Issue link: https://insights.oneneck.com/i/1476862
42 The 7 dimensions of security culture Dhillon, G., Syed, R. and Pedron, C. (2016). Interpreting information security culture: An organizational transformation case study. Computers & Security, 56, 63-69. Dinev, T., & Hu, Q. (2007). The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems, 8(7), 23. Dulany, K.M. (2002). "Security, It's Not Just Technical". SANS Institute-InfoSec Reading Room. Swansea. UK ENISA, (2018, Feb 06). Cyber Security Culture in Organisations. Retrieved at: https://www.enisa.europa.eu/publications/cyber- security-culture-in-organisations Farooq, A., Isoaho, J., Virtanen, S., and Isoaho, J. (2015, August). Information security awareness in educational institution: An analysis of students' individual factors. In Trustcom/BigDataSE/ ISPA, 2015 IEEE (Vol. 1, pp. 352-359). IEEE. Furnell, S. and Thomson, K. (2009). From culture to disobedience: Recognising the varying user acceptance of IT security. Computer Fraud & Security, 2009(2), 5-10. Gavrilets, S., & Richerson, P. J. (2017). Collective action and the evolution of social norm internalization. Proceedings of the National Academy of Sciences, 114(23), 6068-6073. Greenberg, A., (2019, Jan 30). "Hackers are passing around a megaleak of 2.2 billion records" Wired.com (blog). Retrieved from: https://www.wired.com/story/collection-leak-usernames- passwords-billions/ Hadlington, L. J. (2018). Employees Attitudes towards Cyber Security and Risky Online Behaviours: An Empirical Assessment in the United Kingdom. International Journal of Cyber Criminology, 12(1). Hechter, M., & Opp, K. D. (Eds.). (2001). Social norms. Russell Sage Foundation. Herath, T., and Rao, H. R. (2009a). "Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness". Decision Support Systems, 47(2), 154-165. Herath, T., and H. Rao. (2009b). "Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations." European Journal of Information Systems 18 (2): 106–125. Ifinedo, P. (2013). Information Systems Security Policy Compliance: An Empirical Study of the Effects of Socialization, Influence, and Cognition, Information & Management, 51(1), 69- 79. Jhangiani, R., Tarry, H., Stangor, C., (2014). Principles of Social Psychology-1st International Edition. Retrieved from: https:// opentextbc.ca/socialpsychology/chapter/exploring-attitudes/ Johnston, A. C., and Warkentin, M., (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, 34(3), 549. Johnston, A.C., Warkentin, M., and Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS quarterly, 39(1), 113-134. Johnston, A. C., Warkentin, M., McBride, M., and Carter, L., (2016) Dispositional and situational factors: influences on information security policy violations, European Journal of Information Systems, 25:3, 231-251 Kajtazi, M., and Bulgurcu, B. (2013). Information Security Policy Compliance: An Empirical Study on Escalation of Commitment. AMCIS 2013. Kankanhalli, A., Teo, H. H., Tan, B. C. Y., and Wei, K. K., (2003). An integrative study of information systems security effectiveness, International Journal of Information Management 23 (2003) 139–154 Kaur, J., and Mustafa, N. (2013, November). Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME. In Research and Innovation in Information Systems (ICRIIS), 2013 International Conference on (pp. 286-290). IEEE. Kim, D.J., Hwang, I.H. and Kim, J.S., (2016). A Study on Employee's Compliance Behavior towards Information Security Policy: A Modified Triandis Model. Journal of Digital Convergence, 14(4), 209-220. Koulopoulos, T., (2017, May 11). The Biggest Risk to Your Business Can't Be Eliminated – Here's How You Can Survive, Inc. (blog). Retrieved from: https://www.inc.com/thomas-koulopoulos/the- biggest-risk-to-your-business-cant-be-eliminated-heres-how- you-can-survive-i.html Leach, J. (2003). Improving user security behaviour. Computers & Security, 22(8), 685-692. Lee, C., Lee, C.C. and Kim, S., (2016). Understanding Information Security Stress: Focusing on the Type of Information Security Compliance Activity, Computers & Security, 59, 60-70. Lim, J., Chang, S., Maynard, S. and Ahmad, A. (2009). Exploring the Relationship between Organizational Culture and Information Security Culture. In: Australian Information Security Management Conference. Perth, Western Australia: Proceedings of the 7th Australian Information Security Management Conference, 12. McGill, T. and Thompson, N. (2017). Old risks, new challenges: exploring differences in security between home computer and mobile device use. Behaviour & Information Technology, 36(11), pp.1111-1124. Merhi, M. I., and Midha, V. (2012). The impact of training and social norms on information security compliance: A pilot study. Proceedings of the International Conference on Information Systems (ICIS 2012). Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C. and Giannakopoulos, G. (2014). The Human Factor of Information Security: Unintentional Damage Perspective. Procedia - Social and Behavioral Sciences, 147, pp.424-428. Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., and Vance, A. (2009). What levels of moral reasoning and values explain adherence to information security rules? An empirical study. European Journal of Information Systems, 18(2), 126-139. O'Reillys, C., and Puffer, S. (1989). The impact of rewards and punishments in a social context: A laboratory and field experiment. Journal Of Occupational Psychology, 62(1), 41-53.