{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T00:25:09Z","timestamp":1773447909669,"version":"3.50.1"},"reference-count":91,"publisher":"American Accounting Association","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,9,1]]},"abstract":"<jats:title>ABSTRACT<\/jats:title>\n               <jats:p>The possibility of noncompliant behavior is a challenge for cybersecurity professionals and their auditors as they try to estimate residual control risk. Building on the recently proposed InfoSec Process Action Model (IPAM), this work explores how nontechnical assessments and interventions can indicate and reduce the likelihood of risky individual behavior. The multi-stage approach seeks to bridge the well-known gap between intent and action. In a strong password creation experiment involving 229 participants, IPAM constructs resulted in a marked increase in R2 for initiating compliance behavior with control expectations from 47 percent to 60 percent. Importantly, the model constructs offer measurable indications despite practical limitations on organizations' ability to assess problematic individual password behavior. A threefold increase in one measure of strong password behavior suggested the process positively impacted individual cybersecurity behavior. The results suggest that the process-nuanced IPAM approach is promising both for assessing and impacting security compliance behavior.<\/jats:p>","DOI":"10.2308\/isys-52381","type":"journal-article","created":{"date-parts":[[2019,2,5]],"date-time":"2019-02-05T19:49:36Z","timestamp":1549396176000},"page":"201-225","source":"Crossref","is-referenced-by-count":7,"title":["InfoSec Process Action Model (IPAM): Targeting Insiders' Weak Password Behavior"],"prefix":"10.2308","volume":"33","author":[{"given":"Michael","family":"Curry","sequence":"first","affiliation":[{"name":"Oregon State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7109-6095","authenticated-orcid":true,"given":"Byron","family":"Marshall","sequence":"additional","affiliation":[{"name":"Oregon State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Correia","sequence":"additional","affiliation":[{"name":"Gonzaga University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robert E.","family":"Crossler","sequence":"additional","affiliation":[{"name":"Washington State University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1112","published-online":{"date-parts":[[2019,2,1]]},"reference":[{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Ajzen1","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/0749-5978(91)90020-T","article-title":"The theory of planned behavior","volume":"50","author":"Ajzen","year":"1991","journal-title":"Organizational Behavior and Human Decision Processes"},{"issue":"9","key":"2024082915371819500_i1558-7959-33-3-201-Ajzen2","doi-asserted-by":"crossref","first-page":"1108","DOI":"10.1177\/0146167204264079","article-title":"Explaining the discrepancy between intentions and actions: The case of hypothetical bias in contingent valuation","volume":"30","author":"Ajzen","year":"2004","journal-title":"Personality and Social Psychology Bulletin"},{"key":"2024082915371819500_i1558-7959-33-3-201-AlOmari1","doi-asserted-by":"crossref","DOI":"10.1109\/HICSS.2012.516","article-title":"Security Policy Compliance: User Acceptance Perspective","author":"Al-Omari","year":"2012"},{"issue":"3","key":"2024082915371819500_i1558-7959-33-3-201-Anderson1","doi-asserted-by":"crossref","first-page":"613","DOI":"10.2307\/25750694","article-title":"Practicing safe computing: A multimedia empirical examination of home computer user security behavioral intentions","volume":"34","author":"Anderson","year":"2010","journal-title":"MIS Quarterly"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Bandura1","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1037\/0033-295X.84.2.191","article-title":"Self-efficacy: Toward a unifying theory of behavioral change","volume":"84","author":"Bandura","year":"1977","journal-title":"Psychological Review"},{"key":"2024082915371819500_i1558-7959-33-3-201-Bandura2","article-title":"Self-efficacy","author":"Bandura","year":"1994"},{"key":"2024082915371819500_i1558-7959-33-3-201-Bandura3","article-title":"Theoretical perspectives","volume":"Vol. 50","author":"Bandura","year":"1997","journal-title":"Self-Efficacy: The Exercise of Control"},{"issue":"3","key":"2024082915371819500_i1558-7959-33-3-201-Bhattacherjee1","doi-asserted-by":"crossref","first-page":"351","DOI":"10.2307\/3250921","article-title":"Understanding information systems continuance: An expectation-confirmation model","volume":"25","author":"Bhattacherjee","year":"2001","journal-title":"MIS Quarterly"},{"issue":"4","key":"2024082915371819500_i1558-7959-33-3-201-Boss1","doi-asserted-by":"crossref","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","article-title":"What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviours","volume":"39","author":"Boss","year":"2015","journal-title":"MIS Quarterly"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Boss2","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1057\/ejis.2009.8","article-title":"If someone is watching, I'll do what I'm asked: Mandatoriness, control, and information security","volume":"18","author":"Boss","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2024082915371819500_i1558-7959-33-3-201-Bulgurcu1","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"issue":"4","key":"2024082915371819500_i1558-7959-33-3-201-Cenfetelli1","doi-asserted-by":"crossref","first-page":"689","DOI":"10.2307\/20650323","article-title":"Interpretation of formative measurement in information systems research","volume":"33","author":"Cenfetelli","year":"2009","journal-title":"MIS Quarterly"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Cieslewicz1","doi-asserted-by":"crossref","first-page":"89","DOI":"10.2308\/jiar-51181","article-title":"Collusive accounting supervision and economic culture","volume":"15","author":"Cieslewicz","year":"2016","journal-title":"Journal of International Accounting Research"},{"key":"2024082915371819500_i1558-7959-33-3-201-Cohen1","unstructured":"Cohen,\n\t\t\t\t\t\t\tJ.\n          \n          1988.\n\t\t\t\t\tStatistical Power Analysis for the Behavioral Sciences.\n\t\t\t\t\tLondon, U.K.:\n\t\t\t\t\tRoutledge Academic."},{"key":"2024082915371819500_i1558-7959-33-3-201-Cohen2","doi-asserted-by":"crossref","DOI":"10.1037\/0033-2909.112.1.155","article-title":"A power primer","author":"Cohen","year":"1992"},{"issue":"4","key":"2024082915371819500_i1558-7959-33-3-201-Compeau1","doi-asserted-by":"crossref","first-page":"1087","DOI":"10.1287\/isre.1120.0423","article-title":"Research commentary\u2014Generalizability of information systems research using student subjects\u2014A reflection on our practices and recommendations for future research","volume":"23","author":"Compeau","year":"2012","journal-title":"Information Systems Research"},{"issue":"4","key":"2024082915371819500_i1558-7959-33-3-201-Crossler1","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1145\/2691517.2691521","article-title":"An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (USP) instrument","volume":"45","author":"Crossler","year":"2014","journal-title":"The Database for Advances in Information Systems"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Crossler2","doi-asserted-by":"crossref","first-page":"209","DOI":"10.2308\/isys-50704","article-title":"Understanding compliance with bring your own device policies utilizing protection motivation theory bridging the intention-behavior gap","volume":"28","author":"Crossler","year":"2014","journal-title":"Journal of Information Systems"},{"key":"2024082915371819500_i1558-7959-33-3-201-Crossler3","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","article-title":"Future directions for behavioral information security research","volume":"Volume 32","author":"Crossler","year":"2013","journal-title":"Computers & Security"},{"key":"2024082915371819500_i1558-7959-33-3-201-CSID1","article-title":"Consumer survey: Password habits: A study among American consumers","author":"CSID","year":"2012"},{"key":"2024082915371819500_i1558-7959-33-3-201-Curry1","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1145\/3210530.3210535","article-title":"InfoSec Process Action Model (IPAM): Systematically addressing individual security behavior","volume":"49","author":"Curry","year":"2018","journal-title":"Data Base for Advances in Information Systems"},{"key":"2024082915371819500_i1558-7959-33-3-201-Davis1","doi-asserted-by":"crossref","DOI":"10.1080\/17437199.2014.941722","article-title":"Theories of behaviour and behaviour change across the social and behavioural sciences: A scoping review","author":"Davis","year":"2015"},{"key":"2024082915371819500_i1558-7959-33-3-201-Dennis1","doi-asserted-by":"crossref","DOI":"10.1145\/3210530.3210533","article-title":"Security on autopilot: Why current security theories hijack our thinking and lead us astray","author":"Dennis","year":"2018"},{"key":"2024082915371819500_i1558-7959-33-3-201-Dijkstra1","doi-asserted-by":"crossref","unstructured":"Dijkstra,\n\t\t\t\t\t\t\tT. K., and\n\t\t\t\t\t\tJ.Henseler.\n\t\t\t\t\t\n          2015.\n\t\t\t\t\tConsistent and Asymptotically Normal PLS Estimators for Linear Structural Equations, Computational Statistics and Data Analysis, 10\u2013\n\t\t\t\t\t23.\n\t\t\t\t\tNorth Holland, The Netherlands:\n\t\t\t\t\tElsevier B.V.","DOI":"10.1016\/j.csda.2014.07.008"},{"key":"2024082915371819500_i1558-7959-33-3-201-FederalBureauofInvestigationFBI1","article-title":"Criminals continue to defraud and extort funds from victims using CryptoWall ransomware schemes","author":"Federal Bureau of Investigation (FBI)","year":"2015"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Floyd1","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1111\/j.1559-1816.2000.tb02323.x","article-title":"A meta-analysis of research on protection motivation theory","volume":"30","author":"Floyd","year":"2000","journal-title":"Journal of Applied Social Psychology"},{"issue":"3","key":"2024082915371819500_i1558-7959-33-3-201-Fornell1","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1177\/002224378101800313","article-title":"Evaluating structural equation models with unobservable variables and measurement error","volume":"18","author":"Fornell","year":"1981","journal-title":"Journal of Marketing Research"},{"issue":"3","key":"2024082915371819500_i1558-7959-33-3-201-Garcia1","first-page":"347","article-title":"From \u201cI wish\u201d to \u201cI will\u201d: Social-cognitive predictors of behavioral intentions","volume":"8","author":"Garcia","year":"2003","journal-title":"Journal of Health Psychology"},{"key":"2024082915371819500_i1558-7959-33-3-201-GibsonResearchCorporation1","unstructured":"Gibson Research Corporation.\n\t\t\t\t\t2016.\n\t\t\t\t\tHow big is your haystack \u2026 and how well hidden is your needle? Available at: https:\/\/www.grc.com\/haystack.htm"},{"key":"2024082915371819500_i1558-7959-33-3-201-Gollwitzer1","doi-asserted-by":"crossref","DOI":"10.1037\/0003-066X.54.7.493","article-title":"Implementation intentions: Strong effects of simple plans","author":"Gollwitzer","year":"1999"},{"key":"2024082915371819500_i1558-7959-33-3-201-Gollwitzer2","doi-asserted-by":"crossref","DOI":"10.1016\/S0065-2601(06)38002-1","article-title":"Implementation intentions and goal achievement: A meta-analysis of effects and processes","author":"Gollwitzer","year":"2006"},{"key":"2024082915371819500_i1558-7959-33-3-201-Gordon1","doi-asserted-by":"crossref","DOI":"10.1145\/581271.581274","article-title":"The Economics of information security investment","author":"Gordon","year":"2002"},{"key":"2024082915371819500_i1558-7959-33-3-201-Gordon2","article-title":"Return on information security investments: Myths vs. realities","author":"Gordon","year":"2002"},{"key":"2024082915371819500_i1558-7959-33-3-201-Grassi1","article-title":"NIST Special Publication 800-63B: Digital identity guidelines authentication and lifecycle management","author":"Grassi","year":"2018"},{"issue":"5\/6","key":"2024082915371819500_i1558-7959-33-3-201-Hair1","doi-asserted-by":"crossref","first-page":"312","DOI":"10.1016\/j.lrp.2012.09.011","article-title":"Partial least squares: The better approach to structural equation modeling?","volume":"45","author":"Hair","year":"2012","journal-title":"Long Range Planning"},{"issue":"5\/6","key":"2024082915371819500_i1558-7959-33-3-201-Hair2","doi-asserted-by":"crossref","first-page":"320","DOI":"10.1016\/j.lrp.2012.09.008","article-title":"The use of partial least squares structural equation modeling in strategic management research: A review of past practices and recommendations for future applications","volume":"45","author":"Hair","year":"2012","journal-title":"Long Range Planning"},{"key":"2024082915371819500_i1558-7959-33-3-201-Hair3","article-title":"A Primer on partial least squares structural equation modeling","author":"Hair","year":"2014"},{"key":"2024082915371819500_i1558-7959-33-3-201-Hall1","doi-asserted-by":"crossref","DOI":"10.1016\/j.ypmed.2007.11.006","article-title":"Meta-analytic examination of the strong and weak principles across 48 health behaviors","author":"Hall","year":"2008"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Herath1","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: A framework for security policy compliance in organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"6","key":"2024082915371819500_i1558-7959-33-3-201-Hu1","doi-asserted-by":"crossref","DOI":"10.1145\/1953122.1953142","article-title":"Does deterrence work in reducing information security policy abuse by employees?","volume":"54","author":"Hu","year":"2011","journal-title":"Communications of the ACM"},{"key":"2024082915371819500_i1558-7959-33-3-201-Huang1","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-73111-5_100","article-title":"A survey of factors influencing people's perception of information security","author":"Huang","year":"2007"},{"key":"2024082915371819500_i1558-7959-33-3-201-Inglesant1","doi-asserted-by":"crossref","DOI":"10.1145\/1753326.1753384","article-title":"The true cost of unusable password policies: Password use in the wild","author":"Inglesant","year":"2010"},{"key":"2024082915371819500_i1558-7959-33-3-201-Jarvis1","doi-asserted-by":"crossref","DOI":"10.1086\/376806","article-title":"A critical review of construct indicators and measurement model misspecification in marketing and consumer research","author":"Jarvis","year":"2003"},{"issue":"3","key":"2024082915371819500_i1558-7959-33-3-201-Johnston1","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear appeals and information security behaviors: An empirical study","volume":"34","author":"Johnston","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Johnston2","doi-asserted-by":"crossref","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","article-title":"An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric","volume":"39","author":"Johnston","year":"2015","journal-title":"MIS Quarterly"},{"key":"2024082915371819500_i1558-7959-33-3-201-Lebek1","doi-asserted-by":"crossref","DOI":"10.1109\/HICSS.2013.192","article-title":"Employees' information security awareness and behavior: A literature review","author":"Lebek","year":"2013"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Lee1","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1057\/ejis.2009.11","article-title":"Threat or coping appraisal: Determinants of SMB executives' decision to adopt anti-malware software","volume":"18","author":"Lee","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"2024082915371819500_i1558-7959-33-3-201-LiebermanSoftware1","article-title":"2011 survey of IT professionals","author":"Lieberman Software","year":"2011"},{"issue":"5","key":"2024082915371819500_i1558-7959-33-3-201-Maddux1","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1016\/0022-1031(83)90023-9","article-title":"Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change","volume":"19","author":"Maddux","year":"1983","journal-title":"Journal of Experimental Social Psychology"},{"key":"2024082915371819500_i1558-7959-33-3-201-Marakas1","doi-asserted-by":"crossref","DOI":"10.17705\/1jais.00112","article-title":"The evolving nature of the computer self-efficacy construct: An empirical investigation of measurement construction, validity, reliability and stability over time","author":"Marakas","year":"2007"},{"key":"2024082915371819500_i1558-7959-33-3-201-Microsoft1","article-title":"Password strength checker","author":"Microsoft","year":"2014"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Milne1","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1111\/j.1559-1816.2000.tb02308.x","article-title":"Prediction and intervention in health-related behavior: A meta-analytic review of protection motivation theory","volume":"30","author":"Milne","year":"2000","journal-title":"Journal of Applied Social Psychology"},{"key":"2024082915371819500_i1558-7959-33-3-201-Orderlokken1","article-title":"2012 password survey in Norway","author":"Orderl\u00f8kken","year":"2013"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-ParksStamm1","doi-asserted-by":"crossref","first-page":"248","DOI":"10.1521\/soco.2007.25.2.248","article-title":"Action control by implementation intentions: Effective cue detection and efficient response initiation","volume":"25","author":"Parks-Stamm","year":"2007","journal-title":"Social Cognition"},{"key":"2024082915371819500_i1558-7959-33-3-201-PonemonInstituteandIBMSecurity1","article-title":"Ponemon Institute's 2017 cost of data breach study: Global overview","author":"Ponemon Institute and IBM Security","year":"2017"},{"issue":"4","key":"2024082915371819500_i1558-7959-33-3-201-Posey1","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.25300\/MISQ\/2013\/37.4.09","article-title":"Insiders' protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors","volume":"37","author":"Posey","year":"2013","journal-title":"MIS Quarterly"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Prochaska1","doi-asserted-by":"crossref","first-page":"38","DOI":"10.4278\/0890-1171-12.1.38","article-title":"The transtheoretical model of health behavior change","volume":"12","author":"Prochaska","year":"1997","journal-title":"American Journal of Health Promotion"},{"key":"2024082915371819500_i1558-7959-33-3-201-Prochaska2","article-title":"Transtheoretical model of behavior change","author":"Prochaska","year":"2013","journal-title":"Encyclopedia of Behavioral Medicine"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Raschke1","doi-asserted-by":"crossref","first-page":"227","DOI":"10.2308\/isys-50696","article-title":"Understanding the components of information privacy threats for location-based services","volume":"28","author":"Raschke","year":"2014","journal-title":"Journal of Information Systems"},{"key":"2024082915371819500_i1558-7959-33-3-201-Renner1","article-title":"Risk and health behaviors: Documentation of the scales of the research project \u201cRisk Appraisal Consequences in Korea\u201d(RACK)","author":"Renner","year":"2005"},{"key":"2024082915371819500_i1558-7959-33-3-201-Rhee1","article-title":"I am fine but you are not: Optimistic bias and illusion of control on information security","author":"Rhee","year":"2005"},{"key":"2024082915371819500_i1558-7959-33-3-201-Riemsma1","article-title":"A systematic review of the effectiveness of interventions based on a stages-of-change approach to promote individual behaviour change in health care settings","author":"Riemsma","year":"2002"},{"key":"2024082915371819500_i1558-7959-33-3-201-Ringle1","article-title":"SmartPLS 3","author":"Ringle","year":"2015"},{"key":"2024082915371819500_i1558-7959-33-3-201-RoboForm1","article-title":"Password security survey results: Part 1","author":"RoboForm","year":"2015"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Rogers1","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change","volume":"91","author":"Rogers","year":"1975","journal-title":"The Journal of Psychology"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Rossi1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/S1471-0153(00)00019-2","article-title":"Validation of decisional balance and situational temptations measures for dietary fat reduction in a large school-based population of adolescents","volume":"2","author":"Rossi","year":"2001","journal-title":"Eating Behaviors"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Schwarzer1","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1177\/135910539900400208","article-title":"Self-regulatory processes in the adoption and maintenance of health behaviors","volume":"4","author":"Schwarzer","year":"1999","journal-title":"Journal of Health Psychology"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Schwarzer2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1111\/j.1464-0597.2007.00325.x","article-title":"Modeling health behavior change: How to predict and modify the adoption and maintenance of health behaviors","volume":"57","author":"Schwarzer","year":"2008","journal-title":"Applied Psychology: An International Review"},{"key":"2024082915371819500_i1558-7959-33-3-201-Schwarzer3","doi-asserted-by":"crossref","DOI":"10.1027\/1016-9040.13.2.141","article-title":"How to overcome health-compromising behaviors: The health action process approach","author":"Schwarzer","year":"2008"},{"key":"2024082915371819500_i1558-7959-33-3-201-Schwarzer4","article-title":"On the assessment and analysis of variables in the health action process approach: Conducting an investigation","author":"Schwarzer","year":"2003"},{"key":"2024082915371819500_i1558-7959-33-3-201-Schwarzer5","doi-asserted-by":"crossref","DOI":"10.1007\/BF02879897","article-title":"Adoption and maintenance of four health behaviors: Theory-guided longitudinal studies on dental flossing, seat belt use, dietary behavior, and physical activity","author":"Schwarzer","year":"2007"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Sheeran1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/14792772143000003","article-title":"Intention-behaviour relations: A conceptual and empirical review","volume":"12","author":"Sheeran","year":"2002","journal-title":"European Review of Social Psychology"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Sniehotta1","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1080\/08870440512331317670","article-title":"Bridging the intention-behaviour gap: Planning, self-efficacy, and action control in the adoption and maintenance of physical exercise","volume":"20","author":"Sniehotta","year":"2005","journal-title":"Psychology & Health"},{"key":"2024082915371819500_i1558-7959-33-3-201-SplashData1","article-title":"Announcing our worst passwords of 2015","author":"SplashData","year":"2016"},{"issue":"2","key":"2024082915371819500_i1558-7959-33-3-201-Steinbart1","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1287\/isre.2016.0634","article-title":"Examining the continuance of secure behavior: A longitudinal field study of mobile device authentication","volume":"27","author":"Steinbart","year":"2016","journal-title":"Information Systems Research"},{"key":"2024082915371819500_i1558-7959-33-3-201-Stobert1","article-title":"The password life cycle: User behaviour in managing passwords","author":"Stobert","year":"2014"},{"key":"2024082915371819500_i1558-7959-33-3-201-Todnem1","article-title":"Password strength checker","author":"Todnem","year":"2012"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Velicer1","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1111\/j.1464-0597.2007.00327.x","article-title":"Stage and non-stage theories of behavior and behavior change: A comment on Schwarzer","volume":"57","author":"Velicer","year":"2008","journal-title":"Applied Psychology"},{"issue":"4","key":"2024082915371819500_i1558-7959-33-3-201-Velicer2","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1016\/S0306-4603(98)00100-2","article-title":"Testing 40 predictions from the transtheoretical model","volume":"24","author":"Velicer","year":"1999","journal-title":"Addictive Behaviors"},{"issue":"6","key":"2024082915371819500_i1558-7959-33-3-201-Venkatesh1","doi-asserted-by":"crossref","first-page":"527","DOI":"10.1111\/j.1365-2575.2011.00373.x","article-title":"Extending the two-stage information systems continuance model: Incorporating UTAUT predictors and the role of context","volume":"21","author":"Venkatesh","year":"2011","journal-title":"Information Systems Journal"},{"key":"2024082915371819500_i1558-7959-33-3-201-VerizonEnterpriseSolutions1","article-title":"2012 data breach investigations report","author":"Verizon Enterprise Solutions","year":"2012"},{"key":"2024082915371819500_i1558-7959-33-3-201-VerizonEnterpriseSolutions2","article-title":"2014 data breach investigations report","author":"Verizon Enterprise Solutions","year":"2014"},{"key":"2024082915371819500_i1558-7959-33-3-201-VerizonEnterpriseSolutions3","unstructured":"Verizon Enterprise Solutions.\n\t\t\t\t\t2016.\n\t\t\t\t\t2016 data breach investigations report. Available at: https:\/\/enterprise.verizon.com\/search\/?cs_query=2016%20Data%20Breach%20Investigations%20Report&page=1"},{"key":"2024082915371819500_i1558-7959-33-3-201-Warkentin1","article-title":"I'm safer than you: The role of optimism bias in personal IT risk assessments","author":"Warkentin","year":"2005"},{"issue":"December","key":"2024082915371819500_i1558-7959-33-3-201-Warkentin2","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1016\/j.dss.2016.09.013","article-title":"Continuance of protective security behavior: A longitudinal study","volume":"92","author":"Warkentin","year":"2016","journal-title":"Decision Support Systems"},{"issue":"3","key":"2024082915371819500_i1558-7959-33-3-201-Weinstein1","doi-asserted-by":"crossref","first-page":"170","DOI":"10.1037\/0278-6133.11.3.170","article-title":"A model of the precaution adoption process: Evidence from home radon testing","volume":"11","author":"Weinstein","year":"1992","journal-title":"Health Psychology"},{"key":"2024082915371819500_i1558-7959-33-3-201-Weinstein2","article-title":"The precaution adoption process model","author":"Weinstein","year":"2008","journal-title":"Health Behavior and Health Education, 4th edition"},{"issue":"5","key":"2024082915371819500_i1558-7959-33-3-201-Witte1","doi-asserted-by":"crossref","first-page":"591","DOI":"10.1177\/109019810002700506","article-title":"A meta-analysis of fear appeals: Implications for effective public health campaigns","volume":"27","author":"Witte","year":"2000","journal-title":"Health Education & Behavior"},{"issue":"6","key":"2024082915371819500_i1558-7959-33-3-201-Workman1","doi-asserted-by":"crossref","first-page":"2799","DOI":"10.1016\/j.chb.2008.04.005","article-title":"Security lapses and the omission of information security measures: A threat control model and empirical test","volume":"24","author":"Workman","year":"2008","journal-title":"Computers in Human Behavior"},{"key":"2024082915371819500_i1558-7959-33-3-201-WPEngine1","article-title":"Unmasked: What 10 million passwords reveal about the people who choose them","author":"WPEngine","year":"2014"},{"issue":"1","key":"2024082915371819500_i1558-7959-33-3-201-Zafar1","first-page":"557","article-title":"Current state of information security research in IS","volume":"24","author":"Zafar","year":"2009","journal-title":"Communications of the Association for Information Systems"}],"container-title":["Journal of Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/33\/3\/201\/11320\/isys-52381.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/33\/3\/201\/11320\/isys-52381.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T17:24:54Z","timestamp":1724952294000},"score":1,"resource":{"primary":{"URL":"https:\/\/publications.aaahq.org\/jis\/article\/33\/3\/201\/1535\/InfoSec-Process-Action-Model-IPAM-Targeting"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,1]]},"references-count":91,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2019,2,1]]},"published-print":{"date-parts":[[2019,9,1]]}},"URL":"https:\/\/doi.org\/10.2308\/isys-52381","relation":{},"ISSN":["0888-7985","1558-7959"],"issn-type":[{"value":"0888-7985","type":"print"},{"value":"1558-7959","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,2,1]]}}}