当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
A Meta-analysis of the Deterrence Theory in Security-compliant and Security-risk Behaviors
Computers & Security ( IF 4.8 ) Pub Date : 2020-09-01 , DOI: 10.1016/j.cose.2020.101928 Kuang-Ming Kuo , Paul C Talley , Chi-Hsien Huang
Computers & Security ( IF 4.8 ) Pub Date : 2020-09-01 , DOI: 10.1016/j.cose.2020.101928 Kuang-Ming Kuo , Paul C Talley , Chi-Hsien Huang
Abstract Deterrence theory has been widely adopted in the study of information security management; however, evidence frequently presents sometimes contradictory results. Prior meta-analytic studies have focused primarily on the use of formal deterrence constructs to predict security-compliant behavior, while informal deterrence constructs and security-risk behavior are often neglected as a result. This study aims to meta-analyze the relationships formed between both formal/informal deterrence constructs and security-compliant/risk behaviors in a comprehensive manner beyond what has taken place in prior IS security meta-analysis based on deterrence theory. By searching multiple electronic databases, we have located 40 studies, along with 108 effect sizes, pertinent to our study's purpose. Inverse variance method weighted with sample sizes was used to determine mean effect sizes. The random-effects model was used to report meta-analysis results since Q, I2, and H index showed some degree of heterogeneity existent in the collected data. Publication bias was assessed by means of fail-safe N. All proposed relationships occurring between formal/informal deterrence constructs and security-compliant/-risk behaviors were supported. Formal deterrence constructs exerted weak to moderate effects on security behavior, while informal deterrence constructs exerted moderate to strong effects on security behavior. Further, informal deterrence constructs showed greater mean effect sizes than formal deterrence constructs. Additionally, prediction intervals of deterrence constructs, along with detection certainty, included zero, which indicated that moderators may be present. Based on these findings, the mean effect sizes of deterrence constructs may be more clearly identified when dividing security behavior into both compliant- and risk- behaviors. Further moderators might be employed to improve the inconsistent findings evidenced in deterrence theory.
中文翻译:
安全合规与安全风险行为威慑理论的元分析
摘要 威慑理论在信息安全管理研究中被广泛采用;然而,有时证据往往会给出相互矛盾的结果。先前的元分析研究主要集中在使用正式威慑结构来预测安全合规行为,而非正式威慑结构和安全风险行为往往因此被忽视。本研究旨在以综合方式对正式/非正式威慑结构与安全合规/风险行为之间形成的关系进行元分析,超越先前基于威慑理论的 IS 安全元分析。通过搜索多个电子数据库,我们找到了与我们的研究目的相关的 40 项研究以及 108 个效应量。使用样本量加权的逆方差方法来确定平均效应量。随机效应模型用于报告荟萃分析结果,因为 Q、I2 和 H 指数显示收集的数据存在一定程度的异质性。发表偏倚通过故障安全 N 进行评估。正式/非正式威慑结构与安全合规/风险行为之间发生的所有拟议关系都得到支持。正式威慑结构对安全行为产生弱到中等的影响,而非正式威慑结构对安全行为产生中等到强的影响。此外,非正式威慑结构显示出比正式威慑结构更大的平均效应量。此外,威慑结构的预测区间以及检测确定性包括零、这表明可能存在版主。根据这些发现,将安全行为分为合规行为和风险行为时,可以更清楚地确定威慑结构的平均效果大小。可能会使用更多的调节器来改进威慑理论中证明的不一致的发现。
更新日期:2020-09-01
中文翻译:
安全合规与安全风险行为威慑理论的元分析
摘要 威慑理论在信息安全管理研究中被广泛采用;然而,有时证据往往会给出相互矛盾的结果。先前的元分析研究主要集中在使用正式威慑结构来预测安全合规行为,而非正式威慑结构和安全风险行为往往因此被忽视。本研究旨在以综合方式对正式/非正式威慑结构与安全合规/风险行为之间形成的关系进行元分析,超越先前基于威慑理论的 IS 安全元分析。通过搜索多个电子数据库,我们找到了与我们的研究目的相关的 40 项研究以及 108 个效应量。使用样本量加权的逆方差方法来确定平均效应量。随机效应模型用于报告荟萃分析结果,因为 Q、I2 和 H 指数显示收集的数据存在一定程度的异质性。发表偏倚通过故障安全 N 进行评估。正式/非正式威慑结构与安全合规/风险行为之间发生的所有拟议关系都得到支持。正式威慑结构对安全行为产生弱到中等的影响,而非正式威慑结构对安全行为产生中等到强的影响。此外,非正式威慑结构显示出比正式威慑结构更大的平均效应量。此外,威慑结构的预测区间以及检测确定性包括零、这表明可能存在版主。根据这些发现,将安全行为分为合规行为和风险行为时,可以更清楚地确定威慑结构的平均效果大小。可能会使用更多的调节器来改进威慑理论中证明的不一致的发现。
京公网安备 11010802027423号