How protection motivation and social bond factors determine information security behaviors


  • Jean-François Berthevas IAE Orleans, Université d'Orléans


Protection motivation theory, social bond theory, malware protection, information security awareness, gender, work experience, PLS-SEM.


Digital technologies are ubiquitous, with the proliferation of attacks on information assets as a corollary. Thus, information security appears to be a crucial issue for individuals and managers. While the attempt to identify the factors that guide the information security behaviours of actors is not new, it remains more necessary and topical than ever. From this perspective, this empirical study contributes to a better understanding of the cognitive and socialization factors that influence information security behaviors. Using a second-order hierarchical model with partial structural least squares equation modeling, we test the applicability of protection motivation theory (PMT) and social bond theory (SBT) to the information security awareness (ISTA) and malware protection behaviors (MPB) of 430 students. Thus, the approach we adopt allows us to measure and compare the global and specific effects of cognitive and socialization factors on security behaviors. The results show that SBT and PMT have comparable and complementary effects on endogenous variables. In addition, the factors and effects of SBT vary by gender. Finally, ISTA is partially involved in the influence of PMT and SBT on BPM. On the one hand, these results suggest the need for more in-depth research to better integrate the impact of individuals' characteristics, personality and backgrounds on the cognitive and socialization factors that influence their behavior. On the other hand, we suggest that the design of information security awareness should be better adapted to the different cognitive and socialization factors of individuals. We also provide detailed recommendations on how practitioners could design information security awareness measures.

Author Biography

Jean-François Berthevas, IAE Orleans, Université d'Orléans

Jean-Francois Berthevas est Maître de Conférences à l’École de Management de l’Université d’Orléans, France. Il est membre du Centre de Recherche Val de Loire Recherche en Management (VALLOREM, Tours et Orléans). Ses recherches actuelles portent sur la sécurité de l’information et les questions comportementales, ainsi que sur la transformation numérique des organisations. Il a été directeur de l’école de management de l’université d’Orléans (France). Il a 21 ans d’expérience en entreprise, dont 10 ans comme informaticien et 7 ans comme manager dans le domaine des télécommunications et de la cybersécurité dans de grandes entreprises (IBM GNS, AT&T GNS, Engie).


Ahuja, MK & Thatcher, J.B. (2005, “Moving beyond intention and toward the theory of trying: effects of work environment and gender on post-adoption information technology use”, MIS Quarterly, vol. 29, n°3, p. 427-459.

Adya, M. & Kaiser, K. (2005), “Early determinants of women in the IT workforce: A model of girls’ career choice”, Information Technology and People, vol.18, n°3, p. 230-259.

Anderson, C.L., R. Agarwal, R. (2010). “Practicing safe computing: a multimethod empirical examination of home computer user security behavioral intentions”, MIS Quarterly, vol. 34, n°33, p. 613-643.

Anwar, M., He, W., Ivan Ash, I., Yuan, X., Li, L., & Xu, L. (2017), “gender difference and employees’ cybersecurity behaviors”, Computers in Human Behavior, vol. 69, p. 437-443.

Baillette, P., Barlette, Y., Leclercq-Vandelannoitte, A. (2018), “Bring Your Own Device in organizations: extending the reversed IT adoption logic to security paradoxes for CEOs and end-users”, International Journal of Information Management, vol. 43, p. 76-84.

Bandura, A. (1986), “Social foundations of thought and action: A social cognitive theory”, Englewood Cliffs, NJ: Prentice Hall.

Berthevas, J-F., (2018), “Students’ computers safety behaviors, under effects of cognition and socialization: when gender and job experience influence information security behaviors”, IEEE International Conference on Technology Management, Operations and Decisions (ICTMOD).

Berthevas, J-F., (2019), “Students' computers safety behaviors, under effects of cognition and socialization: when gender and job experience influence information security behaviors”, 24eme conférence de l’Assocition Information & Management (AIM), Nantes, France.

Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015), “What do users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors”, MIS Quaterly, vol. 39, n°4, p. 837-864.

Brown, S.A, Massey, A.P., Montoya-Weiss M. M. and Burkman JR. (2002), “Do I really have to? User acceptance of mandated technology”, European Journal of Information Systems, vol. 11, n°4, p.283-295.

Buffalo, M. D. & Rogers, J. W. (1971), “Behavioral norms, moral norms, and attachment: problems of deviance and conformity”, Social Problems, vol. 19, n°1, p. l0l-113.

Bulgurcu, B., Cavusoglu, H., Benbasat, I.I. (2010), “Information Security Policy compliance: an empirical study of rationality-based beliefs and information security awareness”, MIS Quarterly, vol. 34, n°3, p. 523–548.

Casper W.J., C.M. Harris, C.M. (2007), “Work-life benefits and organizational attachment: Selfinterest utility and signaling theory models”, Journal of Vocational Behavior, vol. 72, n°1, p. 95-109.

Chandon, P., Morwitz, V. G., Reinartz, W., J. (2005), “Do Intentions Really Predict Behavior? Self-Generated Validity Effects in Survey Research”, Journal of Marketing, vol. 69, n°2, p. 1-14.

Chattopadhyay, P., George, E., Shulman, A. (2008), “The asymmetrical influence of sex dissimilarity in distributive vs. colocated work groups”, Organization Science, vol. 19n n°4, p. 581-593.

Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q, (2013), “Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory”, Computers and Security, vol. 39, p. 447‑459.

Chriss, J. J. (2007), “The functions of social bond”, The Sociological Quarterly, vol.48, p. 689-712.

Claar CL, Johnson J. (2012), “Analyzing home PC security adoption behavior”, Journal of Computer Information System, vol. 52, n°4, p. 20–29.

Cohen, J. (1988). “Statistical Power Analysis for the Behavioral Sciences”, Lawrence Erlbaum Associates, Hillsdale, NJ.

Cram, A., D’Arcy., J., Proudfout, J.G. (2019), “A meta-analysis of the antecedents to information security Policy Compliance”, MIS Quarterly, vol. 43, n°2, p. 525-554.

Crossler, R.E, Long, J.H, Loraas, T.M. Trinkle B.S. (2014), “Understanding compliance with BYOD (bring your own device) policies utilizing protection motivation theory: bridging the intention behavior gap” Journal of Information System, vol. 28, n°1, p. 209-226.

D’Arcy, J., Hovav, A., & Galletta, D. (2009). “User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach”, Information Systems Research, vol. 20, n°1, p. 79-98.

Diamantopoulos, A., and Winklhofer, H. M. (2001)., “Index Construction with Formative Indicator’s: An Alternative to Scale Development”, Journal of Marketing Research, vol. 38, n°2, p. 269-277.

Dinev, T., & Hu, Q. (2007), “The centrality of awareness in the formation of user behavioral intention toward protective information technologies”, Journal of the Association for Information Systems, vol. 8, n°7, p. 386-408.

Durkin, K.F., Wolfe, T.W., Clark G. (1999), “Social bond theory and binge drinking among college students: a multivariate analysis”, College Student Journal, vol. 33, p. 450-461.

Ellison, N. B., Steinfield, C., Lampe, C. (2007), “The benefits of facebook friends:social capital and college students’ use of online social network sites”, Journal of Computer-Mediated Communication, vol. 12, n°4, p. 1143-1168.

ENISA, (2018), “Cyber Security Culture in Organizations”, available at organisations.

Feldman, J. M., Lynch, J. G. (1998), “Self-Generated Validity and Other Effects of Measurement on Belief, Attitude, Intention, and Behavior”, Journal of Applied Psychology, vol. 73, n°3, p. 422-435.

Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000), “A meta-analysis of research on protection motivation theory”, Journal of applied social psychology, vol. 30, n°2, p. 407-429.

Foote, N., Matson, E., Weiss, L., & Wenger, E. (2002), “Leveraging group knowledge for high-performance decision-making”, Organizational Dynamics, vol. 31, n°33, p. 280-295.

Fornell, C., Larcker, D. F. (1981), “Evaluating structural equation models with unobservable variables and measurement error”, Journal of marketing research, vol. 18, p. 39-50.

Furnell, S.M., Bryant, P., Phippen, A.D. (2007). “Assessing the security perceptions of personal Internet users”, Computers & Security, vol. 26, p. 410-417.

Global Internet Report on the Futur of the Internet, (2017), “Path to Our Digital Futur”, Internet Society, available at

Gorsuch, R. L. (1983), “Factor Analysis”, Hillsdale, NJ: Lawrence Erlbaum Associates.

Gudergan, S.P., Ringle, C.M., Wende, S., Will, A. (2008), “Confirmatory tetrad analysis in PLS path modeling”, Journal of Business Research, vol. 61, n°1, p. 1238-1249.

Haag, S., Eckhart, A., & Schwartz, A. (2019), “The Acceptance of Justifications among Shadow IT Users and Nonusers – An Empirical Analysis”, Information & Management, vol. 56, n°), p. 731-741.

Hair, J. F., Hult, G. T. M., Ringle, C., & Sarstedt, M. (2017). “A primer on partial least squares structural equation modeling (PLS-SEM)”, Thousand Oaks, CA: Sage Publications.

Hanus, B., & Wu, Y. “Andy”. (2016), “Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective”, Information Systems Management, vol. 33, n°1, p. 2-16.

Henseler, J., Hubona, G., & Ray, P. A. (2016), “Using PLS path modeling in new technology research: Updated guidelines”, Industrial Management & Data Systems, vol. 116, n°1, p. 2-20.

Henseler, J., Ringle, C.M., & Sarstedt, M. (2016). “Testing Measurement Invariance of Composites Using Partial Least Squares”, International Marketing Review, vol. 33, n°3, p. 405-431.

Henseler, J., Ringle, C.M., & Sarstedt, M. (2015). “A new criterion for assessing discriminant validity in variance-based structural equation modeling”, Journal of the Academy of Marketing Science, vol. 43, p. 115-135.

Herath, T., Rao, H.R. (2009), “Protection motivation and deterrence: a framework for security policy compliance in organisations”, European Journal of Information Systems, vol. 18, n°2, p. 106-125.

Hirschi, T. (2002), “Causes of Delinquency”, Transaction Publishers, New Brunswick, NJ.

Hu, Q., Dinev, T., Hart, P., Cooke, D. (2012), “Managing employee compliance with information pecurity Policies: the critical role of top management and organizational culture”, Decision Sciences Volume, vol. 43, n°4, p. 615-659.

Hoffman, L.W. (1972), “Early childhood experiences and women’s achievement motives”, Journal of Social Issues, vol. 28, n°2, p. 129-155.

Ifinedo, P. (2014). “Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition”, Information & Management, vol. 51, n°1, p. 69–79.

Ifinedo, P. (2012), “Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory”, Computer & Security, vol. 31, n°1, p. 83–95.

Insee, (2017), « Usage de l’Internet pour les relations sociales », available at

James, W. (1975), “Philosophical conceptions and practical results”, In F. H. Burkhardt (ed.).Pragmatism. Cambridge, MA: Harvard University Press, p. 257-270.

Jayanti, N.K., Burns, A.C. (1998), “The antecedents of preventive health care behavior: an empirical study”, Journal of the Academy of Marketing Science, vol. 26, n°1, p. 6-15.

Johnson, R. E., Rosen, C. C., Chang, C.-H. (Daisy). Djurdjevic, E., & Taing, M. U. (2012), “Recommendations for improving the construct clarity of higher-order multidimensional constructs”, Human Resource Management Review, vol. 22, n°2, p. 62-72.

Johnston, A. C., & Warkentin, M. (2010), “Fear appeals and information security behaviors: an empirical study”, MIS quarterly, vol. 34, n°3, p. 549-566.

Johnston, A. C., Warkentin, M., & Siponen, M. (2015), “An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric”, MIS Quarterly, vol. 39, n°1, p. 113-134.

Kim, M. J., Lee, C-K., Preis, M. W. (2016), “Seniors' loyalty to social network sites: Effects of social capital and attachment”, International Journal of Information Management, vol. 36, n°6, p. 1020-1032.

Klesel, M., Schuberth, F., Henseler, J. Niehaves, B. (2019), “A test for multigroup comparison using partial least squares path modeling”, Internet Research, vol. 29, n°3, pp. 464-477.

Krohn, M D., Massey, JL. (1980), “Social Control and Delinquent Behavior: An Examination of the Elements of the Social Bond”, The Socialogical Quarterly, vol. 21, n°4, p. 529-543.

LaRose, R., Rifon, N. J., and Enbody, R. (2008), “Promoting Personal Responsibility for Internet Safety”. Communications of the ACM, vol. 51, n°3, p. 71-76.

Law, K.S., Wong, C., Mobley, W.H. (1998), “Toward a taxonomy of multidimensional constructs”, Academy of Management Review, vol. 23, n°4, p.741-755.

Lebek, B., Uffen, J., Neumann, M., Hohler, B., Breitner, M. H. (2014), “Information security awareness and behavior: a theory-based literature review, Management Research Review, vol. 37, n°12, p. 1049-1092.

Lee, Y., & Larsen, K. R. (2009), “Threat or Coping Appraisal: Determinants of SMB Executives' Decision to Adopt Anti-Malware Software”, European Journal of Information Systems, vol. 1, n°2, p. 177-187.

Lee, D., Larose, R., & Rifon, N. (2008), “Keeping our network safe: a model of online protection behaviour”, Behaviour & Information Technology, vol. 27, n°5, p. 445‑454.

Lee, Y., Kozar, K.A., (2005), “Investigating factors affecting the adoption of anti-spyware systems”, Communications of the ACM, vol. 48, n°8, p. 72-77.

Lee, S.M., Lee, S-G., Yoo, S. (2004), “An integrative model of computer abuse based on social control and general deterrence theories”, Information & Management, vol. 41, n°6, p. 707-718.

Li, L., He, W., Li, X., Ash, I., Anwar, M., Yuan, Y. (2019), “Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior”, International Journal of Information Management, vol. 45, p. 13-24.

Liang, H., Xue, Y. (2010),”Understanding security behaviors in personal computer usage: A threat avoidance perspective”, Journal of the Association for Information Systems, vol. 11, n°7, p. 394-413.

Limayem, M., Hirt, S. G., Cheung, C. M.K. (2007), “How Habit Limits the Predictive Power of Intention: The Case of Information Systems Continuance”, MIS Quarterly, vol. 31, n°4, p. 705-737.

Lindell, M. K., Whitney, D. J. (2001), “Accounting for common method variance in cross-sectional research designs”, Journal of Applied Psychology, vol. 86, n°1, p. 114-121.

McCormac A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M., (2017), “Individual differences and Information Security Awareness”, Computers in Human Behavior, vol. 69, p. 151-156.

MacKenzie, S. B., Podsakoff, P. M., & Jarvis, C. B. (2005), “The Problem of Measurement Model Misspecification in Behavioral and Organizational Research and Some Recommended Solutions”, Journal of Applied Psychology, vol. 90, n°4, p. 710-730.

Malhotra, N. K., Kim, S. S., & Patil, A. (2006), “Common method variance in IS research: A comparison of alternative approaches and a reanalysis of past research”, Management science, vol. 52, n°12, p.1865-1883.

Malhotra, N.K., Schaller, T.K., & Patil, A. (2017), “Common method variance in advertising research: When to be concerned and how to control for it”, Journal of Advertising, vol. 46, n°1, p. 193-212.

Maruping, O., M., Magmi, M. (2012), “What’s the Weather Like? The Effect of Team Learning Climate, Empowerment Climate, and Gender on Individuals’ Technology Exploration and Use”, Journal of Management Information Systems, vol. 29, n°1, p. 79-113.

Mwagwabi, F., McGill, T., Dixon, M. (2014), “Improving Compliance with Password Guidelines: How User Perceptions of Passwords and Security Threats Affect Compliance with Guidelines”, Proceedings of the Annual Hawaii International Conference on System Sciences.

Ng, B.-Y., Kankanhalli, A., & Xu, Y. (2009),”Studying users ’computer security behavior: A health belief perspective”, Decision Support Systems, vol. 46, n°4, p. 815-825.

Petter, S., Straub, D., & Rai, A. (2007), “Specifying formative constructs in information systems research” MIS Quarterly, vol. 31, n°4, p. 623-656.

Preacher, K. J., & Hayes, A. F. (2008),” Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models”, Behavior research methods, vol. 40, n°3, p. 879-891.

Puhakainen, P., & Siponen, M. (2010), “Improving employees’ compliance through information systems security training: an action research study”, MIS Quarterly, vol.34, n°4, p. 757-778.

PWC Report. (2018). “The Global State of Information Security Survey”, available at

Ransbotham, S., Fichman, R.G., Gopal, R., Gupta, A. (2016), “Ubiquitous IT and Digital Vulnerabilities”, Information Systems Research, vol. 27, n°4, p. 834-847.

Ridley, G., Young, J. (2012), “Theoretical approaches to gender and IT: examining some Australian evidence”, Information Systems Journal, vol. 22, p. 355-373.

Ringle, C.M., Sarstedt, M., Straub, D.W. (2012),”Editor’s comments: a critical look at the use of PLS-SEM”, MIS Quarterly, vol. 36, n°1, iii-xiv.

Ringle, C. M. & Sarstedt, M. (2016),”Gain More Insight from Your PLS-SEM Results: The Importance-Performance Map Analysis”, Industrial Management & Data Systems, vol. 116, n°9, p. 1865-1986.

Ringle, C. M., Sarstedt, M., Mitchell, R., and Gudergan, S. P. (2018), “Partial Least Squares Structural Equation Modeling in HRM Research”, International Journal of Human Resource Management, p. 1-27.

Richter, N. F., Cepeda, G., Roldán, J. L., & Ringle, C. M. (2016),”European management research using partial least squares structural equation modeling (PLS-SEM)”, European Management Journal, vol. 34, n°6, p. 589–597.

Rocha Flores, W., Antonsen, E., Ekstedt, M. (2014), “Information security knowledge sharing in organizations: investigating the effect of behavioral information security governance and national culture”, Computesr & Security, vol. 43, p. 90-110.

Rogers RW. (1975), “A protection motivation theory of fear appeals and attitude change”, Journal of Psychololgy, vol. 91, n°1, p. 93-114.

Rogers RW. (1983), “Cognitive and physiological processes in fear appeals and attitude change: a revised theory of protection motivation”, In: Cacioppo J, Petty R, editors. Social psychophysiology: a sourcebook. NewYork: Guilford Press, p. 153-177.

Rogers, R. W., & Prentice-Dunn, S. (1997), “Protection Motivation Theory,” in Handbook of Health Behavior Research I: Personal and Social Determinants, D. S. Gochman (ed.). New York: Plenum Press, p. 113-132.

Safa, N.S., von Solms, R., Furnell, S. (2016), “Information security policy compliance model in organizations”, Computers & security, vol. 56, p. 70-82.

Sarstedt, M., Ringle, C. M., & Hair, J. F. (2017). “Partial least squares structural equation modeling”, in C. Homburg, M. Klarmann, & A. Vomberg (Eds.). Handbook of market research. Heidelberg: Springer.

Simmering, M. J., Fuller, C. M., Richardson, H. A., Ocal, Y., & Atinc, G. M. (2015), “Marker variable choice, reporting, and interpretation in the detection of common method variance: A review and demonstration”, Organizational Research Methods, vol. 18, n°3, p. 473-511.

Siponen, M., Adam Mahmood, M., & Pahnila, S. (2014), “Employees’ adherence to information security policies: An exploratory field study”, Information & Management, vol. 51, n°2, p. 217-224.

Siponen, M. (2000), “A conceptual foundation for organizational information security awareness”, Information Management & Computer Security, vol. 8, p. 31-41.

Soomro, Z. A., Shah, M. H., Ahmed, J. (2016). “Information security management needs more holistic approach: A literature review”, International Journal of Information Management, vol. 36, n°2, p. 215-225.

Spears, J., L., Barki, H. (2010), “User Participation in IS Security Risk Management”, MIS Quarterly, vol. 4, n°3, p. 503-522.

Symantec, rapport Internet Security Threat. (2017), center/threat-report.

Tamjidyamcholo, A., Bin Baba, M. S., Shuib, N. L. M., & Rohani, V. A. (2014), “Evaluation model for knowledge sharing in information security professional virtual community”, Computers & Security, vol. 43, p. 19-34.

Tenenhaus, M., Vinzi, V. E., Chatelin, Y.-M., & Lauro, C. (2005), “PLS path modeling”, Computational Statistics & Data Analysis, vol. 48, n°1, p. 159-205.

Thompson, N., McGill, T. J., & Wang, X. (2017). “Security begins at home: Determinants of home computer and mobile device security behavior”, Computers & Security, vol. 70, p. 376-391.

Trauth, E. (2002),” Odd girl out: an individual differences perspective on women in the IT profession”, Information Technology and People, vol. 15, p. 98-118.

Trauth, E. (2006), “Theorizing gender and information technology research using the individual differences theory of gender and IT”, In: The Encyclopedia of Gender and Information Technology, Trauth, E. (Ed.). p. 1154-1159. Idea Group Publishing, Hershey, PA, USA.

Trauth, E. & Quesenberry, J. (2007), “Gender and the information technology workforce: issues of theory and practice.In: Managing IT Professions in the Internet Age”, Yoong, P. & Huff, S. (Ed). P. 18-36. Idea Group, Hershey, PA, USA.

Triandis, H. C. (1980). "Values, attitudes and interpersonal behavior." In H. E. Howe & M. Page (Eds.). Nebraska symposium on motivation, vol. 37, p. 195-259. Lincoln: University of Nebraska Press.

Tsai, H.S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N.J., Cotten, S.R. (2016), “Understanding online safety behaviors: a protection motivation theory perspective, Computers & Security, vol. 59, p. 138-150.

Tu, Z., Turel, O., Yuan, Y., Archer, N. (2015), “Learning to cope with information security risks regarding mobile device loss or theft: an empirical examination” Information & Management, vol. 52, n°4, p. 506–17.

UE Commissiopn I2010 Report, Communiqué de press, available http ://

Vance, A., Siponen, M., & Pahnila, S. (2012), “Motivating IS security compliance: Insights from Habit and Protection Motivation Theory”, Information & Management, vol. 49, n°3‑4, p. 190-198.

Venkatesh, V., and Morris, M.G. (2000), “Why don’t men ever stop to ask for directions? Gender, social influence, and their role in technology acceptance and usage behavior”, MIS Quarterly, vol. 24, n°1, p. 115-139.

Venkatesh, V., Morris, M.G., Ackerman, P.L. (2000), “A longitudinal field investigation of gender differences in individual technology adoption decision-making processes”, Organizational Behavior and Human Decision Processes, vol. 83, n°1, p. 33-60.

Venkatesh, V., James Y. L. Thong, J. Y., Xu. X. (2012), “Consumer Acceptance and Use of Information Technology: Extending the Unified Theory of Acceptance and Use of Technology”, MIS Quaterly, vol. 36, n°1, p. 147-156.

Vroom, C. & von Solms, R. (2004). “Towards information security behavioural compliance”, Computers & Security, vol. 23, p. 191-198.

Warkentin, M., Johnston A. C., Shropshire, J., Barnett, W. D., (2016), “Continuance of protective security behavior: A longitudinal study”, Decision Support Systems, vol. 92, p. 25-35.

Wetzels, M. Odekerken-Schröder, G. & Van Oppen, C. (2009), “Using PLS path modeling for assessing hierarchical construct models: Guidelines and empirical illustration”, MIS Quarterly, vol. 33, n°1. P. 177-195.

Woon, G-W. Tan, Low, R. (2005). “A protection motivation theory approach to home wireless security”, ICIS proceedings, Paper n° 31.

Wu, J. Du, H. (2012), “Toward a better understanding of behavioral intention and system usage constructs”, European Journal of Information Systems, vol. 21, p. 680-698.

Yazdanmehr, A., Jingguo, W. (2016), “Employees' information security policy compliance: A norm activation perspective”, Decision Support Systems, vol. 92, p. 36-46.

Yoon, C., Hwang, J-W., Kim, R. (2012). “Exploring Factors That Influence Students’ Behaviors in Information Security”. Journal of Information Systems Education, vol. 23, n°4, p. 407–415.





Empirical research