{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T00:35:17Z","timestamp":1776472517151,"version":"3.51.2"},"reference-count":229,"publisher":"MIS Quarterly","issue":"1","license":[{"start":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T00:00:00Z","timestamp":1743292800000},"content-version":"vor","delay-in-days":394,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,3,1]]},"abstract":"Many of the theories used in behavioral cybersecurity research have been applied with a nomothetic approach, which is characterized by cross-sectional data (e.g., one-time surveys) that identify patterns across a population of individuals. Although this can provide valuable between-person, point-in-time insights (e.g., employees who use neutralization techniques, such as denying responsibility for cybersecurity policy violations, tend to comply less), it is unable to reveal within-person patterns that account for varying experiences and situations over time. This paper articulates why an idiographic approach, which undertakes a within-person analysis of longitudinal data, can: (1) help validate widely used theories in behavioral cybersecurity research that imply patterns of behavior within a given person over time and (2) provide distinct theoretical insights on behavioral cybersecurity phenomena by accounting for such within-person patterns. To these ends, we apply an idiographic approach to an established theory in behavioral cybersecurity research\u2014neutralization theory\u2014and empirically test a within-person variant of this theory using a four-week experience sampling study. Our results support a more granular application of neutralization theory in the cybersecurity context that considers the behavior of a given person over time. We conclude the paper by highlighting the contexts and theories that provide the most promising opportunities for future behavioral cybersecurity research using an idiographic approach.<\/jats:p>","DOI":"10.25300\/misq\/2023\/17707","type":"journal-article","created":{"date-parts":[[2024,5,13]],"date-time":"2024-05-13T16:59:37Z","timestamp":1715619577000},"page":"95-136","source":"Crossref","is-referenced-by-count":21,"title":["Time Will Tell: The Case for an Idiographic Approach to Behavioral Cybersecurity Research"],"prefix":"10.25300","volume":"48","author":[{"given":"W. Alec","family":"Cram","sequence":"first","affiliation":[{"name":"School of Accounting & Finance, University of Waterloo, Waterloo, ON Canada"}]},{"given":"John","family":"D\u2019Arcy","sequence":"additional","affiliation":[{"name":"Lerner College of Business & Economics, University of Delaware, Newark, DE, U.S.A"}]},{"given":"Alexander","family":"Benlian","sequence":"additional","affiliation":[{"name":"Information Systems & E-Services, Technical University of Darmstadt, Darmstadt, Germany"}]}],"member":"10933","published-online":{"date-parts":[[2024,3,1]]},"reference":[{"issue":"3","key":"2025082212323357100_b1-04_ra-17707-cram-to_journal-mb","first-page":"201","article-title":"The influence of employee affective organizational commitment on security policy attitudes and compliance intentions","volume":"11","author":"Aurigemma","year":"2015","journal-title":"Journal of Information System Security"},{"issue":"4","key":"2025082212323357100_b2-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"421","DOI":"10.1108\/ICS-11-2016-0089","article-title":"Deterrence and punishment experience impacts on ISP compliance attitudes","volume":"25","author":"Aurigemma","year":"2017","journal-title":"Information & Computer Security"},{"key":"2025082212323357100_b3-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1016\/j.cose.2017.02.006","article-title":"Privilege or procedure: Evaluating the effect of employee status on intent to comply with socially interactive information security threats and controls","volume":"66","author":"Aurigemma","year":"2017","journal-title":"Computers & Security"},{"issue":"12","key":"2025082212323357100_b4-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1700","DOI":"10.17705\/1jais.00583","article-title":"Generally speaking, context matters: Making the case for a change from universal to particular ISP research","volume":"20","author":"Aurigemma","year":"2019","journal-title":"Journal of the Association for Information Systems"},{"issue":"3","key":"2025082212323357100_b5-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1080\/08874417.2017.1318687","article-title":"Managers' and employees' differing responses to security approaches","volume":"59","author":"Balozian","year":"2019","journal-title":"Journal of Computer Information Systems"},{"issue":"1","key":"2025082212323357100_b6-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1108\/ITP-03-2019-0109","article-title":"Information system security policy noncompliance: The role of situation-specific ethical orientation","volume":"34","author":"Bansal","year":"2021","journal-title":"Information Technology & People"},{"issue":"8","key":"2025082212323357100_b7-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"689","DOI":"10.17705\/1jais.00506","article-title":"Don\u2019t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance","volume":"19","author":"Barlow","year":"2018","journal-title":"Journal for the Association for Information Systems"},{"issue":"3","key":"2025082212323357100_b8-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1145\/3130515.3130519","article-title":"From information security awareness to reasoned compliant action: Analyzing information security policy compliance in a large banking organization","volume":"48","author":"Bauer","year":"2017","journal-title":"The Data Base for Advances in Information Systems"},{"key":"2025082212323357100_b9-04_ra-17707-cram-to_journal-mb","first-page":"67","article-title":"Strength model of self-regulation as limited resource: Assessment, controversies, update","volume-title":"Advances in experimental social psychology","author":"Baumeister","year":"2016"},{"key":"2025082212323357100_b10-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","DOI":"10.1515\/9781400837991","volume-title":"Blind spots: Why we fail to do what\u2019s right and what to do about it","author":"Bazerman","year":"2011"},{"key":"2025082212323357100_b11-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1037\/0000115-014","article-title":"Looking within: An examination, combination, and extension of within-person methods across multiple levels of analysis","volume-title":"The handbook of multilevel theory, measurement, and analysis","author":"Beal","year":"2019"},{"issue":"4","key":"2025082212323357100_b12-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1002\/job.713","article-title":"Stability, change, and the stability of change in daily workplace affect","volume":"32","author":"Beal","year":"2011","journal-title":"Journal of Organizational Behavior"},{"issue":"4","key":"2025082212323357100_b13-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"440","DOI":"10.1177\/1094428103257361","article-title":"Methods of ecological momentary assessment in organizational research","volume":"6","author":"Beal","year":"2003","journal-title":"Organizational Research Methods"},{"issue":"3","key":"2025082212323357100_b14-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1259","DOI":"10.25300\/MISQ\/2020\/14911","article-title":"A daily field investigation of technology-driven stress spillovers from work to home","volume":"44","author":"Benlian","year":"2020","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212323357100_b15-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1287\/isre.2021.1069","article-title":"Sprint zeal or sprint fatigue? The benefits and burdens of agile ISD practices use for developer well-being","volume":"33","author":"Benlian","year":"2022","journal-title":"Information Systems Research"},{"issue":"5","key":"2025082212323357100_b16-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1001\/jama.290.5.612","article-title":"Exposure to terrorism, stress-related mental health symptoms, and coping behaviors among a nationally representative sample in Israel","volume":"290","author":"Bleich","year":"2003","journal-title":"JAMA"},{"key":"2025082212323357100_b17-04_ra-17707-cram-to_journal-mb","article-title":"Intensive longitudinal methods: An introduction to diary and experience sampling research","volume-title":"Methodology in the social sciences","author":"Bolger","year":"2013"},{"issue":"4","key":"2025082212323357100_b18-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","article-title":"What do users have to fear? Using fear appeals to engender threats and fear that motivate protective behaviors in users","volume":"39","author":"Boss","year":"2015","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212323357100_b19-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1057\/ejis.2009.8","article-title":"If someone is watching, i'll do what I'm asked: Mandatoriness, control, and information security","volume":"18","author":"Boss","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025082212323357100_b20-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"issue":"6","key":"2025082212323357100_b21-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1187","DOI":"10.1111\/deci.12304","article-title":"Intentions to comply versus intentions to protect: A VIE theory approach to understanding the influence of insiders\u2019 awareness of organizational SETA efforts","volume":"49","author":"Burns","year":"2018","journal-title":"Decision Sciences"},{"issue":"1","key":"2025082212323357100_b22-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1287\/isre.2022.1133","article-title":"Going beyond deterrence: A middle-range theory of motives and controls for insider computer abuse","volume":"34","author":"Burns","year":"2023","journal-title":"Information Systems Research"},{"key":"2025082212323357100_b23-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1016\/j.cobeha.2017.12.009","article-title":"Habit formation and change","volume":"20","author":"Carden","year":"2018","journal-title":"Current Opinion in Behavioral Sciences"},{"issue":"3","key":"2025082212323357100_b24-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1080\/15536548.2005.10855772","article-title":"Perceptions of information security in the workplace: Linking information security climate to compliant behavior","volume":"1","author":"Chan","year":"2005","journal-title":"Journal of Information Privacy & Security"},{"issue":"4","key":"2025082212323357100_b25-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"973","DOI":"10.1108\/ITP-12-2017-0421","article-title":"The effects of moral disengagement and organizational ethical climate on insiders\u2019 information security policy violation behavior","volume":"32","author":"Chen","year":"2019","journal-title":"Information Technology & People"},{"issue":"4","key":"2025082212323357100_b26-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1080\/08874417.2016.1258679","article-title":"Factors that influence employees\u2019 security policy compliance: An awareness-motivation-capability perspective","volume":"58","author":"Chen","year":"2018","journal-title":"Journal of Computer Information Systems"},{"issue":"8","key":"2025082212323357100_b27-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1049","DOI":"10.1016\/j.im.2018.05.011","article-title":"Sanction severity and employees\u2019 information security policy compliance: Investigating mediating, moderating, and control variables","volume":"55","author":"Chen","year":"2018","journal-title":"Information & Management"},{"issue":"3","key":"2025082212323357100_b28-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1043","DOI":"10.1287\/isre.2021.1014","article-title":"Understanding inconsistent employee compliance with information security policies through the lens of the extended parallel process model","volume":"32","author":"Chen","year":"2021","journal-title":"Information Systems Research"},{"key":"2025082212323357100_b29-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1016\/j.chb.2014.05.043","article-title":"Understanding personal use of the Internet at work: An integrated model of neutralization techniques and general deterrence theory","volume":"38","author":"Cheng","year":"2014","journal-title":"Computers in Human Behavior"},{"key":"2025082212323357100_b30-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1016\/j.cose.2013.09.009","article-title":"Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory","volume":"39","author":"Cheng","year":"2013","journal-title":"Computers & Security"},{"issue":"1","key":"2025082212323357100_b31-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1080\/10580530.2018.1553647","article-title":"Adaptive and maladaptive coping with an IT threat","volume":"36","author":"Chenoweth","year":"2019","journal-title":"Information Systems Management"},{"issue":"1","key":"2025082212323357100_b32-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/s10551-014-2250-4","article-title":"Explaining the misuse of information systems resources in the workplace: A dual-process approach","volume":"131","author":"Chu","year":"2015","journal-title":"Journal of Business Ethics"},{"issue":"3","key":"2025082212323357100_b33-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1111\/j.1751-9004.2009.00170.x","article-title":"Experience sampling methods: A modern idiographic approach to personality research","volume":"3","author":"Conner","year":"2009","journal-title":"Social and Personality Psychology Compass"},{"issue":"2","key":"2025082212323357100_b34-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"525","DOI":"10.25300\/MISQ\/2019\/15117","article-title":"Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance","volume":"43","author":"Cram","year":"2019","journal-title":"MIS Quarterly"},{"issue":"6","key":"2025082212323357100_b35-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"605","DOI":"10.1057\/s41303-017-0059-9","article-title":"Organizational information security policies: A review and research framework","volume":"26","author":"Cram","year":"2017","journal-title":"European Journal of Information Systems"},{"key":"2025082212323357100_b36-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1146\/annurev.psych.093008.100356","article-title":"The disaggregation of within-person effects in longitudinal models of change","volume":"62","author":"Curran","year":"2011","journal-title":"Annual Review of Psychology"},{"issue":"5","key":"2025082212323357100_b37-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1108\/IMCS-08-2013-0057","article-title":"Security culture and the employment relationship as drivers of employees\u2019 security compliance","volume":"22","author":"D\u2019Arcy","year":"2014","journal-title":"Information Management & Computer Security"},{"issue":"2","key":"2025082212323357100_b38-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","article-title":"Understanding employee responses to stressful information security requirements: A coping perspective","volume":"31","author":"D\u2019Arcy","year":"2014","journal-title":"Journal of Management Information Systems"},{"issue":"8","key":"2025082212323357100_b39-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.17705\/1atrr.00028","article-title":"Employee moral disengagement in response to stressful information security requirements: A methodological replication of a coping-based model","volume":"4","author":"D\u2019Arcy","year":"2018","journal-title":"AIS Transactions on Replication Research"},{"issue":"1","key":"2025082212323357100_b40-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach","volume":"20","author":"D\u2019Arcy","year":"2009","journal-title":"Information Systems Research"},{"issue":"1","key":"2025082212323357100_b41-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1111\/isj.12173","article-title":"Cognitive-affective drivers of employees\u2019 daily compliance with information security policies: A multilevel, longitudinal study","volume":"29","author":"D\u2019Arcy","year":"2019","journal-title":"Information Systems Journal"},{"issue":"7","key":"2025082212323357100_b42-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2019.02.006","article-title":"Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization","volume":"56","author":"D\u2019Arcy","year":"2019","journal-title":"Information & Management"},{"key":"2025082212323357100_b43-04_ra-17707-cram-to_journal-mb","unstructured":"Deloitte\n . (2017). Cultivating a cyber risk-aware culture: The value of people. https:\/\/www2.deloitte.com\/content\/dam\/Deloitte\/us\/Documents\/financial-services\/us-fas-cultivating-a-cyber-risk-aware-culture.pdf"},{"key":"2025082212323357100_b44-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/3210530.3210533","article-title":"Security on autopilot: Why current security theories hijack our thinking and lead us astray","volume":"49","author":"Dennis","year":"2018","journal-title":"The Data Base for Advances in Information Systems"},{"issue":"1","key":"2025082212323357100_b45-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"152","DOI":"10.17705\/1jais.00595","article-title":"The mediating role of psychological empowerment in information security compliance intentions","volume":"21","author":"Dhillon","year":"2020","journal-title":"Journal for the Association for Information Systems"},{"issue":"8","key":"2025082212323357100_b46-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"3677","DOI":"10.1287\/mnsc.2019.3386","article-title":"The Friday effect: Firm lobbying, the timing of drug safety alerts, and drug side effects","volume":"66","author":"Diestre","year":"2020","journal-title":"Management Science"},{"issue":"4","key":"2025082212323357100_b47-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1111\/j.1365-2575.2007.00289.x","article-title":"User behaviour towards protective information technologies: The role of national cultural differences","volume":"19","author":"Dinev","year":"2009","journal-title":"Information Systems Journal"},{"issue":"7","key":"2025082212323357100_b48-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"386","DOI":"10.17705\/1jais.00133","article-title":"The centrality of awareness in the formation of user behavioral intention toward protective information technologies","volume":"8","author":"Dinev","year":"2007","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"2025082212323357100_b49-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1037\/apl0000887","article-title":"The effect of mindfulness and job demands on motivation and performance trajectories across the workweek: An entrainment theory perspective","volume":"107","author":"Dust","year":"2022","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"2025082212323357100_b50-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/s41782-021-00127-7","article-title":"Battery discharge from Monday to Friday: Background social stress at work is associated with more rapid accumulation of fatigue","volume":"5","author":"Elfering","year":"2021","journal-title":"Sleep and vigilance"},{"issue":"2","key":"2025082212323357100_b51-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1037\/1082-989X.12.2.121","article-title":"Centering predictor variables in cross-sectional multilevel models: A new look at an old issue","volume":"12","author":"Enders","year":"2007","journal-title":"Psychological Methods"},{"key":"2025082212323357100_b52-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2020.102082","article-title":"Onlooker effect and affective responses in information security violation mitigation","volume":"100","author":"Farshadkhah","year":"2021","journal-title":"Computers & Security"},{"issue":"11","key":"2025082212323357100_b53-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1650","DOI":"10.17705\/1jais.00581","article-title":"How paternalistic leadership influences IT security policy compliance: The mediating role of the social bond","volume":"20","author":"Feng","year":"2019","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212323357100_b54-04_ra-17707-cram-to_journal-mb","volume-title":"Belief, attitude, intention and behavior: An introduction to theory and research","author":"Fishbein","year":"1975"},{"key":"2025082212323357100_b55-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"865","DOI":"10.1002\/job.1803","article-title":"Using experience sampling methodology in organizational behavior","volume":"33","author":"Fisher","year":"2012","journal-title":"Journal of Organizational Behavior"},{"issue":"2","key":"2025082212323357100_b56-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1057\/ejis.2015.9","article-title":"Factors influencing the intention to comply with data protection regulations in hospitals: Based on gender differences in behaviour and deterrence","volume":"25","author":"Foth","year":"2016","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025082212323357100_b57-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/s10389-011-0456-9","article-title":"Technology acceptance as an influencing factor of hospital employees\u2019 compliance with data-protection standards in Germany","volume":"20","author":"Foth","year":"2012","journal-title":"Journal of Public Health"},{"issue":"1","key":"2025082212323357100_b58-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1177\/23727322145504","article-title":"Persistence: How treatment effects persist after interventions stop","volume":"1","author":"Frey","year":"2014","journal-title":"Policy Insights from the Behavioral and Brain Sciences"},{"issue":"8","key":"2025082212323357100_b59-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1137","DOI":"10.1002\/job.672","article-title":"The weekend matters: Relationships between stress recovery and affective experiences","volume":"32","author":"Fritz","year":"2010","journal-title":"Journal of Organizational Behavior"},{"issue":"4","key":"2025082212323357100_b60-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"969","DOI":"10.1177\/109442811880262","article-title":"Experience sampling methods: A discussion of critical trends and considerations for scholarly advancement","volume":"22","author":"Gabriel","year":"2019","journal-title":"Organizational Research Methods"},{"key":"2025082212323357100_b61-04_ra-17707-cram-to_journal-mb","volume-title":"Longitudinal structural equation modeling with Mplus: A latent state-trait perspective","author":"Geiser","year":"2020"},{"key":"2025082212323357100_b62-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"172","DOI":"10.3758\/s13428-014-0457-z","article-title":"Distinguishing state variability from trait change in longitudinal data: The role of measurement (non)invariance in latent state-trait analyses","volume":"47","author":"Geiser","year":"2015","journal-title":"Behavior Research Methods"},{"issue":"4","key":"2025082212323357100_b63-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2021.103447","article-title":"Can financial incentives help with the struggle for security policy compliance?","volume":"58","author":"Goel","year":"2021","journal-title":"Information & Management"},{"issue":"4","key":"2025082212323357100_b64-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1109\/TPC.2014.2374011","article-title":"A path to successful management of employee security compliance: An empirical study of information security climate","volume":"57","author":"Goo","year":"2014","journal-title":"IEEE Transactions on Professional Communication"},{"key":"2025082212323357100_b65-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1016\/j.dss.2019.02.010","article-title":"Quality matters: Evoking subjective norms and coping appraisals by system design to increase security intentions","volume":"119","author":"Grimes","year":"2019","journal-title":"Decision Support Systems"},{"issue":"6","key":"2025082212323357100_b66-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1016\/j.im.2012.08.001","article-title":"The effects of multilevel sanctions on information security violations: A mediating model","volume":"49","author":"Guo","year":"2012","journal-title":"Information & Management"},{"issue":"2","key":"2025082212323357100_b67-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","article-title":"Understanding nonmalicious security violations in the workplace: A composite behavior model","volume":"28","author":"Guo","year":"2011","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"2025082212323357100_b68-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1111\/isj.12257","article-title":"Information security policy noncompliance: An integrative social influence model","volume":"30","author":"Gwebu","year":"2020","journal-title":"Information Systems Journal"},{"key":"2025082212323357100_b69-04_ra-17707-cram-to_journal-mb","first-page":"43","article-title":"Why researchers should think \u201cwithin-person\u201d: A paradigmatic rationale","volume-title":"Handbook of research methods for studying daily life","author":"Hamaker","year":"2012"},{"issue":"1","key":"2025082212323357100_b70-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1037\/a0038889","article-title":"A critique of the cross-lagged panel model","volume":"20","author":"Hamaker","year":"2015","journal-title":"Psychological Methods"},{"key":"2025082212323357100_b71-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1016\/j.cose.2016.12.016","article-title":"An integrative model of information security policy compliance with psychological contract: Examining a bilateral perspective","volume":"66","author":"Han","year":"2017","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212323357100_b72-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"257","DOI":"10.2307\/249656","article-title":"The effect of codes of ethics and personal denial of responsibility on computer abuse judgements and intentions","volume":"20","author":"Harrington","year":"1996","journal-title":"MIS Quarterly"},{"key":"2025082212323357100_b73-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","DOI":"10.4324\/9780429060274","volume-title":"An introduction to multilevel modeling techniques: MLM and SEM approaches","author":"Heck","year":"2020"},{"key":"2025082212323357100_b74-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","DOI":"10.4324\/9781315746494","volume-title":"An introduction to multilevel modeling techniques: MLM and SEM approaches using Mplus","author":"Heck","year":"2015"},{"issue":"2","key":"2025082212323357100_b75-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","article-title":"Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness","volume":"47","author":"Herath","year":"2009","journal-title":"Decision Support Systems"},{"issue":"2","key":"2025082212323357100_b76-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: A framework for security policy compliance in organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"6","key":"2025082212323357100_b77-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1135","DOI":"10.1108\/ITP-10-2017-0322","article-title":"Examining employee security violations: Moral disengagement and its environmental influences","volume":"31","author":"Herath","year":"2018","journal-title":"Information Technology & People"},{"key":"2025082212323357100_b78-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2019.101594","article-title":"Institutional governance and protection motivation: Theoretical insights into shaping employees\u2019 security compliance behavior in higher education institutions in the developing world","volume":"87","author":"Hina","year":"2019","journal-title":"Computers & Security"},{"issue":"2-3","key":"2025082212323357100_b79-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1080\/15427600902911189","article-title":"Persons as contexts: Evaluating between-person and within-person effects in longitudinal analysis","volume":"6","author":"Hoffman","year":"2009","journal-title":"Research in Human Development"},{"key":"2025082212323357100_b80-04_ra-17707-cram-to_journal-mb","first-page":"467","article-title":"The application of hierarchical linear modeling to organizational research","volume-title":"Multilevel theory, research, and methods in organizations: Foundations, extensions, and new directions","author":"Hofmann","year":"2000"},{"issue":"1","key":"2025082212323357100_b81-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/08874417.2019.1683781","article-title":"Motivating information security policy compliance: Insights from perceived organizational formalization","volume":"62","author":"Hong","year":"2022","journal-title":"Journal of Computer Information Systems"},{"issue":"2","key":"2025082212323357100_b82-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1016\/j.im.2011.12.005","article-title":"Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the US and South Korea","volume":"49","author":"Hovav","year":"2012","journal-title":"Information & Management"},{"key":"2025082212323357100_b83-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.pmcj.2016.06.007","article-title":"This is my device! Why should I follow your rules? Employees\u2019 compliance with BYOD security policy","volume":"32","author":"Hovav","year":"2016","journal-title":"Pervasive and Mobile Computing"},{"issue":"2","key":"2025082212323357100_b84-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1287\/isre.2015.0569","article-title":"The role of extra-role behaviors and social controls in information security policy effectiveness","volume":"26","author":"Hsu","year":"2015","journal-title":"Information Systems Research"},{"issue":"1","key":"2025082212323357100_b85-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/10705519909540118","article-title":"Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria versus new alternatives","volume":"6","author":"Hu","year":"1999","journal-title":"Structural Equation Modeling: A Multidisciplinary Journal"},{"issue":"4","key":"2025082212323357100_b86-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"615","DOI":"10.1111\/j.1540-5915.2012.00361.x","article-title":"Managing employee compliance with information security policies: The critical role of top management and organizational culture","volume":"43","author":"Hu","year":"2012","journal-title":"Decision Sciences"},{"issue":"1","key":"2025082212323357100_b87-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1177\/18333583177002","article-title":"Indirect effect of management support on users\u2019 compliance behaviour towards information security policies","volume":"47","author":"Humaidi","year":"2018","journal-title":"Health Information Management Journal"},{"issue":"1","key":"2025082212323357100_b88-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1108\/OIR-11-2015-0358","article-title":"Why not comply with information security? An empirical approach for the causes of non-compliance","volume":"41","author":"Hwang","year":"2017","journal-title":"Online Information Review"},{"issue":"4","key":"2025082212323357100_b89-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1080\/08874417.2019.1650676","article-title":"Security awareness: The first step in information security compliance behavior","volume":"61","author":"Hwang","year":"2021","journal-title":"Journal of Computer Information Systems"},{"key":"2025082212323357100_b90-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","unstructured":"IBM Security\n . (2021). Ibm x-force threat intelligence report 2021. https:\/\/www.ibm.com\/security\/data-breach\/threat-intelligence","DOI":"10.1016\/S1353-4858(21)00026-X"},{"issue":"1","key":"2025082212323357100_b91-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","article-title":"Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory","volume":"31","author":"Ifinedo","year":"2012","journal-title":"Computers & Security"},{"issue":"1","key":"2025082212323357100_b92-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1016\/j.im.2013.10.001","article-title":"Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition","volume":"51","author":"Ifinedo","year":"2014","journal-title":"Information & Management"},{"issue":"1","key":"2025082212323357100_b93-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1080\/10580530.2015.1117868","article-title":"Critical times for organizations: What should be done to curb workers\u2019 noncompliance with IS security policy guidelines?","volume":"33","author":"Ifinedo","year":"2016","journal-title":"Information Systems Management"},{"issue":"10","key":"2025082212323357100_b94-04_ra-17707-cram-to_journal-mb","first-page":"118","article-title":"Organizational climate and individual factors effects on information security compliance behaviour","volume":"4","author":"Jaafar","year":"2013","journal-title":"International Journal of Business and Social Science"},{"issue":"3","key":"2025082212323357100_b95-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1111\/isj.12317","article-title":"Eyes wide open: The role of situational information security awareness for security-related behaviour","volume":"31","author":"Jaeger","year":"2020","journal-title":"Information Systems Journal"},{"issue":"3","key":"2025082212323357100_b96-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2020.103318","article-title":"The role of deterrability for the effect of multi-level sanctions on information security policy compliance: Results of a multigroup analysis","volume":"58","author":"Jaeger","year":"2021","journal-title":"Information & Management"},{"issue":"3","key":"2025082212323357100_b97-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"673","DOI":"10.1111\/peps.12120","article-title":"Champions, converts, doubters, and defectors: The impact of shifting perceptions on momentum for change","volume":"69","author":"Jansen","year":"2016","journal-title":"Personnel Psychology"},{"issue":"1","key":"2025082212323357100_b98-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"246","DOI":"10.17705\/1jais.00660","article-title":"Mitigating the security intention-behavior gap: The moderating role of required effort on the intention-behavior relationship","volume":"22","author":"Jenkins","year":"2021","journal-title":"Journal of the Association for Information Systems"},{"issue":"1","key":"2025082212323357100_b99-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1080\/0960085X.2020.1793696","article-title":"Using susceptibility claims to motivate behaviour change in IT security","volume":"30","author":"Jensen","year":"2021","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025082212323357100_b100-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1145\/3242734.3242739","article-title":"Rethinking the prevailing security paradigm: Can user empowerment with traceability reduce the rate of security policy circumvention?","volume":"49","author":"Jeon","year":"2018","journal-title":"The Data Base for Advances in Information Systems"},{"issue":"2","key":"2025082212323357100_b101-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"599","DOI":"10.1108\/ITP-05-2018-0256","article-title":"Exploring the role of intrinsic motivation in ISSP compliance: Enterprise digital rights management system case","volume":"34","author":"Jeon","year":"2020","journal-title":"Information Technology & People"},{"issue":"3","key":"2025082212323357100_b102-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear appeals and information security behaviors: An empirical study","volume":"34","author":"Johnston","year":"2010","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212323357100_b103-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1111\/deci.12328","article-title":"Speak their language: Designing effective messages to improve employees\u2019 information security decision making","volume":"50","author":"Johnston","year":"2019","journal-title":"Decision Sciences"},{"issue":"3","key":"2025082212323357100_b104-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1057\/ejis.2015.15","article-title":"Dispositional and situational factors: Influences on information security policy violations","volume":"25","author":"Johnston","year":"2016","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025082212323357100_b105-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","article-title":"An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric","volume":"39","author":"Johnston","year":"2015","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212323357100_b106-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"692","DOI":"10.5465\/256287","article-title":"Psychological conditions of personal engagement and disengagement at work","volume":"33","author":"Kahn","year":"1990","journal-title":"Academy of Management Journal"},{"key":"2025082212323357100_b107-04_ra-17707-cram-to_journal-mb","volume-title":"Thinking, fast and slow","author":"Kahneman","year":"2011"},{"issue":"4","key":"2025082212323357100_b108-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"888","DOI":"10.1111\/isj.12374","article-title":"That's interesting: An examination of interest theory and self-determination in organisational cybersecurity training","volume":"32","author":"Kam","year":"2022","journal-title":"Information Systems Journal"},{"issue":"2","key":"2025082212323357100_b109-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"687","DOI":"10.1287\/isre.2018.0827","article-title":"Toward a theory of information systems security behaviors of organizational employees: A dialectical process perspective","volume":"30","author":"Karjalainen","year":"2019","journal-title":"Information Systems Research"},{"key":"2025082212323357100_b110-04_ra-17707-cram-to_journal-mb","unstructured":"Kaspersky Lab\n . (2017). Human factor in IT security: How employees are making businesses vulnerable from within. Retrieved October 4, 2020 from https:\/\/usa.kaspersky.com\/about\/press-releases\/2017_kaseprsky-lab-survey-one-in-four-hide-cybersecurity-incidents-from-their-employers"},{"issue":"2","key":"2025082212323357100_b111-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1037\/a0028086","article-title":"On effect size","volume":"17","author":"Kelley","year":"2012","journal-title":"Psychological Methods"},{"issue":"4","key":"2025082212323357100_b112-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"858","DOI":"10.1108\/ITP-09-2017-0298","article-title":"Do employees in a \u201cgood\u201d company comply better with information security policy? A corporate social responsibility perspective","volume":"32","author":"Kim","year":"2019","journal-title":"Information Technology & People"},{"key":"2025082212323357100_b113-04_ra-17707-cram-to_journal-mb","volume-title":"Multilevel theory, research, and methods in organizations: Foundations, extensions, and new directions","author":"Klein","year":"2000"},{"issue":"2","key":"2025082212323357100_b114-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1080\/08874417.2020.1779151","article-title":"Reliability, validity, and strength of a unified model for information security policy compliance","volume":"61","author":"Koohang","year":"2021","journal-title":"Journal of Computer Information Systems"},{"issue":"1","key":"2025082212323357100_b115-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/08874417.2019.1668738","article-title":"Information security policy compliance: Leadership, trust, role values, and awareness","volume":"60","author":"Koohang","year":"2020","journal-title":"Journal of Computer Information Systems"},{"issue":"2","key":"2025082212323357100_b116-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"414","DOI":"10.5465\/amj.2014.0262","article-title":"Integrating the bright and dark sides of OCB: A daily investigation of the benefits and costs of helping others","volume":"59","author":"Koopman","year":"2016","journal-title":"Academy of Management Journal"},{"issue":"198","key":"2025082212323357100_b117-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10916-017-0833-1","article-title":"A deterrence approach to regulate nurses\u2019 compliance with electronic medical records privacy policy","volume":"41","author":"Kuo","year":"2017","journal-title":"Journal of Medical Systems"},{"issue":"6","key":"2025082212323357100_b118-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1111\/isj.12037","article-title":"Exploring the effects of organizational justice, personal ethics and sanction on internet use policy compliance","volume":"24","author":"Li","year":"2014","journal-title":"Information Systems Journal"},{"issue":"4","key":"2025082212323357100_b119-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"635","DOI":"10.1016\/j.dss.2009.12.005","article-title":"Understanding compliance with internet use policy from the perspective of rational choice theory","volume":"48","author":"Li","year":"2010","journal-title":"Decision Support Systems"},{"issue":"2","key":"2025082212323357100_b120-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1080\/08874417.2009.11645384","article-title":"Workplace management and employee misuse: Does punishment matter?","volume":"50","author":"Liao","year":"2009","journal-title":"Journal of Computer Information Systems"},{"issue":"5","key":"2025082212323357100_b121-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"560","DOI":"10.1111\/jopy.12182","article-title":"Weekly cycles in daily report data: An overlooked issue","volume":"84","author":"Liu","year":"2016","journal-title":"Journal of Personality"},{"issue":"7","key":"2025082212323357100_b122-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1145\/233977.233999","article-title":"Evaluating ethical decision-making and computer use","volume":"39","author":"Loch","year":"1996","journal-title":"Communications of the ACM"},{"issue":"8","key":"2025082212323357100_b123-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s40536-018-0061-2","article-title":"Effect size measures for multilevel models: Definition, interpretation, and TIMSS example","volume":"6","author":"Lorah","year":"2018","journal-title":"Large-scale Assessments in Education"},{"issue":"5","key":"2025082212323357100_b124-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1111\/isj.12043","article-title":"Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies","volume":"25","author":"Lowry","year":"2015","journal-title":"Information Systems Journal"},{"issue":"3","key":"2025082212323357100_b125-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1111\/isj.12063","article-title":"Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust","volume":"25","author":"Lowry","year":"2015","journal-title":"Information Systems Journal"},{"issue":"4","key":"2025082212323357100_b126-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"962","DOI":"10.1287\/isre.2016.0671","article-title":"Why do adults engage in cyberbullying on social media? An integration of online disinhibition and deindividuation effects with the social structure and social learning model","volume":"27","author":"Lowry","year":"2016","journal-title":"Information Systems Research"},{"issue":"6","key":"2025082212323357100_b127-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1552","DOI":"10.17705\/1jais.00646","article-title":"Why individual employees commit malicious computer abuse: A routine activity theory perspective","volume":"21","author":"Luo","year":"2020","journal-title":"Journal of the Association for Information Systems"},{"issue":"4","key":"2025082212323357100_b128-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"790","DOI":"10.1111\/isj.12424","article-title":"The effects of knowledge mechanisms on employees' information security threat construal","volume":"33","author":"Mady","year":"2023","journal-title":"Information Systems Journal"},{"key":"2025082212323357100_b129-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1086\/655355","article-title":"What have we learned from five decades of neutralization research?","volume":"32","author":"Maruna","year":"2005","journal-title":"Crime and Justice"},{"issue":"3","key":"2025082212323357100_b130-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"664","DOI":"10.17705\/1jais.00793","article-title":"Positively fearful: Activating the individual\u2019s HERO within to explain volitional security technology adoption","volume":"24","author":"Mattson","year":"2023","journal-title":"Journal of the Association for Information Systems"},{"issue":"12","key":"2025082212323357100_b131-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1848","DOI":"10.1037\/apl0000869","article-title":"Transformed by the family: An episodic, attachment theory perspective on family-work enrichment and transformational leadership","volume":"106","author":"McClean","year":"2021","journal-title":"Journal of Applied Psychology"},{"issue":"5","key":"2025082212323357100_b132-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"594","DOI":"10.3102\/10769986187763","article-title":"Does the package matter? A comparison of five common multilevel modeling software packages","volume":"43","author":"McCoach","year":"2018","journal-title":"Journal of Educational and Behavioral Statistics"},{"key":"2025082212323357100_b133-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.cose.2018.01.020","article-title":"The impact of collectivism and psychological ownership on protection motivation: A cross-cultural examination","volume":"75","author":"Menard","year":"2018","journal-title":"Computers & Security"},{"issue":"4","key":"2025082212323357100_b134-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"530","DOI":"10.5465\/amr.2001.5393889","article-title":"Building better theory: Time and the specification of when things happen","volume":"26","author":"Mitchell","year":"2001","journal-title":"Academy of Management Review"},{"issue":"4","key":"2025082212323357100_b135-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1207\/s15366359mea0204_1","article-title":"A manifesto on psychology as idiographic science: Bringing the person back into scientific psychology, this time forever","volume":"2","author":"Molenaar","year":"2004","journal-title":"Measurement"},{"issue":"2","key":"2025082212323357100_b136-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1111\/j.1467-8721.2009.01619","article-title":"The new person-specific paradigm in psychology","volume":"18","author":"Molenaar","year":"2009","journal-title":"Current Directions in Psychological Science"},{"issue":"6","key":"2025082212323357100_b137-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1016\/j.im.2013.04.005","article-title":"Using the theory of interpersonal behavior to explain non-work-related personal use of the Internet at work","volume":"50","author":"Moody","year":"2013","journal-title":"Information & Management"},{"issue":"1","key":"2025082212323357100_b138-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"285","DOI":"10.25300\/MISQ\/2018\/13853","article-title":"Toward a unified model of information security policy compliance","volume":"42","author":"Moody","year":"2018","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212323357100_b139-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1111\/j.1744-6570.2011.01237.x","article-title":"Why employees do bad things: Moral disengagement and unethical organizational behavior","volume":"65","author":"Moore","year":"2012","journal-title":"Personnel Psychology"},{"issue":"3","key":"2025082212323357100_b140-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1080\/08874417.2016.1153922","article-title":"The roles of awareness, sanctions, and ethics in software compliance","volume":"56","author":"Moquin","year":"2016","journal-title":"The Journal of Computer Information Systems"},{"issue":"1","key":"2025082212323357100_b141-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"196","DOI":"10.17705\/1jais.00723","article-title":"A test of protection motivation theory in the information security literature: A meta-analytic structural equation modeling approach","volume":"23","author":"Mou","year":"2022","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212323357100_b142-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1093\/oxfordhb\/9780195399820.013.0007","article-title":"Ego depletion: Theory and evidence","volume-title":"The Oxford handbook of human motivation","author":"Muraven","year":"2012"},{"issue":"2","key":"2025082212323357100_b143-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1037\/0033-2909.126.2.247","article-title":"Self-regulation and depletion of limited resources: Does self-control resemble a muscle","volume":"126","author":"Muraven","year":"2000","journal-title":"Psychological Bulletin"},{"key":"2025082212323357100_b144-04_ra-17707-cram-to_journal-mb","volume-title":"Mplus user's guide [computer software manual, version 8]","author":"Muth\u00e9n","year":"2008-2017"},{"issue":"3","key":"2025082212323357100_b145-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1177\/1094428103254673","article-title":"Longitudinal modeling with randomly and systematically missing data: A simulation of ad hoc, maximum likelihood, and multiple imputation techniques","volume":"6","author":"Newman","year":"2003","journal-title":"Organizational Research Methods"},{"issue":"12","key":"2025082212323357100_b146-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1794","DOI":"10.17705\/1jais.00586","article-title":"Integrating cognition with an affective lens to better understand information security policy compliance","volume":"20","author":"Ormond","year":"2019","journal-title":"Journal for the Association for Information Systems"},{"issue":"3","key":"2025082212323357100_b147-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1080\/08874417.2019.1571459","article-title":"Information security policy compliance: Leadership and trust","volume":"59","author":"Paliszkiewicz","year":"2019","journal-title":"Journal of Computer Information Systems"},{"key":"2025082212323357100_b148-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1016\/j.cose.2016.10.011","article-title":"The role of information security learning and individual factors in disclosing patients\u2019 health information","volume":"65","author":"Park","year":"2017","journal-title":"Computers & Security"},{"issue":"1","key":"2025082212323357100_b149-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1080\/07421222.2003.11045759","article-title":"Software piracy in the workplace: A model and empirical test","volume":"20","author":"Peace","year":"2003","journal-title":"Journal of Management Information Systems"},{"issue":"5","key":"2025082212323357100_b150-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1115","DOI":"10.17705\/1jais.00635","article-title":"Bringing context inside process research with digital trace data","volume":"21","author":"Pentland","year":"2020","journal-title":"Journal of the Association for Information Systems"},{"issue":"9","key":"2025082212323357100_b151-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1447","DOI":"10.1177\/0018726720924444","article-title":"Workdays are not created equal: Job satisfaction and job stressors across the workweek","volume":"74","author":"Pindek","year":"2021","journal-title":"Human Relations"},{"issue":"5","key":"2025082212323357100_b152-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"879","DOI":"10.1037\/0021-9010.88.5.879","article-title":"Common method bias in behavioral research: A critical review of the literature and recommended remedies","volume":"88","author":"Podsakoff","year":"2003","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"2025082212323357100_b153-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1177\/0149206309352110","article-title":"Longitudinal research: The theory, design, and analysis of change","volume":"36","author":"Polyhart","year":"2010","journal-title":"Journal of Management"},{"key":"2025082212323357100_b154-04_ra-17707-cram-to_journal-mb","unstructured":"Ponemon Institute\n . (2020). Cost of a data breach report. Ponemon Institute. https:\/\/www.ibm.com\/security\/data-breach"},{"issue":"1","key":"2025082212323357100_b155-04_ra-17707-cram-to_journal-mb","first-page":"24","article-title":"When computer monitoring back-fires: Privacy invasions and organizational injustice as precursors to computer abuse","volume":"7","author":"Posey","year":"2011","journal-title":"Journal of Information System Security"},{"key":"2025082212323357100_b156-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2020.102038","article-title":"An exploratory examination of organizational insiders\u2019 descriptive and normative perceptions of cyber-relevant rights and responsibilities","volume":"99","author":"Posey","year":"2020","journal-title":"Computers & Security"},{"key":"2025082212323357100_b157-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1016\/j.im.2014.03.009","article-title":"Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders","volume":"51","author":"Posey","year":"2014","journal-title":"Information & Management"},{"issue":"4","key":"2025082212323357100_b158-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"757","DOI":"10.2307\/25750704","article-title":"Improving employees' compliance through information systems security training: An action research study","volume":"34","author":"Puhakainen","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212323357100_b159-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"337","DOI":"10.5465\/19416520.2012.676762","article-title":"Building a sustainable model of human energy in organizations: Exploring the critical role of resources","volume":"6","author":"Quinn","year":"2012","journal-title":"Academy of Management Annals"},{"key":"2025082212323357100_b160-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/j.cose.2018.09.016","article-title":"Evaluating the explanatory power of theoretical frameworks on intention to comply with information security policies in higher education","volume":"80","author":"Rajab","year":"2019","journal-title":"Computers & Security"},{"key":"2025082212323357100_b161-04_ra-17707-cram-to_journal-mb","unstructured":"Renaud, K.\n (2020). Why companies should stop scaring employees about cybersecurity. The Wall Street Journal. Retrieved May 20, 2022 from https:\/\/www.wsj.com\/articles\/why-companies-should-stop-scaring-employees-about-cybersecurity-11607364000"},{"key":"2025082212323357100_b162-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"934","DOI":"10.1037\/0033-2909.128.6.934","article-title":"Belief and feeling: Evidence for an accessibility model of emotional self-report","volume":"128","author":"Robinson","year":"2002","journal-title":"Psychological Bulletin"},{"issue":"6","key":"2025082212323357100_b163-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1438","DOI":"10.1037\/a0016752","article-title":"Can \u201cgood\u201d stressors spark \"bad\" behaviors? The mediating role of emotions in links of challenge and hindrance stressors with citizenship and counterproductive behaviors","volume":"94","author":"Rodell","year":"2009","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"2025082212323357100_b164-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change","volume":"91","author":"Rogers","year":"1975","journal-title":"Journal of Psychology"},{"issue":"11","key":"2025082212323357100_b165-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1620","DOI":"10.1037\/apl0000140","article-title":"Who strikes back? A daily investigation of when and why incivility begets incivility","volume":"101","author":"Rosen","year":"2016","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"2025082212323357100_b166-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1016\/j.cose.2015.10.006","article-title":"Information security policy compliance model in organizations","volume":"56","author":"Safa","year":"2016","journal-title":"Computers & Security"},{"issue":"5","key":"2025082212323357100_b167-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"821","DOI":"10.1016\/j.jocs.2014.05.001","article-title":"Modeling employees behavior in workplace dynamics","volume":"5","author":"Saravakos","year":"2014","journal-title":"Journal of Computational Science"},{"issue":"4","key":"2025082212323357100_b168-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1240","DOI":"10.1287\/isre.2020.0941","article-title":"The influence of professional subculture on information security policy violations: A field study in a healthcare context","volume":"31","author":"Sarker","year":"2020","journal-title":"Information Systems Research"},{"key":"2025082212323357100_b169-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1016\/j.ecolecon.2016.11.009","article-title":"Green nudges: Do they work? Are they ethical?","volume":"132","author":"Schubert","year":"2017","journal-title":"Ecological Economics"},{"key":"2025082212323357100_b170-04_ra-17707-cram-to_journal-mb","first-page":"22","article-title":"Why researchers should think \u201creal-time\u201d: A cognitive rationale","volume-title":"Handbook of research methods for studying daily life","author":"Schwarz","year":"2012"},{"issue":"1","key":"2025082212323357100_b171-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"116","DOI":"10.5465\/amj.2011.59215086","article-title":"A multilevel field investigation of emotional labor, affect, work withdrawal, and gender","volume":"54","author":"Scott","year":"2011","journal-title":"Academy of Management Journal"},{"issue":"6","key":"2025082212323357100_b172-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1080\/08874417.2020.1845584","article-title":"Understanding employee information security policy compliance from role theory perspective","volume":"61","author":"Shadbad","year":"2021","journal-title":"Journal of Computer Information Systems"},{"issue":"1","key":"2025082212323357100_b173-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1108\/ITP-09-2020-0610","article-title":"Technostress and its influence on employee information security policy compliance","volume":"35","author":"Shadbad","year":"2022","journal-title":"Information Technology & People"},{"issue":"6","key":"2025082212323357100_b174-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","DOI":"10.1080\/08874417.2020.1812134","article-title":"Employees\u2019 behavior in phishing attacks: What individual, organizational, and technological factors matter?","volume":"61","author":"Shahbaznezhad","year":"2021","journal-title":"Journal of Computer Information Systems"},{"key":"2025082212323357100_b175-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2018.09.005","article-title":"Do I really belong?: Impact of employment status on information security policy compliance","volume":"87","author":"Sharma","year":"2019","journal-title":"Computers & Security"},{"issue":"7","key":"2025082212323357100_b176-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1080\/10447318.2016.1183862","article-title":"Nontechnical deterrence effects of mild and severe Internet use policy reminders in reducing employee Internet abuse","volume":"32","author":"Shepherd","year":"2016","journal-title":"International Journal of Human-Computer Interaction"},{"key":"2025082212323357100_b177-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1016\/j.cose.2015.01.002","article-title":"Personality, attitudes, and intentions: Predicting initial adoption of information security behavior","volume":"49","author":"Shropshire","year":"2015","journal-title":"Computers & Security"},{"key":"2025082212323357100_b178-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1016\/j.cose.2018.09.012","article-title":"Critical impact of organizational and individual inertia in explaining non-compliant security behavior in the shadow IT context","volume":"80","author":"Silic","year":"2019","journal-title":"Computers & Security"},{"issue":"1","key":"2025082212323357100_b179-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1080\/07421222.2019.1705512","article-title":"Using design-science based gamification to improve organizational security training and compliance","volume":"37","author":"Silic","year":"2020","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"2025082212323357100_b180-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1016\/j.im.2013.08.006","article-title":"Employees\u2019 adherence to information security policies: An exploratory field study","volume":"51","author":"Siponen","year":"2014","journal-title":"Information & Management"},{"key":"2025082212323357100_b181-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2019.101617","article-title":"Can individuals\u2019 neutralization techniques be overcome? A field experiment on password policy","volume":"88","author":"Siponen","year":"2020","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212323357100_b182-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"487","DOI":"10.2307\/25750688","article-title":"Neutralization: New insights into the problem of employee information systems security policy violations","volume":"34","author":"Siponen","year":"2010","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212323357100_b183-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"15","DOI":"10.4018\/irmj.2001100102","article-title":"On the role of human morality in information systems security","volume":"14","author":"Siponen","year":"2001","journal-title":"Information Resources Management Journal"},{"issue":"2","key":"2025082212323357100_b184-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1108\/ICS-04-2014-0025","article-title":"The sufficiency of the theory of planned behavior for explaining information security policy compliance","volume":"23","author":"Sommestad","year":"2015","journal-title":"Information and Computer Security"},{"issue":"4","key":"2025082212323357100_b185-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1080\/08874417.2017.1368421","article-title":"The theory of planned behavior and information security policy compliance","volume":"59","author":"Sommestad","year":"2019","journal-title":"Journal of Computer Information Systems"},{"issue":"7","key":"2025082212323357100_b186-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","article-title":"Out of fear or desire? Toward a better understanding of employees\u2019 motivation to follow IS security policies","volume":"48","author":"Son","year":"2011","journal-title":"Information & Management"},{"issue":"3","key":"2025082212323357100_b187-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1016\/j.ijinfomgt.2015.12.005","article-title":"Procedural justice to enhance compliance with non-work-related computing (NWRC) rules: Its determinants and interaction with privacy concerns","volume":"36","author":"Son","year":"2016","journal-title":"International Journal of Information Management"},{"key":"2025082212323357100_b188-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","DOI":"10.5465\/ambpp.2015.12933abstract","article-title":"A within-person approach to observing cyclical patterns of motivation","author":"Sotak","year":"2015"},{"issue":"3","key":"2025082212323357100_b189-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"503","DOI":"10.2307\/25750689","article-title":"User participation in information systems security risk management","volume":"34","author":"Spears","year":"2010","journal-title":"MIS Quarterly"},{"key":"2025082212323357100_b190-04_ra-17707-cram-to_journal-mb","volume-title":"Behavioral information security: Defining the criterion space","author":"Stanton","year":"2003"},{"issue":"5","key":"2025082212323357100_b191-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1002\/(SICI)1099-0984(199909\/10)13:5<389::AID-PER361>3.0.CO;2-A","article-title":"Latent state-trait theory and research in personality and invidual differences","volume":"13","author":"Steyer","year":"1999","journal-title":"European Journal of Personality"},{"issue":"3","key":"2025082212323357100_b192-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1287\/isre.1.3.255","article-title":"Effective IS security: An empirical study","volume":"1","author":"Straub","year":"1990","journal-title":"Information Systems Research"},{"issue":"6","key":"2025082212323357100_b193-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"664","DOI":"10.2307\/2089195","article-title":"Techniques of neutralization: A theory of delinquency","volume":"22","author":"Sykes","year":"1957","journal-title":"American Sociological Review"},{"issue":"3","key":"2025082212323357100_b194-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1019","DOI":"10.5465\/amj.2020.1516","article-title":"When conscientious employees meet intelligent machines: An integrative approach inspired by complementarity theory and role theory","volume":"65","author":"Tang","year":"2022","journal-title":"Academy of Management Journal"},{"key":"2025082212323357100_b195-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"439","DOI":"10.17705\/1CAIS.05018","article-title":"Addressing change trajectories and reciprocal relationships: A longitudinal method for information systems research","volume":"50","author":"Tao","year":"2022","journal-title":"Communications of the Association for Information Systems"},{"issue":"3","key":"2025082212323357100_b196-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2022.103751","article-title":"Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective","volume":"60","author":"Tejay","year":"2023","journal-title":"Information & Management"},{"issue":"4","key":"2025082212323357100_b197-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1108\/09685229810227649","article-title":"Information security awareness: Educating your users effectively","volume":"6","author":"Thomson","year":"1998","journal-title":"Information Management & Computer Security"},{"key":"2025082212323357100_b198-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1016\/j.cose.2018.08.007","article-title":"The impact of security awareness on information technology professionals\u2019 behavior","volume":"79","author":"Torten","year":"2018","journal-title":"Computers & Security"},{"key":"2025082212323357100_b199-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2021.102222","article-title":"Examining the role of stress and information security policy design in information security compliance behaviour: An experimental study of in-task behaviour","volume":"104","author":"Trang","year":"2021","journal-title":"Computers & Security"},{"issue":"2","key":"2025082212323357100_b200-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"121","DOI":"10.2307\/3857567","article-title":"Experimental approaches to studying ethical-unethical behavior in organizations","volume":"2","author":"Trevino","year":"1992","journal-title":"Business Ethics Quarterly"},{"key":"2025082212323357100_b201-04_ra-17707-cram-to_journal-mb","volume-title":"Interpersonal behavior","author":"Triandis","year":"1977"},{"key":"2025082212323357100_b202-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-030-81865-4","volume-title":"Analysis of data from randomized controlled trials: A practical guide","author":"Twisk","year":"2021"},{"issue":"2","key":"2025082212323357100_b203-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"355","DOI":"10.25300\/MISQ\/2018\/14124","article-title":"Tuning out security warnings: A longitudinal examination of habituation through fMRI, eye tracking, and field experiments","volume":"42","author":"Vance","year":"2018","journal-title":"MIS Quarterly"},{"issue":"3-4","key":"2025082212323357100_b204-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1016\/j.im.2012.04.002","article-title":"Motivating IS security compliance: Insights from habit and protection motivation theory","volume":"49","author":"Vance","year":"2012","journal-title":"Information & Management"},{"issue":"4","key":"2025082212323357100_b205-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2019.103212","article-title":"Effects of sanctions, moral beliefs, and neutralization on information security policy violations across cultures","volume":"57","author":"Vance","year":"2020","journal-title":"Information & Management"},{"issue":"3","key":"2025082212323357100_b206-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"506","DOI":"10.1037\/0021-9010.87.3.506","article-title":"Two studies examining the negative effect of self-efficacy on performance","volume":"87","author":"Vancouver","year":"2002","journal-title":"The Journal of Applied Psychology"},{"key":"2025082212323357100_b207-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"crossref","unstructured":"Verizon\n . (2020). 2020 data breach investigations report. https:\/\/enterprise.verizon.com\/resources\/reports\/dbir\/","DOI":"10.1016\/S1361-3723(20)30059-2"},{"issue":"4","key":"2025082212323357100_b208-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1080\/15536548.2013.10845690","article-title":"Control-related motivations and information security policy compliance: The role of autonomy and efficacy","volume":"9","author":"Wall","year":"2013","journal-title":"Journal of Information Privacy and Security"},{"issue":"8","key":"2025082212323357100_b209-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2019.03.002","article-title":"Perceived argument quality's effect on threat and coping appraisals in fear appeals: An experiment and exploration of realism check heuristics","volume":"56","author":"Wall","year":"2019","journal-title":"Information & Management"},{"issue":"4","key":"2025082212323357100_b210-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1052","DOI":"10.17705\/1jais.00812","article-title":"Security is local: The influence of the immediate workgroup on information security","volume":"24","author":"Wang","year":"2023","journal-title":"Journal of the Association for Information Systems"},{"issue":"1","key":"2025082212323357100_b211-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1037\/met0000030","article-title":"On disaggregating between-person and within-person effects with longitudinal data using multilevel models","volume":"20","author":"Wang","year":"2015","journal-title":"Psychological Methods"},{"issue":"3","key":"2025082212323357100_b212-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1057\/ejis.2010.72","article-title":"The influence of the informal social learning environment on information privacy policy compliance efficacy and intention","volume":"20","author":"Warkentin","year":"2011","journal-title":"European Journal of Information Systems"},{"issue":"6","key":"2025082212323357100_b213-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1063","DOI":"10.1037\/0022-3514.54.6.1063","article-title":"Development and validation of brief measures of positive and negative affect: The PANAS scales","volume":"54","author":"Watson","year":"1988","journal-title":"Journal of Personality and Social Psychology"},{"issue":"5","key":"2025082212323357100_b214-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"567","DOI":"10.1002\/job.2514","article-title":"Continuity in transition: Combining recovery and day-of-week perspectives to understand changes in employee energy across the 7-day week","volume":"42","author":"Weigelt","year":"2021","journal-title":"Journal of Organizational Behavior"},{"issue":"1","key":"2025082212323357100_b215-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1177\/1094428117736137","article-title":"Condition 9 and 10 tests of model confirmation: A review of James, Mulaik, and Brett (1982) and contemporary alternatives","volume":"23","author":"Williams","year":"2020","journal-title":"Organizational Research Methods"},{"key":"2025082212323357100_b216-04_ra-17707-cram-to_journal-mb","volume-title":"Econometric analysis of cross section and panel data","author":"Wooldridge","year":"2010"},{"issue":"2","key":"2025082212323357100_b217-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"803","DOI":"10.25300\/MISQ\/2022\/16625","article-title":"Phishing susceptibility in context: A multilevel information processing perspective on deception detection","volume":"47","author":"Wright","year":"2023","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212323357100_b218-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2023.103753","article-title":"Information security ignorance: An exploration of the concept and its antecedents","volume":"60","author":"Wu","year":"2023","journal-title":"Information & Management"},{"issue":"3","key":"2025082212323357100_b219-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2019.103180","article-title":"Anger or fear? Effects of discrete emotions on employee\u2019s computer-related deviant behavior","volume":"57","author":"Xu","year":"2020","journal-title":"Information & Management"},{"issue":"5","key":"2025082212323357100_b220-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1016\/j.jesp.2012.03.007","article-title":"Too fatigued to care: Ego depletion, guilt, and prosocial behavior","volume":"43","author":"Xu","year":"2012","journal-title":"Journal of Experimental Social Psychology"},{"issue":"6","key":"2025082212323357100_b221-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.1080\/0960085X.2022.2099767","article-title":"Does stress reduce violation intention? Insights from eustress and distress processes on employee reaction to information security policies","volume":"32","author":"Yazdanmehr","year":"2023","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025082212323357100_b222-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"598","DOI":"10.1111\/isj.12417","article-title":"Employee responses to information security related stress: Coping and violation intention","volume":"33","author":"Yazdanmehr","year":"2023","journal-title":"Information Systems Journal"},{"key":"2025082212323357100_b223-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1016\/j.dss.2016.09.009","article-title":"Employees\u2019 information security policy compliance: A norm activation perspective","volume":"92","author":"Yazdanmehr","year":"2016","journal-title":"Decision Support Systems"},{"issue":"5","key":"2025082212323357100_b224-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"791","DOI":"10.1111\/isj.12271","article-title":"Peers matter: The moderating role of social influence on information security policy compliance","volume":"30","author":"Yazdanmehr","year":"2020","journal-title":"Information Systems Journal"},{"key":"2025082212323357100_b225-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1016\/j.dss.2018.02.009","article-title":"Exploring the influence of flow and psychological ownership on security education, training and awareness effectiveness and security compliance","volume":"108","author":"Yoo","year":"2018","journal-title":"Decision Support Systems"},{"issue":"4","key":"2025082212323357100_b226-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"725","DOI":"10.5465\/amr.1999.2553250","article-title":"Time scales and organizational theory","volume":"24","author":"Zaheer","year":"1999","journal-title":"The Academy of Management Review"},{"issue":"4","key":"2025082212323357100_b227-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"330","DOI":"10.1108\/09685220910993980","article-title":"Impact of perceived technical protection on security behaviors","volume":"17","author":"Zhang","year":"2009","journal-title":"Information Management & Computer Security"},{"issue":"3","key":"2025082212323357100_b228-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"547","DOI":"10.1287\/isre.2014.0528","article-title":"Latent growth modeling for information systems: Theoretical extensions and practical applications","volume":"25","author":"Zheng","year":"2014","journal-title":"Information Systems Research"},{"issue":"3","key":"2025082212323357100_b229-04_ra-17707-cram-to_journal-mb","doi-asserted-by":"publisher","first-page":"782","DOI":"10.17705\/1jais.00794","article-title":"How do paternalistic leaders motivate employees\u2019 information security compliance? Building a climate and applying sanctions","volume":"24","author":"Zhu","year":"2023","journal-title":"Journal of the Association for Information Systems"}],"container-title":["MIS Quarterly"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/48\/1\/95\/9215\/04_ra-17707-cram-to_journal-mb.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/48\/1\/95\/9215\/04_ra-17707-cram-to_journal-mb.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:32:44Z","timestamp":1755880364000},"score":1,"resource":{"primary":{"URL":"https:\/\/misq.umn.edu\/misq\/article\/48\/1\/95\/2265\/Time-Will-Tell-The-Case-for-an-Idiographic"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,1]]},"references-count":229,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,3,1]]},"published-print":{"date-parts":[[2024,3,1]]}},"URL":"https:\/\/doi.org\/10.25300\/misq\/2023\/17707","relation":{},"ISSN":["0276-7783","2162-9730"],"issn-type":[{"value":"0276-7783","type":"print"},{"value":"2162-9730","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,1]]}}}