"Neutralization: New insights into the problem of employee information systems security policy violations","volume":"34","author":"Siponen","year":"2010","journal-title":"MIS Quarterly"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Spears1","doi-asserted-by":"crossref","first-page":"503","DOI":"10.2307\/25750689","article-title":"User participation in information systems security risk management","volume":"34","author":"Spears","year":"2010","journal-title":"MIS Quarterly"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Steinbart1","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1016\/j.accinf.2012.06.007","article-title":"The relationship between internal audit and information security: An exploratory investigation","volume":"13","author":"Steinbart","year":"2012","journal-title":"International Journal of Accounting Information Systems"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Steinbart2","doi-asserted-by":"crossref","first-page":"65","DOI":"10.2308\/isys-50510","article-title":"Information security professionals' perceptions about the relationship between the information security and internal audit functions","volume":"27","author":"Steinbart","year":"2013","journal-title":"Journal of Information Systems"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Straub1","doi-asserted-by":"crossref","first-page":"147","DOI":"10.2307\/248922","article-title":"Validating instruments in MIS research","volume":"13","author":"Straub","year":"1989","journal-title":"MIS Quarterly"},{"issue":"3","key":"2024082915303578500_i1558-7959-30-1-71-Straub2","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1287\/isre.1.3.255","article-title":"Effective IS security: An empirical study","volume":"1","author":"Straub","year":"1990","journal-title":"Information Systems Research"},{"issue":"4","key":"2024082915303578500_i1558-7959-30-1-71-Straub3","doi-asserted-by":"crossref","first-page":"441","DOI":"10.2307\/249551","article-title":"Coping with systems risks: Security planning models for management decision making","volume":"22","author":"Straub","year":"1998","journal-title":"MIS Quarterly"},{"key":"2024082915303578500_i1558-7959-30-1-71-Trull1","article-title":"Security through effective penetration testing","author":"Trull","year":"2012","journal-title":"ISACA Journal"},{"key":"2024082915303578500_i1558-7959-30-1-71-Tuttle1","doi-asserted-by":"crossref","DOI":"10.1016\/j.accinf.2007.09.001","article-title":"An empirical examination of COBIT as an internal control framework for information technology","author":"Tuttle","year":"2007","journal-title":"International Journal of Accounting Information Systems"},{"key":"2024082915303578500_i1558-7959-30-1-71-U.S.HouseofRepresentatives1","unstructured":"U.S. House of Representatives. 2002. The Sarbanes-Oxley Act of 2002. Public Law 107-204 [H.R. 3763]. Washington, D.C.: Government Printing Office."},{"key":"2024082915303578500_i1558-7959-30-1-71-Veiga1","article-title":"A framework and assessment instrument for information security culture","author":"Veiga","year":"2010","journal-title":"Computers and Security"},{"key":"2024082915303578500_i1558-7959-30-1-71-Verizon1","unstructured":"Verizon. 2014. Data Breach Investigations Report. Available at: http:\/\/www.verizonenterprise.com\/DBIR\/2014\/"},{"key":"2024082915303578500_i1558-7959-30-1-71-Verizon2","unstructured":"Verizon. 2015. Data Breach Investigations Report. Available at: http:\/\/www.verizonenterprise.com\/DBIR\/2015\/"},{"key":"2024082915303578500_i1558-7959-30-1-71-vonSolms1","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2004.01.013","article-title":"From policies to culture","author":"von Solms","year":"2004","journal-title":"Computers and Security"},{"issue":"1","key":"2024082915303578500_i1558-7959-30-1-71-Wang1","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1287\/isre.1070.0143","article-title":"A value-at-risk approach to information security investment","volume":"19","author":"Wang","year":"2008","journal-title":"Information Systems Research"},{"issue":"2","key":"2024082915303578500_i1558-7959-30-1-71-Wang2","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1287\/isre.1120.0437","article-title":"The association between the disclosure and the realization of information security risk factors","volume":"24","author":"Wang","year":"2013","journal-title":"Information Systems Research"},{"issue":"4","key":"2024082915303578500_i1558-7959-30-1-71-West1","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1145\/1330311.1330320","article-title":"The psychology of security","volume":"51","author":"West","year":"2008","journal-title":"Communications of the ACM"},{"key":"2024082915303578500_i1558-7959-30-1-71-Williams1","article-title":"The 5 biggest data breaches of 2014 (so far)","author":"Williams","year":"2014","journal-title":"PC World"},{"key":"2024082915303578500_i1558-7959-30-1-71-Willison1","doi-asserted-by":"crossref","DOI":"10.25300\/MISQ\/2013\/37.1.01","article-title":"Beyond deterrence: An expanded view of employee computer abuse","author":"Willison","year":"2013","journal-title":"MIS Quarterly"}],"container-title":["Journal of Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/30\/1\/71\/8654\/isys-51257.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/30\/1\/71\/8654\/isys-51257.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T17:07:16Z","timestamp":1724951236000},"score":1,"resource":{"primary":{"URL":"https:\/\/publications.aaahq.org\/jis\/article\/30\/1\/71\/1079\/SECURQUAL-An-Instrument-for-Evaluating-the"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,8,1]]},"references-count":77,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2015,8,1]]},"published-print":{"date-parts":[[2016,3,1]]}},"URL":"https:\/\/doi.org\/10.2308\/isys-51257","relation":{},"ISSN":["1558-7959","0888-7985"],"issn-type":[{"value":"1558-7959","type":"electronic"},{"value":"0888-7985","type":"print"}],"subject":[],"published":{"date-parts":[[2015,8,1]]}}}