Employees' adherence to information security policies: A partial replication

David Sikolia; Douglas Twitchell; Glen Sagers

Employees' adherence to information security policies: A partial replication

David Sikolia, Douglas Twitchell, Glen Sagers

Information Technology and Supply Chain Management Department

Illinois State University

Research output: Contribution to conference › Paper › peer-review

5 Scopus citations

Abstract

This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees' adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.

Original language	English
State	Published - 2016
Event	22nd Americas Conference on Information Systems: Surfing the IT Innovation Wave, AMCIS 2016 - San Diego, United States Duration: 11 Aug 2016 → 14 Aug 2016

Conference

Conference	22nd Americas Conference on Information Systems: Surfing the IT Innovation Wave, AMCIS 2016
Country/Territory	United States
City	San Diego
Period	11/08/16 → 14/08/16

Keywords

Conceptual replication
Information security policy compliance
Protection Motivation Theory

Cite this

@conference{fd630e97cd164f7696c3a566e07da6b3,

title = "Employees' adherence to information security policies: A partial replication",

abstract = "This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees' adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.",

keywords = "Conceptual replication, Information security policy compliance, Protection Motivation Theory",

author = "David Sikolia and Douglas Twitchell and Glen Sagers",

year = "2016",

language = "English",

note = "22nd Americas Conference on Information Systems: Surfing the IT Innovation Wave, AMCIS 2016 ; Conference date: 11-08-2016 Through 14-08-2016",

}

TY - CONF

T1 - Employees' adherence to information security policies

T2 - 22nd Americas Conference on Information Systems: Surfing the IT Innovation Wave, AMCIS 2016

AU - Sikolia, David

AU - Twitchell, Douglas

AU - Sagers, Glen

PY - 2016

Y1 - 2016

N2 - This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees' adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.

AB - This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees' adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.

KW - Conceptual replication

KW - Information security policy compliance

KW - Protection Motivation Theory

UR - http://www.scopus.com/inward/record.url?scp=84987652890&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:84987652890

Y2 - 11 August 2016 through 14 August 2016

ER -

Employees' adherence to information security policies: A partial replication

Abstract

Conference

Keywords

Other files and links

Fingerprint

Cite this