Employees’ Adherence to Information Security Policies: A Partial Replication

David Sikolia; Douglas Twitchell; Glen Sagers

Employees’ Adherence to Information Security Policies: A Partial Replication

David Sikolia, Douglas Twitchell, Glen Sagers

Boise State University

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

Abstract

This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees’ adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.

Original language	American English
Title of host publication	Twenty-Second Conference on Information Systems, San Diego, 2016
State	Published - 2016

Keywords

conceptual replication
information security policy compliance
protection motivation theory

EGS Disciplines

Business
Management Information Systems

Cite this

@inbook{c122f74dd9214ddd840adecde4035dee,

title = "Employees{\textquoteright} Adherence to Information Security Policies: A Partial Replication",

abstract = " This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees{\textquoteright} adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.",

keywords = "conceptual replication, information security policy compliance, protection motivation theory",

author = "David Sikolia and Douglas Twitchell and Glen Sagers",

year = "2016",

language = "American English",

booktitle = "Twenty-Second Conference on Information Systems, San Diego, 2016",

}

TY - CHAP

T1 - Employees’ Adherence to Information Security Policies

T2 - A Partial Replication

AU - Sikolia, David

AU - Twitchell, Douglas

AU - Sagers, Glen

PY - 2016

Y1 - 2016

N2 - This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees’ adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.

AB - This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees’ adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.

KW - conceptual replication

KW - information security policy compliance

KW - protection motivation theory

UR - https://aisel.aisnet.org/amcis2016/TRR/Presentations/5

UR - https://scholarworks.boisestate.edu/itscm_facpubs/59/

M3 - Chapter

BT - Twenty-Second Conference on Information Systems, San Diego, 2016

ER -

Employees’ Adherence to Information Security Policies: A Partial Replication

Abstract

Keywords

EGS Disciplines

Other files and links

Fingerprint

Cite this