Exploring behavioral information security networks in an organizational context: An empirical case study

Agnew, 2001, Building on the foundation of general strain theory: specifying the types of strain most likely to lead to crime and delinquency, J Res Crime Delinq, 38, 319, 10.1177/0022427801038004001 Ajzen, 2011, The theory of planned behaviour: reactions and reflections, Psychol Health, 26, 1113, 10.1080/08870446.2011.613995 Ashforth, 1985, Climate formation: issues and extensions, Acad Manage Rev, 10, 837, 10.5465/amr.1985.4279106 Bandura, 1977, Self-efficacy: toward a unifying theory of behavioral change, Psychol Rev, 84, 191, 10.1037/0033-295X.84.2.191 Borgatti, 2002 Borgatti, 2013 Boss, 2009, If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security, Eur J Inf Syst, 18, 151, 10.1057/ejis.2009.8 Bulgurcu, 2010, Information security policy compliance: an empirical study on rationality-based beliefs and information security awareness, MIS Q, 34, 523, 10.2307/25750690 Chan, 2005, Perceptions of information security at the workplace: linking information security climate to compliant behavior, vol. 1, 18 Cross Crossler, 2013, Future directions for behavioral information security research, Comput Secur, 32, 90, 10.1016/j.cose.2012.09.010 Dang, 2014, Predicting insider's malicious security behaviours: a General Strain Theory-based conceptual model Dang-Pham, 2015, Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: a Protection Motivation Theory approach, Comput Secur, 48, 281, 10.1016/j.cose.2014.11.002 Dang-Pham, 2014, Towards a complete understanding of information security misbehaviours: a proposal for future research with social network approach D'Arcy, 2011, A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings, Eur J Inf Syst, 20, 643, 10.1057/ejis.2011.23 D'Arcy, 2008, Does one size fit all? Examining the differential effects of IS security countermeasures, J Bus Ethics, 89, 59, 10.1007/s10551-008-9909-7 D'Arcy, 2009, User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach, Inf Syst Res, 20, 79, 10.1287/isre.1070.0160 Dourish, 2004, Security in the wild: user strategies for managing security as an everyday, practical problem, Pers Ubiquit Comput, 8, 391, 10.1007/s00779-004-0308-5 Gartner Gens, 2011, vol. 1156 Gesell, 2013, Social network diagnostics: a tool for monitoring group interventions, Implement Sci, 8, 116, 10.1186/1748-5908-8-116 Goo, 2014, A path to successful management of employee security compliance: an empirical study of information security climate, IEEE Trans Prof Commun, 57, 1, 10.1109/TPC.2014.2374011 Hanneman, 2005 Herath, 2009, Protection motivation and deterrence: a framework for security policy compliance in organisations, Eur J Inf Syst, 18, 106, 10.1057/ejis.2009.6 Hirschi, 1969 Hofstede, 2001 Hu, 2011, Does deterrence work in reducing information security policy abuse by employees?, Commun ACM, 54, 54, 10.1145/1953122.1953142 Ibarra, 1993, Power, social influence, and sense making: effects of network centrality and proximity on employee perceptions, Adm Sci Q, 38, 277, 10.2307/2393414 Ifinedo, 2014, Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition, Inf Manag, 51, 69, 10.1016/j.im.2013.10.001 Jaafar, 2013, Organizational climate and individual factors effects on information security faculty of business and accountancy, Int J Bus Soc Sci, 4, 118 Kirlappos, 2014 Maddux, 1983, Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change, J Exp Soc Psychol, 19, 469, 10.1016/0022-1031(83)90023-9 Merluzzi, 2013, How many names are enough? Identifying network effects with the least set of listed contacts, Soc Networks, 35, 331, 10.1016/j.socnet.2013.03.004 Norman Otte, 2002, Social network analysis: a powerful strategy, also for the information sciences, J Inf Sci, 28, 441, 10.1177/016555150202800601 Padayachee, 2012, Taxonomy of compliant information security behavior, Comput Secur, 31, 673, 10.1016/j.cose.2012.04.004 Posey, 2011, Understanding the mindset of the abusive insider: an examination of insiders' causal reasoning following internal security changes, Comput Secur, 30, 486, 10.1016/j.cose.2011.05.002 Rogers, 1975, A protection motivation theory of fear appeals and attitude change, J Psychol, 91, 93, 10.1080/00223980.1975.9915803 Safa, 2016, An information security knowledge sharing model in organizations, Comput Human Behav, 57, 442, 10.1016/j.chb.2015.12.037 Saint-Charles, 2009, Different relationships for coping with ambiguity and uncertainty in organizations, Soc Networks, 31, 33, 10.1016/j.socnet.2008.09.001 Siponen, 2014, Employees' adherence to information security policies: an exploratory field study, Inf Manag, 51, 217, 10.1016/j.im.2013.08.006 Sommestad, 2014, Variables influencing information security policy compliance: a systematic review of quantitative studies, Inf Manag Comput Secur, 22, 42, 10.1108/IMCS-08-2012-0045 Straub, 1990, Effective IS security: an empirical study, Inf Syst Res, 1, 255, 10.1287/isre.1.3.255 Sykes, 2009, Model of acceptance with peer support: a social network perspective to understand employees' system use, MIS Q, 33, 371, 10.2307/20650296 Vance, 2012, Motivating IS security compliance: insights from Habit and Protection Motivation Theory, Inf Manag, 49, 190, 10.1016/j.im.2012.04.002 Warkentin, 2011, The influence of the informal social learning environment on information privacy policy compliance efficacy and intention, Eur J Inf Syst, 20, 267, 10.1057/ejis.2010.72 Willison, 2013, Beyond deterrence: an expanded view of employee computer abuse, MIS Q, 37, 1, 10.25300/MISQ/2013/37.1.01 Wood, 2000, An unappreciated reason why information security policies fail, Comput Fraud Secur, 13, 10.1016/S1361-3723(00)10029-6