TY - JOUR
T1 - Toward a unified model of information security policy compliance
T2 - A conceptual replication study
AU - Kajtazi, Miranda
AU - Holmberg, Nicklas
AU - Sarker, Saonee
AU - Keller, Christina
AU - Johansson, Björn
AU - Tona, Olgerta
PY - 2021
Y1 - 2021
N2 - Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.
AB - Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.
KW - Information Security Policy, Conceptual Replication, UMISPC, Compliance
U2 - 10.17705/1atrr.00067
DO - 10.17705/1atrr.00067
M3 - Article
VL - 7
SP - 1
EP - 15
JO - AIS Transactions on Replication Research
JF - AIS Transactions on Replication Research
SN - 2473-3458
IS - 2
ER -