{"id":"https://openalex.org/W2494235946","doi":"https://doi.org/10.4018/jitr.2016040101","title":"Towards Modelling the Impact of Security Policy on Compliance","display_name":"Towards Modelling the Impact of Security Policy on Compliance","publication_year":2016,"publication_date":"2016-04-01","ids":{"openalex":"https://openalex.org/W2494235946","doi":"https://doi.org/10.4018/jitr.2016040101","mag":"2494235946"},"language":"en","primary_location":{"id":"doi:10.4018/jitr.2016040101","is_oa":false,"landing_page_url":"https://doi.org/10.4018/jitr.2016040101","pdf_url":null,"source":{"id":"https://openalex.org/S138592535","display_name":"Journal of Information Technology Research","issn_l":"1938-7857","issn":["1938-7857","1938-7865"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Technology Research","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033750060","display_name":"Winfred Yaokumah","orcid":"https://orcid.org/0000-0001-7756-1832"},"institutions":[{"id":"https://openalex.org/I2800079435","display_name":"Pentecost University College","ror":"https://ror.org/04160ha27","country_code":"GH","type":"education","lineage":["https://openalex.org/I2800079435"]}],"countries":["GH"],"is_corresponding":true,"raw_author_name":"Winfred Yaokumah","raw_affiliation_strings":["Department of Information Technology, Pentecost University College, Accra, Ghana"],"raw_orcid":"https://orcid.org/0000-0001-7756-1832","affiliations":[{"raw_affiliation_string":"Department of Information Technology, Pentecost University College, Accra, Ghana","institution_ids":["https://openalex.org/I2800079435"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101529868","display_name":"Steven A. Brown","orcid":"https://orcid.org/0000-0001-8526-6761"},"institutions":[{"id":"https://openalex.org/I193424650","display_name":"Capella University","ror":"https://ror.org/0470b8t84","country_code":"US","type":"education","lineage":["https://openalex.org/I193424650"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steven Brown","raw_affiliation_strings":["School of Business and Technology, Capella University, Minneapolis, MN, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Business and Technology, Capella University, Minneapolis, MN, USA","institution_ids":["https://openalex.org/I193424650"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087539798","display_name":"Alex Ansah Dawson","orcid":"https://orcid.org/0000-0002-6728-4357"},"institutions":[{"id":"https://openalex.org/I56822791","display_name":"Ghana Institute of Management and Public Administration","ror":"https://ror.org/04yexcn51","country_code":"GH","type":"education","lineage":["https://openalex.org/I56822791"]}],"countries":["GH"],"is_corresponding":false,"raw_author_name":"Alex Ansah Dawson","raw_affiliation_strings":["School of Technology, Ghana Institute of Management and Public Administration, Accra, Ghana"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Technology, Ghana Institute of Management and Public Administration, Accra, Ghana","institution_ids":["https://openalex.org/I56822791"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5033750060"],"corresponding_institution_ids":["https://openalex.org/I2800079435"],"apc_list":null,"apc_paid":null,"fwci":2.7622,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.92105653,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":"9","issue":"2","first_page":"1","last_page":"16"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.991599977016449,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/itil-security-management","display_name":"ITIL security management","score":0.6072483658790588},{"id":"https://openalex.org/keywords/security-convergence","display_name":"Security convergence","score":0.5938517451286316},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.5835855603218079},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.5807999968528748},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5644434094429016},{"id":"https://openalex.org/keywords/information-security-management","display_name":"Information security management","score":0.5575023293495178},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.5542951822280884},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.5520369410514832},{"id":"https://openalex.org/keywords/compliance","display_name":"Compliance (psychology)","score":0.5198619961738586},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.48843851685523987},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.47659724950790405},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.4726024270057678},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.4705800414085388},{"id":"https://openalex.org/keywords/structural-equation-modeling","display_name":"Structural equation modeling","score":0.4443175196647644},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4400518834590912},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.43397608399391174},{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.4285953640937805},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.41045069694519043},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4032937288284302},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3663194179534912},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.36530232429504395},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3443868160247803},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.0615653395652771}],"concepts":[{"id":"https://openalex.org/C114351632","wikidata":"https://www.wikidata.org/wiki/Q5974820","display_name":"ITIL security management","level":5,"score":0.6072483658790588},{"id":"https://openalex.org/C52420254","wikidata":"https://www.wikidata.org/wiki/Q7445028","display_name":"Security convergence","level":5,"score":0.5938517451286316},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.5835855603218079},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.5807999968528748},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5644434094429016},{"id":"https://openalex.org/C148976360","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management","level":5,"score":0.5575023293495178},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.5542951822280884},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.5520369410514832},{"id":"https://openalex.org/C2781460075","wikidata":"https://www.wikidata.org/wiki/Q1399332","display_name":"Compliance (psychology)","level":2,"score":0.5198619961738586},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.48843851685523987},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.47659724950790405},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.4726024270057678},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.4705800414085388},{"id":"https://openalex.org/C71104824","wikidata":"https://www.wikidata.org/wiki/Q1476639","display_name":"Structural equation modeling","level":2,"score":0.4443175196647644},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4400518834590912},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.43397608399391174},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.4285953640937805},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.41045069694519043},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4032937288284302},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3663194179534912},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.36530232429504395},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3443868160247803},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0615653395652771},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.4018/jitr.2016040101","is_oa":false,"landing_page_url":"https://doi.org/10.4018/jitr.2016040101","pdf_url":null,"source":{"id":"https://openalex.org/S138592535","display_name":"Journal of Information Technology Research","issn_l":"1938-7857","issn":["1938-7857","1938-7865"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Technology Research","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:igg:jitr00:v:9:y:2016:i:2:p:1-16","is_oa":false,"landing_page_url":"http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/JITR.2016040101","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W1539995530","https://openalex.org/W1545460766","https://openalex.org/W1562591834","https://openalex.org/W1602619638","https://openalex.org/W1607912078","https://openalex.org/W1641396650","https://openalex.org/W1964676527","https://openalex.org/W1981251392","https://openalex.org/W1987258130","https://openalex.org/W1988050849","https://openalex.org/W1997836764","https://openalex.org/W2001715592","https://openalex.org/W2024419606","https://openalex.org/W2034382614","https://openalex.org/W2036634567","https://openalex.org/W2044460028","https://openalex.org/W2045518222","https://openalex.org/W2076538849","https://openalex.org/W2083372322","https://openalex.org/W2085206464","https://openalex.org/W2090552208","https://openalex.org/W2108401663","https://openalex.org/W2112081648","https://openalex.org/W2337005109","https://openalex.org/W2337703333","https://openalex.org/W2497122092","https://openalex.org/W3021948815","https://openalex.org/W3122877168","https://openalex.org/W3124838019"],"related_works":["https://openalex.org/W2584162156","https://openalex.org/W2066297175","https://openalex.org/W3048038405","https://openalex.org/W4386396756","https://openalex.org/W1573253764","https://openalex.org/W3202944588","https://openalex.org/W2483557577","https://openalex.org/W3152008927","https://openalex.org/W2809002989","https://openalex.org/W3195449469"],"abstract_inverted_index":{"This":[0],"study":[1,68],"develops":[2],"a":[3],"model,":[4],"based":[5],"on":[6,78,116,134,143],"the":[7,16,38,67,113,122,130,138],"controls":[8],"present":[9],"in":[10],"ISO/IEC":[11],"27002":[12],"framework,":[13],"to":[14],"integrate":[15],"role":[17],"of":[18,29,84,140],"technical":[19],"and":[20,37,53,64,93,98,101,111,119,127],"administrative":[21],"security":[22,31,35,52,72,80,85,91,96,99,109,117,135,141],"controls.":[23],"The":[24,82],"model":[25],"provides":[26],"better":[27],"understanding":[28],"how":[30],"policy":[32,73,86,105,142],"can":[33],"influence":[34,77,133],"compliance":[36,144],"pathway":[39],"through":[40],"which":[41],"this":[42],"effect":[43,83,115],"is":[44,87,145],"generated.":[45],"Data":[46],"were":[47],"collected":[48],"from":[49],"223":[50],"IT":[51],"management":[54],"professionals.":[55],"Using":[56],"Partial":[57],"Least":[58],"Square":[59],"Structural":[60],"Equation":[61],"Modelling":[62],"(PLS-SEM)":[63],"testing":[65],"hypotheses,":[66],"finds":[69],"that":[70],"information":[71,79],"has":[74,112,129],"significant":[75,132],"indirect":[76],"compliance.":[81,136],"fully":[88],"mediated":[89],"by":[90],"roles":[92,118],"responsibilities,":[94],"operations":[95,108],"activities,":[97],"monitoring":[100,126],"review":[102],"activities.":[103],"Security":[104],"strongly":[106],"influences":[107],"activities":[110],"greatest":[114],"responsibilities.":[120],"Among":[121],"three":[123],"mediating":[124],"variables,":[125],"reviews":[128],"most":[131],"Conversely,":[137],"impact":[139],"not":[146],"significant.":[147]},"counts_by_year":[{"year":2020,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}