{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,19]],"date-time":"2026-06-19T16:15:20Z","timestamp":1781885720878,"version":"3.54.5"},"reference-count":85,"publisher":"MIS Quarterly","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,3,1]]},"abstract":"<jats:p>Information systems security (ISS) behavioral research has produced different models to explain security policy compliance. This paper (1) reviews 11 theories that have served the majority of previous information security behavior models, (2) empirically compares these theories (Study 1), (3) proposes a unified model, called the unified model of information security policy compliance (UMISPC), which integrates elements across these extant theories, and (4) empirically tests the UMISPC in a new study (Study 2), which provided preliminary empirical support for the model. The 11 theories reviewed are (1) the theory of reasoned action, (2) neutrali- zation techniques, (3) the health belief model, (4) the theory of planned behavior, (5) the theory of interpersonal behavior, (6) the protection motivation theory, (7) the extended protection motivation theory, (8) deterrence theory and rational choice theory, (9) the theory of self-regulation, (10) the extended parallel processing model, and (11) the control balance theory. The UMISPC is an initial step toward empirically examining the extent to which the existing models have similar and different constructs. Future research is needed to examine to what extent the UMISPC can explain different types of ISS behaviors (or intentions thereof). Such studies will determine the extent to which the UMISPC needs to be revised to account for different types of ISS policy violations and the extent to which the UMISPC is generalizable beyond the three types of ISS violations we examined. Finally, the UMISPC is intended to inspire future ISS research to further theorize and empirically demonstrate the important differences between rival theories in the ISS context that are not captured by current measures.<\/jats:p>","DOI":"10.25300\/misq\/2018\/13853","type":"journal-article","created":{"date-parts":[[2018,1,29]],"date-time":"2018-01-29T13:05:21Z","timestamp":1517231121000},"page":"285-311","source":"Crossref","is-referenced-by-count":367,"title":["Toward a Unified Model of Information Security Policy Compliance1"],"prefix":"10.25300","volume":"42","author":[{"given":"Gregory D.","family":"Moody","sequence":"first","affiliation":[{"name":"University of Nevada, Las Vegas, 4505 S. Maryland Parkway, Las Vegas, NV 89154 U.S.A."}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mikko","family":"Siponen","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, University of Jyv\u00e4skyl\u00e4, P.O. Box 35, FI-40014 Jyv\u00e4skyl\u00e4 Finland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Seppo","family":"Pahnila","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology and Electrical Engineering, University of Oulu, P.O. Box 8000, FI-90014 Oulu Finland"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"10933","published-online":{"date-parts":[[2018,3,1]]},"reference":[{"key":"2025082212155826500_b1-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1007\/978-3-642-69746-3_2","article-title":"From Intentions to Actions: A Theory of Planned Behavior","volume":"11","author":"Ajzen","year":"1985","journal-title":"Action-Control: From Cognitions to Behavior"},{"issue":"4","key":"2025082212155826500_b2-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"636","DOI":"10.2307\/2094592","article-title":"Social Learning and Deviant Behavior: A Specific Test of a General Theory","volume":"44","author":"Akers","year":"1979","journal-title":"American Sociological Review"},{"issue":"1","key":"2025082212155826500_b3-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"20","DOI":"10.2307\/258189","article-title":"Social Identity Theory and the Organization","volume":"14","author":"Ashforth","year":"1989","journal-title":"Academy of Management Review"},{"issue":"5","key":"2025082212155826500_b4-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"1144","DOI":"10.1287\/orsc.1100.0591","article-title":"Identity in Organizations: Exploring Cross-Level Dynamics","volume":"22","author":"Ashforth","year":"2011","journal-title":"Organiza- tion Science"},{"issue":"2","key":"2025082212155826500_b5-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"178","DOI":"10.2307\/2786945","article-title":"The Self-Regulation of Attitudes, Intentions, and Behavior","volume":"55","author":"Bagozzi","year":"1992","journal-title":"Social Psychology Quarterly"},{"issue":"2","key":"2025082212155826500_b6-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"264","DOI":"10.1177\/0013916502250134","article-title":"Incentives, Morality, or Habit? Predicting Students\u2019 Car Use for University Routes with the Models of Ajzen, Schwartz, and Triandis","volume":"35","author":"Bamberg","year":"2003","journal-title":"Environment and Behavior"},{"issue":"2","key":"2025082212155826500_b7-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1037\/0033-295X.84.2.191","article-title":"Self-Efficacy: Toward a Unifying Theory of Behavioral Change","volume":"84","author":"Bandura","year":"1977","journal-title":"Psychological Review"},{"issue":"Part B","key":"2025082212155826500_b8-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1016\/j.cose.2013.05.006","article-title":"Don\u2019t Make Excuses! Discouraging Neutralization to Reduce IT Policy Violation","volume":"39","author":"Barlow","year":"2013","journal-title":"Computers & Security"},{"issue":"5\/6","key":"2025082212155826500_b9-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1108\/09576050210447019","article-title":"An Information Security Meta-Policy for Emergent Organizations","volume":"15","author":"Baskerville","year":"2002","journal-title":"Journal of Logistics Information Management"},{"key":"2025082212155826500_b10-14_13853_ra_moody","first-page":"1","article-title":"Crime and Punishment: An Economic Approach","volume-title":"Essays in the Economics of Crime and Punish- ment","author":"Becker","year":"1974"},{"issue":"4","key":"2025082212155826500_b11-14_13853_ra_moody","first-page":"324","article-title":"The Health Belief Model and Personal Health Behavior","volume":"2","author":"Becker","year":"1974","journal-title":"Health Education Monograph Series"},{"issue":"2","key":"2025082212155826500_b12-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1016\/0167-9236(94)00007-F","article-title":"Deter- minants of EIS Use: Testing a Behavioral Model","volume":"14","author":"Bergeron","year":"1995","journal-title":"Decision Support Systems"},{"issue":"4","key":"2025082212155826500_b13-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","article-title":"What Do Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Behaviors in Users","volume":"39","author":"Boss","year":"2015","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212155826500_b14-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1057\/ejis.2009.8","article-title":"If Someone Is Watching, I\u2019ll Do What I\u2019m Asked: Mandatoriness, Control, and Information Security","volume":"18","author":"Boss","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"2025082212155826500_b15-14_13853_ra_moody","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511804618","volume-title":"Crime, Shame and Reintegration","author":"Braithwaite","year":"1989"},{"issue":"3","key":"2025082212155826500_b16-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information Security Policy Compliance: An Empirical Study of Rationality- Based Beliefs and Information Security Awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"issue":"6","key":"2025082212155826500_b17-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1080\/01639620500218286","article-title":"Integrating Motivating and Constraining Forces in Deviance Causation: A Test of Causal Chain Hypothe- ses in Control Balance Theory","volume":"26","author":"Curry","year":"2005","journal-title":"Deviant Behavior"},{"issue":"6","key":"2025082212155826500_b18-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1057\/ejis.2011.23","article-title":"A Review and Analysis of Deterrence Theory in the IS Security Literature: Making Sense of the Disparate Findings","volume":"20","author":"D\u2019Arcy","year":"2011","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025082212155826500_b19-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","article-title":"Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective","volume":"31","author":"D\u2019Arcy","year":"2014","journal-title":"Journal of Management Information Systems"},{"issue":"10","key":"2025082212155826500_b20-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1145\/1290958.1290971","article-title":"Deterring Internal Information Systems Misuse","volume":"50","author":"D\u2019Arcy","year":"2007","journal-title":"Communications of the ACM"},{"issue":"1","key":"2025082212155826500_b21-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach","volume":"23","author":"D\u2019Arcy","year":"2009","journal-title":"Information Systems Research"},{"key":"2025082212155826500_b22-14_13853_ra_moody","doi-asserted-by":"crossref","DOI":"10.1515\/9781503620766","volume-title":"A Theory of Cognitive Dissonance","author":"Festinger","year":"1957"},{"key":"2025082212155826500_b23-14_13853_ra_moody","volume-title":"Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research","author":"Fishbein","year":"1975"},{"issue":"2","key":"2025082212155826500_b24-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1111\/j.1559-1816.2000.tb02323.x","article-title":"A Meta- Analysis of Research on Protection Motivation Theory","volume":"30","author":"Floyd","year":"2000","journal-title":"Journal of Applied Social Psychology"},{"issue":"6","key":"2025082212155826500_b25-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"823","DOI":"10.1037\/0033-2909.132.6.823","article-title":"Experimental Disclosure and its Moderators: A Meta-Analysis","volume":"132","author":"Frattaroli","year":"2006","journal-title":"Psychological Bulletin"},{"issue":"2-3","key":"2025082212155826500_b26-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1016\/S1386-5056(03)00094-7","article-title":"An Adaptation of the Theory of Interpersonal Behavior to the Study of Telemedicine Adoption by Physicians","volume":"71","author":"Gagnon","year":"2003","journal-title":"International Journal of Medical Informatics"},{"key":"2025082212155826500_b27-14_13853_ra_moody","first-page":"47","article-title":"An Empirical Investigation of Antecedents of Internet Abuse in the Workplace","author":"Galletta","year":"2003"},{"issue":"2","key":"2025082212155826500_b28-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"iii","DOI":"10.2307\/23044042","article-title":"An Update and Extension to Sem Guidelines for Admnistrative and Social Science Research","volume":"35","author":"Gefen","year":"2011","journal-title":"MIS Quarterly"},{"key":"2025082212155826500_b29-14_13853_ra_moody","volume-title":"Crime, Punishment, and Deterrence","author":"Gibbs","year":"1975"},{"key":"2025082212155826500_b30-14_13853_ra_moody","volume-title":"Multivariate Data Analysis","author":"Hair","year":"2006","edition":"6th"},{"issue":"3","key":"2025082212155826500_b31-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"257","DOI":"10.2307\/249656","article-title":"The Effect of Codes and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions","volume":"20","author":"Harrington","year":"1996","journal-title":"MIS Quarterly"},{"key":"2025082212155826500_b32-14_13853_ra_moody","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511895425","volume-title":"Information Systems Development and Data Modelling: Conceptual and Philosophical Foundations","author":"Hirschheim","year":"1995"},{"issue":"1","key":"2025082212155826500_b33-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025082212155826500_b34-14_13853_ra_moody","first-page":"1","article-title":"The Health Belief Model: A Decade Later","volume":"11","author":"Janz","year":"1984","journal-title":"Health Education & Behavior"},{"issue":"3","key":"2025082212155826500_b35-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear Appeals and Information Security Behaviors: An Empirical Study","volume":"34","author":"Johnston","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212155826500_b36-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","article-title":"An Enhanced Fear Appeal Framework: Leveraging Threats to the Human Asset through Sanctioning Rhetoric","volume":"39","author":"Johnston","year":"2015","journal-title":"MIS Quarterly"},{"issue":"7","key":"2025082212155826500_b37-14_13853_ra_moody","doi-asserted-by":"crossref","DOI":"10.17705\/1jais.00302","article-title":"Lateral Collinearity and Misleading Results in Variance-Based SEM: An Illustration and Recommendations","volume":"13","author":"Kock","year":"2012","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212155826500_b38-14_13853_ra_moody","volume-title":"Progress and its Problems: Towards a Theory of Scientific Growth","author":"Laudan","year":"1978"},{"issue":"6","key":"2025082212155826500_b39-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"707","DOI":"10.1016\/j.im.2003.08.008","article-title":"An Integrative Model of Computer Abuse Based on Social Control and General Deterrence Theories","volume":"41","author":"Lee","year":"2004","journal-title":"Information & Management"},{"key":"2025082212155826500_b40-14_13853_ra_moody","doi-asserted-by":"crossref","DOI":"10.1109\/HICSS.1998.654776","article-title":"An Analysis of Ethics as Foundation of Information Security in Distributed Systems","author":"Leiwo","year":"1998"},{"issue":"2-3","key":"2025082212155826500_b41-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1002\/(SICI)1099-0992(199903\/05)29:2\/3<161::AID-EJSP919>3.0.CO;2-G","article-title":"A Comparison of Three Models of Attitude\u2013Behavior Relationships in the Studying Behavior Domain","volume":"29","author":"Leone","year":"1999","journal-title":"European Journal of Social Psychology"},{"issue":"1","key":"2025082212155826500_b42-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"71","DOI":"10.2307\/20650279","article-title":"Avoidance of Information Tech- nology Threats: A Theoretical Perspective","volume":"33","author":"Liang","year":"2009","journal-title":"MIS Quarterly"},{"issue":"7","key":"2025082212155826500_b43-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"394","DOI":"10.17705\/1jais.00232","article-title":"Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective","volume":"11","author":"Liang","year":"2010","journal-title":"Journal of the Association for Information Systems"},{"issue":"1","key":"2025082212155826500_b44-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"65","DOI":"10.17705\/1jais.00030","article-title":"Force of Habit and Infor- mation Systems Usage: Theory and Initial Validation","volume":"4","author":"Limayem","year":"2003","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212155826500_b45-14_13853_ra_moody","first-page":"1","article-title":"Strategies and Requisites for Theoretical Integration in the Study of Crime and Deviance","volume-title":"Theoretical Integration in the Study of Deviance and Crime: Problems and Prospects","author":"Liska","year":"1989"},{"issue":"50","key":"2025082212155826500_b46-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1111\/isj.12043","article-title":"Proposing the Control Reactance Compliance Model (CRCM) to Explain Opposing Motivations to Comply with Organizational Information Security Policies","volume":"25","author":"Lowry","year":"2015","journal-title":"Information Systems Journal"},{"issue":"5","key":"2025082212155826500_b47-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1016\/0022-1031(83)90023-9","article-title":"Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change","volume":"19","author":"Maddux","year":"1983","journal-title":"Journal of Experimental Social Psychology"},{"issue":"4","key":"2025082212155826500_b48-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1111\/j.1751-9004.2011.00341.x","article-title":"Fear Appeals and Persuasion: A Review and Update of the Extended Parallel Process Model","volume":"5","author":"Maloney","year":"2011","journal-title":"Social and Personality Psychology Compass"},{"key":"2025082212155826500_b49-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"362","DOI":"10.1037\/0033-2909.97.3.562","article-title":"Application of Confirm- atory Factor Analysis to the Study of Self-Concept: First- and Higher Order Factor Models and Their Invariance Across Groups","volume":"97","author":"Marsh","year":"1985","journal-title":"Psychological Bulletin"},{"key":"2025082212155826500_b50-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1086\/655355","article-title":"What Have We Learned from Five Decades of Neutralization Research?","volume":"32","author":"Maruna","year":"2005","journal-title":"Crime and Justice"},{"key":"2025082212155826500_b51-14_13853_ra_moody","first-page":"18","article-title":"Information Systems Security Governance Research: A Behavioral Perspective","author":"Mishra","year":"2006"},{"issue":"4","key":"2025082212155826500_b52-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"815","DOI":"10.1016\/j.dss.2008.11.010","article-title":"Studying Users\u2019 Computer Security Behavior: A Health Belief Perspective","volume":"46","author":"Ng","year":"2009","journal-title":"Decision Support Systems"},{"key":"2025082212155826500_b53-14_13853_ra_moody","doi-asserted-by":"crossref","DOI":"10.1109\/HICSS.2007.206","article-title":"Employees\u2019 Behavior Towards IS Security Policy Compliance","author":"Pahnila","year":"2007"},{"issue":"3","key":"2025082212155826500_b54-14_13853_ra_moody","first-page":"765","article-title":"How Much We Really Know about Criminal Deterrence?","volume":"100","author":"Paternoster","year":"2010","journal-title":"Journal of Criminal Law and Crim- inology"},{"issue":"3","key":"2025082212155826500_b55-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/3054128","article-title":"Sanction Threats and Appeals to Morality: Testing a Rational Choice Model of Corporate Crime","volume":"30","author":"Paternoster","year":"1996","journal-title":"Law & Society Review"},{"issue":"1","key":"2025082212155826500_b56-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1080\/07421222.2003.11045759","article-title":"Software Piracy in the Workplace: A Model and Empirical Test","volume":"20","author":"Peace","year":"2003","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"2025082212155826500_b57-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1016\/j.im.2008.01.004","article-title":"Explaining Non-Work-Related Computing in the Workplace: A Comparison of Alternative Models","volume":"45","author":"Pee","year":"2008","journal-title":"Information & Management"},{"issue":"1","key":"2025082212155826500_b58-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1111\/j.1745-9125.2004.tb00515.x","article-title":"Projected Offending and Implications for Heterotypic Continuity","volume":"42","author":"Pogarsky","year":"2004","journal-title":"Criminology"},{"issue":"4","key":"2025082212155826500_b59-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"757","DOI":"10.2307\/25750704","article-title":"Improving Employee\u2019s Compliance through IS Security Training: An Action Research Study","volume":"34","author":"Puhakainen","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212155826500_b60-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A Protection Motivation Theory of Fear Appeals and Attitude Change","volume":"91","author":"Rogers","year":"1975","journal-title":"The Journal of Psychology"},{"key":"2025082212155826500_b61-14_13853_ra_moody","first-page":"153","article-title":"Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation","volume-title":"Social Psychophysiology","author":"Rogers","year":"1983"},{"issue":"12","key":"2025082212155826500_b62-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1086\/209170","article-title":"The Theory of Reasoned Action: A Meta-Analysis of Past Research with Recommendations for Modifications and Future Research","volume":"15","author":"Sheppard","year":"1988","journal-title":"Journal of Consumer Research"},{"key":"2025082212155826500_b63-14_13853_ra_moody","first-page":"239","article-title":"On the Role of Human Morality in Information System Security: From the Problems of Descriptivism to Non- descriptive Foundations","volume-title":"Social Responsibility in the Information Age: Issues and Controversies","author":"Siponen","year":"2001"},{"issue":"4","key":"2025082212155826500_b64-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1016\/j.infoandorg.2004.11.001","article-title":"Analysis of Modern IS Security Development Approaches: Towards the Next Generation of Social and Adaptable ISS Methods","volume":"15","author":"Siponen","year":"2005","journal-title":"Information and Organization"},{"key":"2025082212155826500_b65-14_13853_ra_moody","unstructured":"Siponen, M., Karjalainen, M., and Sarker, S.\u20082010. \u201cUnearthing Social Mechanisms that Lead Employees to Violate IS Security Procedures: An Inductive Study,\u201d in Proceedings of Dewald Roode Workshop on Information Systems Security Research, IFIP Working Group 8.11\/11.13, B.\u2008Molyneux and A.\u2008Vance (eds.) (https:\/\/ifip.byu.edu\/ifip2010.html)."},{"issue":"2","key":"2025082212155826500_b66-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.im.2013.08.006","article-title":"Employees\u2019 Adherence to Information Security Policies: An Exploratory Field Study","volume":"51","author":"Siponen","year":"2014","journal-title":"Information & Management"},{"issue":"3","key":"2025082212155826500_b67-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"487","DOI":"10.2307\/25750688","article-title":"Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations","volume":"34","author":"Siponen","year":"2010","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212155826500_b68-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1057\/ejis.2012.59","article-title":"Examining the Phenomenon of Deliberate IS Security Policy Violations: A Call and Guidelines for Research","volume":"23","author":"Siponen","year":"2014","journal-title":"European Journal of Information Systems"},{"issue":"7","key":"2025082212155826500_b69-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"334","DOI":"10.1016\/j.im.2012.06.004","article-title":"New Insights into the Problem of Software Piracy: The Effects of Neutralization, Shame, and Moral Beliefs","volume":"49","author":"Siponen","year":"2012","journal-title":"Information & Management"},{"issue":"3","key":"2025082212155826500_b70-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1287\/isre.1.3.255","article-title":"Effective IS Security","volume":"1","author":"Straub","year":"1990","journal-title":"Information Systems Research"},{"key":"2025082212155826500_b71-14_13853_ra_moody","first-page":"5","article-title":"Framing the Information Security Process in Modern Society","volume-title":"Information Security: Policy, Processes, and Practices","author":"Straub","year":"2008"},{"issue":"6","key":"2025082212155826500_b72-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"664","DOI":"10.2307\/2089195","article-title":"Techniques of Neutralization: A Theory of Delinquency","volume":"22","author":"Sykes","year":"1957","journal-title":"American Sociological Review"},{"issue":"1","key":"2025082212155826500_b73-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"44","DOI":"10.4018\/jgim.2015010103","article-title":"What Drives Information Security Policy Violations among Banking Employees? Insights from Neutralization and Social Exchange Theory","volume":"23","author":"Teh","year":"2015","journal-title":"Journal of Global Information Management"},{"issue":"6","key":"2025082212155826500_b74-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"472","DOI":"10.1016\/j.cose.2005.05.002","article-title":"The Insider Threat to Information Systems and the Effec- tiveness of ISO17799","volume":"24","author":"Theoharidou","year":"2005","journal-title":"Computers & Security"},{"key":"2025082212155826500_b75-14_13853_ra_moody","volume-title":"Control Balance: Toward a General Theory of Deviance","author":"Tittle","year":"1995"},{"key":"2025082212155826500_b76-14_13853_ra_moody","volume-title":"Interpersonal Behavior","author":"Triandis","year":"1977"},{"issue":"1","key":"2025082212155826500_b77-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"21","DOI":"10.4018\/joeuc.2012010102","article-title":"IS Security Policy Violations: A Rational Choice Perspective","volume":"24","author":"Vance","year":"2012","journal-title":"Journal of Organizational and End User Computing"},{"issue":"2","key":"2025082212155826500_b78-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1016\/j.im.2012.04.002","article-title":"Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory","volume":"49","author":"Vance","year":"2012","journal-title":"Information & Management"},{"issue":"3","key":"2025082212155826500_b79-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"425","DOI":"10.2307\/30036540","article-title":"User Acceptance of Information Technology: Toward a Unified View","volume":"27","author":"Venkatesh","year":"2003","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212155826500_b80-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"157","DOI":"10.2307\/41410412","article-title":"Consumer Acceptance and Use of Information Technology: Extending the Unified Theory of Acceptance and Use of Technology","volume":"36","author":"Venkatesh","year":"2012","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212155826500_b81-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1348\/014466605X49122","article-title":"Beyond Frequency: Habit as Mental Con- struct","volume":"45","author":"Verplanken","year":"2006","journal-title":"British Journal of Social Psychology"},{"issue":"2","key":"2025082212155826500_b82-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1057\/ejis.2009.12","article-title":"Behavioral and Policy Issues in Information Systems Security: The Insider Threat","volume":"18","author":"Warkentin","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025082212155826500_b83-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"1","DOI":"10.25300\/MISQ\/2013\/37.1.01","article-title":"Beyond Deterrence: An Expanded View of Employee Computer Abuse","volume":"37","author":"Willison","year":"2013","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212155826500_b84-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"329","DOI":"10.1080\/03637759209376276","article-title":"Putting the Fear Back into Fear Appeals: The Extended Parallel Process Model","volume":"59","author":"Witte","year":"1992","journal-title":"Communication Monographs"},{"issue":"4","key":"2025082212155826500_b85-14_13853_ra_moody","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1080\/108107396127988","article-title":"Predicting Risk Behaviors: Development and Validation of a Diagnostic Scale","volume":"1","author":"Witte","year":"1996","journal-title":"Journal of Health Communications"}],"container-title":["MIS Quarterly"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/42\/1\/285\/6105\/14_13853_ra_moody.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/42\/1\/285\/6105\/14_13853_ra_moody.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:18:21Z","timestamp":1755879501000},"score":1,"resource":{"primary":{"URL":"https:\/\/misq.umn.edu\/misq\/article\/42\/1\/285\/1699\/Toward-a-Unified-Model-of-Information-Security"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,3,1]]},"references-count":85,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2018,3,1]]},"published-print":{"date-parts":[[2018,3,1]]}},"URL":"https:\/\/doi.org\/10.25300\/misq\/2018\/13853","relation":{},"ISSN":["0276-7783","2162-9730"],"issn-type":[{"value":"0276-7783","type":"print"},{"value":"2162-9730","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,3,1]]}}}