The impact of formal and informal organizational norms on susceptibility to phishing: Combining survey and field experiment data

[1]  Kathryn J. L. Jacobson,et al.  The Synergistic Effect of Descriptive and Injunctive Norm Perceptions on Counterproductive Work Behaviors , 2018, Journal of Business Ethics.

[2]  Laurie J. Bonnici,et al.  Beyond the FAQ: Explicit and implicit norms in Usenet newsgroups , 2003 .

[3]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[4]  Rosanna E. Guadagno,et al.  Normative influences in organizations. , 1999 .

[5]  James C. Anderson,et al.  Predicting the performance of measures in a confirmatory factor analysis with a pretest assessment of their substantive validities. , 1991 .

[6]  S. Schwartz Normative Influences on Altruism , 1977 .

[7]  Alexander L. Davis,et al.  Quantifying Phishing Susceptibility for Detection and Behavior Decisions , 2016, Hum. Factors.

[8]  J. Elster Social Norms and Economic Theory , 1989, Handbook of Monetary Policy.

[9]  Fayez Hussain Alqahtani Developing an Information Security Policy: A Case Study Approach , 2017 .

[10]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[11]  P. Trivellas,et al.  The Human Factor of Information Security: Unintentional Damage Perspective☆ , 2014 .

[12]  Noah J. Goldstein,et al.  The Constructive, Destructive, and Reconstructive Power of Social Norms , 2007, Psychological science.

[13]  Steve Love,et al.  Security awareness of computer users: A phishing threat avoidance perspective , 2014, Comput. Hum. Behav..

[14]  Elfreda A. Chatman,et al.  Small worlds: Normative behavior in virtual communities and feminist bookselling , 2001, J. Assoc. Inf. Sci. Technol..

[15]  Lorrie Faith Cranor,et al.  School of phish: a real-world evaluation of anti-phishing training , 2009, SOUPS.

[16]  Michel Walrave,et al.  You've got mail! Explaining individual differences in becoming a phishing target , 2018, Telematics Informatics.

[17]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[18]  M. Rashidirad,et al.  Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter? , 2020, J. Comput. Inf. Syst..

[19]  Mathias Ekstedt,et al.  Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture , 2014, Comput. Secur..

[20]  Clay Posey,et al.  Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards , 2021 .

[21]  Henrik Karlzén,et al.  A meta-analysis of field experiments on phishing susceptibility , 2019, 2019 APWG Symposium on Electronic Crime Research (eCrime).

[22]  Punit Ahluwalia,et al.  Examining the impact of deterrence factors and norms on resistance to Information Systems Security , 2019, Comput. Hum. Behav..

[23]  Steven Furnell,et al.  Information security conscious care behaviour formation in organizations , 2015, Comput. Secur..

[24]  Lina Zhou,et al.  Phishing environments, techniques, and countermeasures: A survey , 2017, Comput. Secur..

[25]  I. Ajzen The theory of planned behavior , 1991 .

[26]  M. Jensen,et al.  Phishing Susceptibility across Industries: The Differential Impact of Influence Techniques , 2018 .

[27]  Rui Chen,et al.  Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email , 2012, IEEE Transactions on Professional Communication.

[28]  Mathias Ekstedt,et al.  Shaping intention to resist social engineering through transformational leadership, information security culture and awareness , 2016, Comput. Secur..

[29]  M. Deutsch,et al.  A study of normative and informational social influences upon individual judgement. , 1955, Journal of abnormal psychology.

[30]  Kun Yu,et al.  Social Engineering and Organisational Dependencies in Phishing Attacks , 2019, INTERACT.

[31]  Robert E. Kraut,et al.  Experiment 1 : Motivating Conversational Contributions Through Group Homogeneity and Individual Uniqueness , 2010 .

[32]  H. Raghav Rao,et al.  Examining the Impact of Presence on Individual Phishing Victimization , 2015, 2015 48th Hawaii International Conference on System Sciences.

[33]  Tom Postmes,et al.  More than a Metaphor: Organizational Identity Makes Organizational Life Possible , 2003 .

[34]  Sahara Byrne,et al.  The Boomerang Effect A Synthesis of Findings and a Preliminary Theoretical Framework , 2009 .

[35]  Lorrie Faith Cranor,et al.  Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[36]  M. Jalali,et al.  Why Employees (Still) Click on Phishing Links: Investigation in Hospitals , 2020, Journal of medical Internet research.

[37]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[38]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[39]  Richard Piggin Cyber security trends: What should keep CEOs awake at night , 2016, Int. J. Crit. Infrastructure Prot..

[40]  David Dequech Institutions, social norms, and decision-theoretic norms , 2009 .

[41]  Nico Martins,et al.  Improving the information security culture through monitoring and implementation actions illustrated through a case study , 2015, Comput. Secur..

[42]  C. Santos,et al.  Multilevel Research in the Field of Organizational Behavior , 2013 .

[43]  Adam N. Joinson,et al.  Exploring susceptibility to phishing in the workplace , 2018, International Journal of Human-Computer Studies.

[44]  M. Breitner,et al.  Information security awareness and behavior: a theory-based literature review , 2014 .

[45]  Rui Chen,et al.  Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model , 2011, Decis. Support Syst..

[46]  Mark F. Peterson,et al.  Measurement metrics at aggregate levels of analysis: Implications for organization culture research and the GLOBE project , 2006 .

[47]  H. Raghav Rao,et al.  An examination of the effect of recent phishing encounters on phishing susceptibility , 2020, Decis. Support Syst..

[48]  Robert B. Cialdini,et al.  The transsituational influence of social norms. , 1993 .

[49]  Arun Vishwanath,et al.  Suspicion, Cognition, and Automaticity Model of Phishing Susceptibility , 2018, Commun. Res..

[50]  Carl A. Kallgren,et al.  A Focus Theory of Normative Conduct: When Norms Do and Do not Affect Behavior , 2000 .

[51]  Rajiv N. Rimal,et al.  Understanding the Influence of Perceived Norms on Behaviors , 2003 .

[52]  Teodor Sommestad,et al.  A Review of the Theory of Planned Behaviour in the Context of Information Security Policy Compliance , 2013, SEC.

[53]  R. A. Cooke,et al.  Measuring Normative Beliefs and Shared Behavioral Expectations in Organizations: The Reliability and Validity of the Organizational Culture Inventory , 1993 .

[54]  Jingguo Wang,et al.  Employees' information security policy compliance: A norm activation perspective , 2016, Decis. Support Syst..

[55]  C. Crandall,et al.  Social norms and the expression and suppression of prejudice: the struggle for internalization. , 2002, Journal of personality and social psychology.