Paper Type
Complete
Abstract
Over the years, numerous studies on employee compliance with information security policies (ISPs) have been conducted, contributing valuable insights to enhance information security in organisations. However, our literature review reveals that few ISP compliance studies adopt a longitudinal approach. It is well known that cross-sectional research often provides limited insight into how constructs such as ISP compliance evolve over time. While researchers have called for more longitudinal ISP compliance studies, there is little guidance on how to conduct them. To address this gap, we propose a set of seven guidelines to support both quantitative and qualitative longitudinal ISP compliance research.
Paper Number
1585
Recommended Citation
Karlsson, Fredrik and Gao, Shang, "Guidelines for Longitudinal Information Security Policy Compliance Research" (2025). AMCIS 2025 Proceedings. 16.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/16
Guidelines for Longitudinal Information Security Policy Compliance Research
Over the years, numerous studies on employee compliance with information security policies (ISPs) have been conducted, contributing valuable insights to enhance information security in organisations. However, our literature review reveals that few ISP compliance studies adopt a longitudinal approach. It is well known that cross-sectional research often provides limited insight into how constructs such as ISP compliance evolve over time. While researchers have called for more longitudinal ISP compliance studies, there is little guidance on how to conduct them. To address this gap, we propose a set of seven guidelines to support both quantitative and qualitative longitudinal ISP compliance research.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC