Toward a Unified Model of Information Security Policy Compliance: A Conceptual Replication Study

Authors

Miranda Kajtazi, Lund UniversityFollow
Nicklas Holmberg, Lund UniversityFollow
Saonee Sarker, University of VirginiaFollow
Christina Keller, Lund UniversityFollow
Björn Johansson, Linköpings UniversityFollow
Olgerta Tona, University of GothenburgFollow

Abstract

Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.

Recommended Citation

Kajtazi, Miranda; Holmberg, Nicklas; Sarker, Saonee; Keller, Christina; Johansson, Björn; and Tona, Olgerta (2021) "Toward a Unified Model of Information Security Policy Compliance: A Conceptual Replication Study," AIS Transactions on Replication Research: Vol. 7, Article 2.
DOI: 10.17705/1atrr.00067
Available at: https://aisel.aisnet.org/trr/vol7/iss1/2

DOI

10.17705/1atrr.00067