AIS Transactions on Replication Research


Information security compliance behavior research has produced several theoretical models derived from different disciplines to explain or predict violations of information security policies (ISP) or related employee intentions. The application of these theories to ISP violations has led to an increasing number of information security behavioral models. Based on this observation, Moody et al. (2018) reviewed and empirically compared 11 theories that predict information system security behavior using a Finnish sample. Drawing on these findings, they derived and tested a unified model of ISP compliance (UMISPC). This study is a conceptual replication of the refined UMISPC by Moody et al (2018). For the replication, we considered the general tendency to violate policy rather than respondents considering specific behaviors according to the scenario approach that Moody et al. (2018) used to test the refined UMISPC. Further, in contrast to Moody et al. (2018), we tested the refined UMISPC with respondents from Germany. In our data, we found empirical evidence for seven of the eight proposed relationships of the refined UMISPC. Only the relationship between fear and reactance remained insignificant in our estimation. Although more research is necessary to confirm our results, we interpret them as further support for the model’s generalizability.





When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.