現今企業的環境下，組織內的相關資訊與資訊科技基礎建設以及個人電腦往往遭受到威脅，除了透過資安技術方式，已有許多研究開始著重在資訊安全管理與組織員工的資安行為，以確保組織內部的資訊安全。對於組織員工的資訊安全行為，在嚇阻理論應用於探討員工從事資訊安全行為意圖的這些研究得到的結果顯示，嚇阻的嚴重性與確定性對員工資安行為的影響效果，並不十分一致；同時，也有研究指出嚇阻方式的有效與否，會受個人或環境因素的影響，著眼於此，本研究考量員工內在心理層面，根據Kelman所提出之社會影響理論來了解員工內在心理承諾，對嚇阻方式與員工資訊安全行為意圖之間的關係。本研究針對天下雜誌在2011年公佈的500大服務業的公司，抽樣聯絡對方公司的資訊人員，總共收回168份問卷。研究結果顯示透過嚴重性懲罰與確定性偵測的方式會正向影響員工資訊安全行為意圖，而員工內在心理層面對組織之承諾會增強嚇阻方式與資訊安全行為意圖之間的關係。未來企業可以本研究為參考依據，了解組織內員工遵從資訊安全行為的意圖，除了透過嚇阻的方式外，也必須考量到員工對公司承諾的心理層面狀態。

In the dynamic enterprise environment, information technology infrastructure and the computers in organizations often suffer from security threats. In addition to the research on information security technology, many literatures have studied information security from management side, such as managing the information security behavior of employees to ensure internal information security of the organizations. Deterrence theory, therefore, has been employed to investigate employees’ information security behavior. However, these researches showed inconsistent results that perceived severity and perceived certainty may not both affect individuals’ behaviors because of the contextual effects influenced by the individual or environmental factors. Draw on this issue, based on the social influence theory proposed by Kelman, this study tend to understand the effects of the employees’ organizational commitment on the relations between the deterrence and employees’ information security behavior intention. We collected 168 samples from top 500 service companies on the list of CommonWealth magazine in 2011. The results showed that severity of punishment and certainty of detection had positive effects on employees’ information security behavior intention. In addition, employees' psychological aspects of organizational commitment enhanced the effects of deterrence on information security behavior intention. From this study, we implied that management has to notice the psychological part of employees’ commitment to the organizations when introducing disciplinary actions in companies.

目錄
第1章 緒論	1
1.1 研究背景與動機	1
1.2 研究目的	5
第2章 文獻探討	6
2.1嚇阻理論	6
2.1.1 嚴重性懲罰	7
2.1.2 確定性偵測	8
2.2 社會影響理論	11
2.2.1 順從	13
2.2.2 認同	13
2.2.3 內化	14
2.3 組織承諾	15
2.4 資訊安全行為意圖	16
第三章 研究模型與假說	20
3.1 研究架構	20
3.2 研究假說	20
3.2.1 嚇阻理論與資訊安全行為	21
3.2.2 組織承諾與資訊安全行為	22
3.2.3 組織承諾之調節效果	24
第四章 研究方法	28
4.1 資料蒐集	28
4.2 構念衡量	29
4.2.1 嚴重性懲罰	29
4.2.2 確定性偵測	30
4.2.3 順從	31
4.2.4 認同	32
4.2.5 內化	32
4.2.6 資訊安全行為意圖	33
第五章 資料分析與結果	34
5.1 資料分析	34
5.1.1 資料分析方法	34
5.1.2資料分析工具	35
5.2 基本資料分析	35
5.3 信度與效度測驗結果	40
5.4 結構模型	43
5.4.1 直接效果之假說檢定	44
5.4.2 調節效果之假說檢定	46
5.5 小結	48
第六章 討論與建議	49
6.1 研究結果	49
6.2 學術上的貢獻	52
6.3 管理上的意涵	53
6.4 研究限制	54
6.5 未來研究建議	55
英文參考文獻	56
附錄一 研究問卷	66

表目錄
表2-1：回顧嚇阻理論在資訊安全領域之研究	9
表2-2：相關資訊安全行為之研究	18
表4-1：前測信度分析水準	29
表4-2：嚴重性懲罰衡量題項	30
表4-3：確定性偵測衡量題項	31
表4-4：順從衡量題項	31
表4-5：認同衡量題項	32
表4-6：內化衡量題項	33
表4-7：資訊安全行為意圖衡量題項	33
表5-1：基本資料（n=168）	36
表5-2：基本資料（n=168）	37
表5-3：基本資料（n=168）	39
表5-4：信度分析表	41
表5-5：研究問項相關統計值	41
表5-6：變數相關矩陣	43
表5-7：直接效果之路徑係數值	46
表5-8：總結假說驗證結果	48

圖目錄
圖3-1：本研究模型	20
圖5-1：順從直接效果分析結果	44
圖5-2：認同直接效果分析結果	45
圖5-3：內化直接效果分析結果	45
圖5-4：順從調節效果分析結果	47
圖5-5：認同調節效果分析結果	47
圖5-6：內化調節效果分析結果	48

Adams, J.S., Tashchian, A., and Shore, T.H. 2001. "Codes of Ethics as Signals for Ethical Behavior," Journal of Business Ethics (29:3), pp 199-211.
Ajzen, I. 1991. "The Theory of Planned Behavior," Organizational behavior and human decision processes (50:2), pp 179-211.
Akers, R.L. 1990. "Rational Choice, Deterrence, and Social Learning Theory in Criminology: The Path Not Taken," J. Crim. L. & Criminology (81:3), pp 653-676.
Alavi, M., and Leidner, D.E. 2001. "Review: Knowledge Management and Knowledge Management Systems: Conceptual Foundations and Research Issues," Mis Quarterly (25:1), pp 107-136.
Albrechtsen, E. 2007. "A Qualitative Study of Users' View on Information Security," Computers & Security (26:4), pp 276-289.
Anderson, C. 2005. "Creating the Conscientious Cybercitizen: An Examination of Home Computer User Attitudes and Intentions Towards Security."
Anderson, C., and Agarwal, R. 2006. "Practicing Safe Computing: Message Framing, Self-View, and Home Computer User Security Behavior Intentions," ICIS 2006 Proceedings.
Anderson, C.L., and Agarwal, R. 2010. "Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions," Mis Quarterly (34:3), pp 613-643.
Angell, I. 1993. "Computer Security in These Uncertain Times: The Need for a New Approach," The Tenth World Conference on Computer Security, Audit and Control, COMPSEC Elsevier Advanced Technology.
Aytes, K., and Connolly, T. 2004. "Computer Security and Risky Computing Practices: A Rational Choice Perspective," Journal of Organizational and End User Computing (16:3), pp 22-40.
Becker, G.S. 1968. "Crime and Punishment: An Economic Approach," Journal of Political Economy (78:2), pp 169-217.
Becker, H.S. 1960. "Notes on the Concept of Commitment," American journal of sociology (66:1), pp 32-40.
Bikhchandani, S., Hirshleifer, D., and Welch, I. 1998. "Learning from the Behavior of Others: Conformity, Fads, and Informational Cascades," The Journal of Economic Perspectives (12:3), pp 151-170.
Bishop, M., Cheung, S., and Wee, C. 1997. "The Threat from the Net [Internet Security]," Spectrum, IEEE (34:8), pp 56-63.
Blumstein, A., Cohen, J., and Nagin, D. 1978. Deterrence and Incapacitation: Estimating the Effects of Criminal Sanctions on Crime Rates. National Academy of Sciences Washington, DC.
Bock, G.W., Zmud, R.W., Kim, Y.G., and Lee, J.N. 2005. "Behavioral Intention Formation in Knowledge Sharing: Examining the Roles of Extrinsic Motivators, Social-Psychological Forces, and Organizational Climate," Mis Quarterly (29:1), pp 87-111.
Bollen, K.A., and Stine, R.A. 1992. "Bootstrapping Goodness-of-Fit Measures in Structural Equation Models," Sociological Methods & Research (21:2), pp 205-229.
Boss, S.R., Kirsch, L.J., Angermeier, I., Shingler, R.A., and Boss, R.W. 2009. "If Someone Is Watching, I'll Do What I'm Asked: Mandatoriness, Control, and Information Security," European Journal of Information Systems (18:2), pp 151-164.
Buchanan, B. 1974. "Building Organizational Commitment: The Socialization of Managers in Work Organizations," Administrative science quarterly (19:4), pp 533-546.
Bulgurcu, B. 2010. "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly (34:3), pp 523-548.
Cardinali, R. 1995. "Reinforcing Our Moral Vision: Examining the Relationship between Unethical Behaviour and Computer Crime," Work Study (44:8), pp 11-17.
Chan, M., Woon, I., and Kankanhalli, A. 2005. "Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior," Journal of information privacy and security (1:3), pp 18-41.
Cheung, C.M.K., and Lee, M.K.O. 2010. "A Theoretical Model of Intentional Social Action in Online Social Networks," Decision Support Systems (49:1), pp 24-30.
Chin, W.W. 1998. "The Partial Least Squares Approach for Structural Equation Modeling," Modern methods for business research (295:2), pp 295-336.
Collette R., and M., G. 2006. "The Security Architect: Bridging the Gap between Business, Technology and Security.," The Information Systems Security Association Journal (April), pp 42-44.
Consulting, K. 2000. "Knowledge Management Research Report." KPMG Consulting, London.
D'Arcy, J., and Herath, T. 2011. "A Review and Analysis of Deterrence Theory in the Is Security Literature: Making Sense of the Disparate Findings," European Journal of Information Systems (20:6), pp 643-658.
D'Arcy, J., Hovav, A., and Galletta, D. 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research (20:1), pp 79-98.
D’Arcy, J., and Hovav, A. 2009. "Does One Size Fit All? Examining the Differential Effects of Is Security Countermeasures," Journal of Business Ethics (89), pp 59-71.
Davis, F.D., Bagozzi, R.P., and Warshaw, P.R. 1989. "User Acceptance of Computer Technology: A Comparison of Two Theoretical Models," Management science (35:8), pp 982-1003.
Dhillon, G., and Backhouse, J. 2000. "Technical Opinion: Information System Security Management in the New Millennium," Communications of the ACM (43:7), pp 125-128.
Dhillon, G., and Backhouse, J. 2001. "Current Directions in Is Security Research: Towards Socio‐Organizational Perspectives," Information Systems Journal (11:2), pp 127-153.
Dhillon, G., and Torkzadeh, G. 2006. "Value‐Focused Assessment of Information System Security in Organizations," Information Systems Journal (16:3), pp 293-314.
Dinev, T., Hu, Q., and Goo, J. 2005. "User Behavior toward Preventive Technologies–Examining Cross-Cultural Differences between the United States and South Korea."
Ehrlich, I. 1996. "Crime, Punishment, and the Market for Offenses," The Journal of Economic Perspectives (10:1), pp 43-67.
Elmadağ, A.B., Ellinger, A.E., and Franke, G.R. 2008. "Antecedents and Consequences of Frontline Service Employee Commitment to Service Quality," The Journal of Marketing Theory and Practice (16:2), pp 95-110.
ENISA. 2008. The New User's Guide: How to Raise Information Security Awareness. European Union(EU).
Finch, J., Furnell, S., and Dowland, P. 2003. "Assessing It Security Culture: System Administrator and End-User Perspectives."
Fishbein, M., and Ajzen, I. 1975. Belief, Attitude, Intention and Behaviour: An Introduction to Theory and Research. Addison-Wesley.
Forcht, K.A. 1994. Computer Security Management. Boyd & Fraser.
Frank, J., Shamir, B., and Briggs, W. 1991. "Security-Related Behavior of Pc Users in Organizations," Information & management (21:3), pp 127-135.
Garoupa, N. 2000. "Corporate Criminal Law and Organization Incentives: A Managerial Perspective," Managerial and Decision Economics (21:6), pp 243-252.
Gopal, R.D., and Sanders, G.L. 1997. "Preventive and Deterrent Controls for Software Piracy," Journal of Management Information Systems), pp 29-47.
Grover, V., and Davenport, T.H. 2001. "General Perspectives on Knowledge Management: Fostering a Research Agenda," Journal of Management Information Systems (18:1), pp 5-21.
Gupta, A., and Zhdanov, D. 2006. "Role of Performance Incentives in Compliance with Information Security Policies," pp. 4-5.
Harrington, S.J. 1996. "The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions," Mis Quarterly (20:3), pp 257-278.
Herath, T., and Rao, H. 2009a. "Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness," Decision Support Systems (47:2), pp 154-165.
Herath, T., and Rao, H.R. 2009b. "Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations," European Journal of Information Systems (18:2), pp 106-125.
Higgins, G.E., Wilson, A.L., and Fell, B.D. 2005. "An Application of Deterrence Theory to Software Piracy," Journal of Criminal Justice and Popular Culture (12:3), pp 166-184.
Hislop, D. 2002. "Managing Knowledge and the Problem of Commitment."
Hoffer, J.A., and Straub, D.W. 1989. "The 9 to 5 Underground: Are You Policing Computer Crimes?," Sloan Management Review (30:4), pp 35-43.
Hollinger, R.C. 1993. "Crime by Computer: Correlates of Software Piracy and Unauthorized Account Access," Security Journal (4:1), pp 2-12.
Hunt, S.D., Wood, V.R., and Chonko, L.B. 1989. "Corporate Ethical Values and Organizational Commitment in Marketing," The Journal of Marketing (53:3), pp 79-90.
Hwang, Y., and Kim, D.J. 2007. "Understanding Affective Commitment, Collectivist Culture, and Social Influence in Relation to Knowledge Sharing in Technology Mediated Learning," Professional Communication, IEEE Transactions on (50:3), pp 232-248.
Jarvenpaa, S.L., and Staples, D.S. 2001. "Exploring Perceptions of Organizational Ownership of Information and Expertise," Journal of Management Information Systems (18:1), pp 151-183.
Jiacheng, W., Lu, L., and Francesco, C.A. 2010. "A Cognitive Model of Intra-Organizational Knowledge-Sharing Motivations in the View of Cross-Culture," International Journal of information management (30:3), pp 220-230.
Kankanhalli, A., Teo, H.H., Tan, B.C.Y., and Wei, K.K. 2003. "An Integrative Study of Information Systems Security Effectiveness," International Journal of information management (23:2), pp 139-154.
Kelman, H.C. 1958. "Compliance, Identification, and Internalization: Three Processes of Attitude Change," The Journal of Conflict Resolution (2:1), pp 51-60.
Kelman, H.C. 1961. "Processes of Opinion Change," Public opinion quarterly (25:1), pp 57-78.
Kelman, H.C. 1974. "Further Thoughts on the Processes of Compliance, Identification, and Internalization," in: Perspectives on Social Power, J.T. Tedeschi (ed.).  pp. 125-171.
Kelman, H.C. 2001. "Ethical Limits on the Use of Influence in Hierarchical Relationships," in: Social Influences on Ethical Behavior in Organizations, D.M.M. J.M. Darley, and,T.R. Tyler (ed.).  pp. 11-20.
Knapp, K.J., Marshall, T.E., Rainer, R., and Ford, F.N. 2005. "Managerial Dimensions in Information Security: A Theoretical Model of Organizational Effectiveness," white paper, International Information Systems Security Certification Consortium (ISC) (2).
LaRose, R., Rifon, N., Liu, S., and Lee, D. 2005. "Understanding Online Safety Behavior: A Multivariate Model," The 55th Annual Conference of the International Communication Association, New York City.
Lee, S.M., Lee, S.G., and Yoo, S. 2004. "An Integrative Model of Computer Abuse Based on Social Control and General Deterrence Theories," Information & management (41:6), pp 707-718.
Lee, Y., and Kozar, K.A. 2005. "Investigating Factors Affecting the Adoption of Anti-Spyware Systems," Communications of the ACM (48:8), pp 72-77.
Lee, Y.K., Nam, J.H., Park, D.H., and Lee, K.A. 2006. "What Factors Influence Customer-Oriented Prosocial Behavior of Customer-Contact Employees?," Journal of Services Marketing (20:4), pp 251-264.
Lewis, B.R., Snyder, C.A., and Rainer Jr, R.K. 1995. "An Empirical Assessment of the Information Resource Management Construct," Journal of Management Information Systems (12:1), pp 199-223.
Li, H., Zhang, J., and Sarathy, R. 2010. "Understanding Compliance with Internet Use Policy from the Perspective of Rational Choice Theory," Decision Support Systems (48:4), pp 635-645.
Loch, K.D., and Conger, S. 1996. "Evaluating Ethical Decision Making and Computer Use," Communications of the ACM (39:7), pp 74-83.
Loe, T.W., Ferrell, L., and Mansfield, P. 2000. "A Review of Empirical Studies Assessing Ethical Decision Making in Business," Journal of Business Ethics (25:3), pp 185-204.
Ma, Q., and Pearson, J.M. 2005. "Iso 17799:" Best Practices" in Information Security Management?," Communications of the Association for Information Systems (15:1), pp 577-591.
MacKenzie, S.B., Podsakoff, P.M., and Ahearne, M. 1998. "Some Possible Antecedents and Consequences of in-Role and Extra-Role Salesperson Performance," The Journal of Marketing), pp 87-98.
Malhotra, Y., and Galleta, D. 2003. "Role of Commitment and Motivation in Knowledge Management Systems Implementation: Theory, Conceptualization, and Measurement of Antecedents of Success," Proceedings of the 36th Hawaii International Conference on System Sciences: IEEE, pp. 1-10.
Malhotra, Y., and Galletta, D. 2005. "A Multidimensional Commitment Model of Volitional Systems Adoption and Usage Behavior," Journal of Management Information Systems (22:1), pp 117-151.
Malhotra, Y., and Galletta, D.F. 2004. "Building Systems That Users Want to Use: Advancing Beyond the Rhetoric on “Does It Matter.”," Communications of the ACM (47:12), pp 88-94.
Mann, R.E., Smart, R.G., Stoduto, G., Adlaf, E.M., Vingilis, E., Beirness, D., Lamble, R., and Asbridge, M. 2003. "The Effects of Drinking‐Driving Laws: A Test of the Differential Deterrence Hypothesis," Addiction (98:11), pp 1531-1536.
Meyer, J.P., and Allen, N.J. 1984. "Testing the" Side-Bet Theory" of Organizational Commitment: Some Methodological Considerations," Journal of applied psychology (69:3), pp 372-378.
Meyer, J.P., and Allen, N.J. 1991. "A Three-Component Conceptualization of Organizational Commitment," Human Resource Management Review (1:1), pp 61-89.
Meyer, J.P., and Allen, N.J. 1997. Commitment in the Workplace: Theory, Research, and Application. Sage publications, inc.
Mishra, S., and Dhillon, G. 2006. "Information Systems Security Governance Research: A Behavioral Perspective," pp. 27-35.
Mowday, R.T. 1998. "Reflections on the Study and Relevance of Organizational Commitment," Human Resource Management Review (8:4), pp 387-401.
Mowday, R.T., Steers, R.M., and Porter, L.W. 1979. "The Measurement of Organizational Commitment," Journal of vocational behavior (14:2), pp 224-247.
Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., and Vance, A. 2009. "What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules&Quest; an Empirical Study," European Journal of Information Systems (18:2), pp 126-139.
Ng, B.Y., Kankanhalli, A., and Xu, Y.C. 2009. "Studying Users' Computer Security Behavior: A Health Belief Perspective," Decision Support Systems (46:4), pp 815-825.
Ng, B.Y., and Rahim, M.A. 2005. "A Socio-Behavioral Study of Home Computer Users' Intention to Practice Security," Proceedings of the Ninth Pacific Asia Conference on Information Systems, pp. 7-10.
O'Reilly, C.A., and Chatman, J. 1986. "Organizational Commitment and Psychological Attachment: The Effects of Compliance, Identification, and Internalization on Prosocial Behavior," Journal of applied psychology (71:3), pp 492-499.
Oliver, P. 1980. "Rewards and Punishments as Selective Incentives for Collective Action: Theoretical Investigations," American journal of sociology (85:6), pp 1356-1375.
Pahnila, S., Siponen, M., and Mahmood, A. 2007. "Employees' Behavior Towards Is Security Policy Compliance," Proceedings of the 40th Annual Hawaii International Conference on System Sciences: IEEE, pp. 1561-1571.
Paternoster, R. 1987. "The Deterrent Effect of the Perceived Certainty and Severity of Punishment: A Review of the Evidence and Issues," Justice Quarterly (4:2), pp 173-217.
Paternoster, R., and Simpson, S. 1996. "Sanction Threats and Appeals to Morality: Testing a Rational Choice Model of Corporate Crime," Law and Society Review (30:3), pp 549-583.
Peace, A.G., Galletta, D.F., and Thong, J.Y.L. 2003. "Software Piracy in the Workplace: A Model and Empirical Test," Journal of Management Information Systems (20:1), pp 153-177.
Pearson, F.S., and Weiner, N.A. 1985. "Toward an Intergration of Criminological Theories," J. Crim. L. & Criminology (76), pp 116-150.
Porter, L.W., Steers, R.M., Mowday, R.T., and Boulian, P.V. 1974. "Organizational Commitment, Job Satisfaction, and Turnover among Psychiatric Technicians," Journal of applied psychology (59:5), pp 603-609.
Post, G.V., and Kagan, A. 2007. "Evaluating Information Security Tradeoffs: Restricting Access Can Interfere with User Tasks," Computers & Security (26:3), pp 229-237.
Posthumus, S., and Von Solms, R. 2004. "A Framework for the Governance of Information Security," Computers & Security (23:8), pp 638-646.
Pratt, T.C., Cullen, F.T., Blevins, K.R., Daigle, L.E., and Madensen, T.D. 2006. "The Empirical Status of Deterrence Theory: A Meta-Analysis," Taking stock: The status of criminological theory (15), pp 367-396.
Randall, D.M. 1987. "Commitment and the Organization: The Organization Man Revisited," Academy of management Review), pp 460-471.
Richardson, R. 2007. "Csi/Fbi Computer Crime and Security Survey," Computer Security Institute, San Francisco.
Robey, D., and Boudreau, M.C. 1999. "Accounting for the Contradictory Organizational Consequences of Information Technology: Theoretical Directions and Methodological Implications," Information Systems Research (10:2), pp 167-185.
Schultze, U., and Leidner, D.E. 2002. "Studying Knowledge Management in Information Systems Research: Discourses and Theoretical Assumptions," Mis Quarterly (26:3), pp 213-242.
Sheeran, P. 2002. "Intention—Behavior Relations: A Conceptual and Empirical Review," European review of social psychology (12:1), pp 1-36.
Simon, H.A. 1957. "Amounts of Fixation and Discovery in Maze Learning Behavior," Psychometrika (22:3), pp 261-268.
Siponen, M., Pahnila, S., and Mahmood, A. 2007. "Employees’ Adherence to Information Security Policies: An Empirical Study," New Approaches for Security, Privacy and Trust in Complex Environments (232), pp 133-144.
Siponen, M., and Vance, A. 2010. "Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations," Mis Quarterly (34:3), pp 487-502.
Siponen, M., Willison, R., and Baskerville, R. 2008. "Power and Practice in Information Systems Security Research," Proceedings of the International Conference on Information Systems, Paris, France, pp. 1-12.
Siponen, M.T. 2000. "A Conceptual Foundation for Organizational Information Security Awareness," Information Management & Computer Security (8:1), pp 31-41.
Skinner, W.F., and Fream, A.M. 1997. "A Social Learning Theory Analysis of Computer Crime among College Students," Journal of Research in Crime and Delinquency (34:4), pp 495-518.
Smith, N.C., Simpson, S.S., and Huang, C. 2007. "Why Managers Fail to Do the Right Thing: An Empirical Study of Unethical and Illegal Conduct," Business Ethics Quarterly (17:4), pp 633-667.
Standage, T. 2002. "The Weakest Link," Economist (365:8296), pp 11-16.
Stanton, J.M., Stam, K.R., Guzman, I., and Caledra, C. 2003. "Examining the Linkage between Organizational Commitment and Information Security," IEEE, pp. 2501-2506.
Stanton, J.M., Stam, K.R., Mastrangelo, P., and Jolton, J. 2005. "Analysis of End User Security Behaviors," Computers & Security (24:2), pp 124-133.
Straub, D.W. 1990. "Effective Is Security : An Empirical Study," Information Systems Research (1:3), pp 255-276.
Straub, D.W., Carlson, P.J., and Jones, E.H. 1992. "Detering Highly Motivated Computer Abusers: A Field Experiment in Computer Security," North-Holland Publishing Co., pp. 309-324.
Straub, D.W., and Nance, W.D. 1990. "Discovering and Disciplining Computer Abuse in Organizations: A Field Study," Mis Quarterly (14:1), pp 45-60.
Straub, D.W., and Straub, W. 1990. "Effective Is Security: An Empirical Study," Information Systems Research (1:3), pp 255-276.
Straub, D.W., and Welke, R.J. 1998. "Coping with Systems Risk: Security Planning Models for Management Decision Making," Mis Quarterly (22:4), pp 441-469.
Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E. 2005. "The Insider Threat to Information Systems and the Effectiveness of Iso17799," Computers & Security (24:6), pp 472-484.
Thomson, K.L., and Von Solms, R. 2005. "Information Security Obedience: A Definition," Computers & Security (24:1), pp 69-75.
Tittle, C.R. 1980. Sanctions and Social Deviance: The Question of Deterrence. Praeger New York.
Vandenberg, R.J., Self, R.M., and Seo, J.H. 1994. "A Critical Examination of the Internalization, Identification, and Compliance Commitment Measures," Journal of Management (20:1), pp 123-140.
Venkatesh, V., and Davis, F.D. 2000. "A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies," Management science (46:2), pp 186-204.
Venkatesh, V., Morris, M.G., Davis, G.B., and Davis, F.D. 2003. "User Acceptance of Information Technology: Toward a Unified View," Mis Quarterly (27:3), pp 425-478.
Vroom, C., and Von Solms, R. 2004. "Towards Information Security Behavioural Compliance," Computers & Security (23:3), pp 191-198.
Wiener, Y. 1982. "Commitment in Organizations: A Normative View," Academy of management Review (7:3), pp 418-428.
Williams, K.R., and Hawkins, R. 1986. "Perceptual Research on General Deterrence: A Critical Review," Law & Society Review (20:4), pp 545-572.
Woon, I., Tan, G.W., and Low, R. 2005. "A Protection Motivation Theory Approach to Home Wireless Security," pp. 367-380.
Workman, M., Bommer, W.H., and Straub, D. 2008. "Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test," Computers in Human Behavior (24:6), pp 2799-2816.
Zhang, L., Smith, W.W., and McDowell, W.C. 2009. "Examining Digital Piracy: Self-Control, Punishment, and Self-Efficacy," Information Resources Management Journal (IRMJ) (22:1), pp 24-44.