Toward a unified model of information security policy compliance: A conceptual replication study

Miranda Kajtazi; Nicklas Holmberg; Saonee Sarker; Christina Keller; Björn Johansson; Olgerta Tona

doi:10.17705/1atrr.00067

Toward a unified model of information security policy compliance: A conceptual replication study

Miranda Kajtazi, Nicklas Holmberg, Saonee Sarker, Christina Keller, Björn Johansson, Olgerta Tona

Department of Informatics

Research output: Contribution to journal › Article › peer-review

Abstract

Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.

Original language	English
Pages (from-to)	1-15
Number of pages	15
Journal	AIS Transactions on Replication Research
Volume	7
Issue number	2
DOIs	https://doi.org/10.17705/1atrr.00067
Publication status	Published - 2021

Subject classification (UKÄ)

Information Systems, Social aspects

Access to Document

10.17705/1atrr.00067

https://aisel.aisnet.org/trr/vol7/iss1/2

Cite this

@article{bb157a11cc5045d48f02c83fc644012e,

title = "Toward a unified model of information security policy compliance: A conceptual replication study",

abstract = "Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.",

keywords = "Information Security Policy, Conceptual Replication, UMISPC, Compliance",

author = "Miranda Kajtazi and Nicklas Holmberg and Saonee Sarker and Christina Keller and Bj{\"o}rn Johansson and Olgerta Tona",

year = "2021",

doi = "10.17705/1atrr.00067",

language = "English",

volume = "7",

pages = "1--15",

journal = "AIS Transactions on Replication Research",

issn = "2473-3458",

publisher = "AIS",

number = "2",

}

TY - JOUR

T1 - Toward a unified model of information security policy compliance

T2 - A conceptual replication study

AU - Kajtazi, Miranda

AU - Holmberg, Nicklas

AU - Sarker, Saonee

AU - Keller, Christina

AU - Johansson, Björn

AU - Tona, Olgerta

PY - 2021

Y1 - 2021

N2 - Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.

AB - Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.

KW - Information Security Policy, Conceptual Replication, UMISPC, Compliance

U2 - 10.17705/1atrr.00067

DO - 10.17705/1atrr.00067

M3 - Article

VL - 7

SP - 1

EP - 15

JO - AIS Transactions on Replication Research

JF - AIS Transactions on Replication Research

SN - 2473-3458

IS - 2

ER -

Toward a unified model of information security policy compliance: A conceptual replication study

Abstract

Subject classification (UKÄ)

Access to Document

Fingerprint

Cite this