Information security awareness and behavior: a theory-based literature review

Purpose – This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for future research are worked out by analyzing and synthesizing existing literature. Design/methodology/approach – This paper presents the results of a literature review comprising 113 publications. The literature review was designed to identify applied theories and to understand the cognitive determinants in the research field. A meta-model that explains employees’ IS security behavior is introduced by assembling the core constructs of the used theories. Findings – The paper identified 54 used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM). By synthesizing results of empirically tested research models, a survey of factors proven to have a significant influence on empl...

[1]  Rui Chen,et al.  Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service , 2014, Inf. Syst. J..

[2]  Alexandra Durcikova,et al.  What Kind of Interventions Can Help Users from Falling for Phishing Attempts: A Research Proposal for Examining Stage-Appropriate Interventions , 2013, 2013 46th Hawaii International Conference on System Sciences.

[3]  Michael H. Breitner,et al.  Management of Technical Security Measures: An Empirical Examination of Personality Traits and Behavioral Intentions , 2013, 2013 46th Hawaii International Conference on System Sciences.

[4]  Ayako Komatsu,et al.  Human aspects of information security: An empirical study of intentional versus actual behavior , 2013, Inf. Manag. Comput. Secur..

[5]  Richard G. Brody,et al.  Flying under the radar: social engineering , 2012 .

[6]  Stephen Flowerday,et al.  The enemy within: A behavioural intention model and an information security awareness process , 2012, 2012 Information Security for South Africa.

[7]  Evangelos A. Kiountouzis,et al.  Analyzing Trajectories of Information Security Awareness , 2012, Inf. Technol. People.

[8]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[9]  Keshnee Padayachee,et al.  Taxonomy of compliant information security behavior , 2012, Comput. Secur..

[10]  Nesren Waly,et al.  Improving Organisational Information Security Management: The Impact of Training and Awareness , 2012, 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems.

[11]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[12]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[13]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[14]  Jose J. Gonzalez Exploring Collaborative Modeling as Teaching Method , 2012, 2012 45th Hawaii International Conference on System Sciences.

[15]  Jeffrey L. Jenkins,et al.  Forget the Fluff: Examining How Media Richness Influences the Impact of Information Security Training on Secure Behavior , 2012, 2012 45th Hawaii International Conference on System Sciences.

[16]  Salvatore Aurigemma,et al.  A Composite Framework for Behavioral Compliance with Information Security Policies , 2012, 2012 45th Hawaii International Conference on System Sciences.

[17]  Roberto J. Mejias An Integrative Model of Information Security Awareness for Assessing Information Systems Security Risk , 2012, 2012 45th Hawaii International Conference on System Sciences.

[18]  Omar F. El-Gayar,et al.  Security Policy Compliance: User Acceptance Perspective , 2012, 2012 45th Hawaii International Conference on System Sciences.

[19]  Holly Tootell,et al.  Information Security Awareness in Saudi Arabia , 2012, CONF-IRM.

[20]  Huwida Said,et al.  Experience with video games for security , 2012 .

[21]  Yair Levy,et al.  Initial Validation and Empirical Development of the Construct of Computer Security Self-Efficacy (CSSE) , 2012 .

[22]  Peter Draus,et al.  The Role of Demographic Characteristics in Health Care Strategic Security Planning , 2012, AMCIS.

[23]  Taizan Chan,et al.  Understanding And Measuring Information Security Culture , 2012, PACIS.

[24]  Nesren Waly,et al.  Measures for improving information security management in organisations: the impact of training and awareness programmes , 2012, UKAIS.

[25]  Lemuria Carter,et al.  The Role of Individual Characteristics on Insider Abuse Intentions , 2012, AMCIS.

[26]  M. Ekstedt,et al.  A Model for Investigating Organizational Impact on Information Security Behavior , 2012 .

[27]  Matus Korman,et al.  Conceptualization of Constructs for Shaping Information Security Behavior: Towards a Measurement Instrument , 2012 .

[28]  A. J. Gilbert Silvius,et al.  Factors influencing Non-Compliance behavior towards Information Security Policies , 2012, CONF-IRM.

[29]  K. Marett,et al.  Examining the Coping Appraisal Process in End User Security , 2012 .

[30]  M. Warkentin,et al.  Impact of Protection Motivation and Deterrence on IS Security Policy Compliance: A Multi-Cultural View , 2012 .

[31]  Ana Paula Cabral Seixas Costa,et al.  A Model for Evaluating Information Security with a Focus on the User , 2012, MCIS.

[32]  Omar F. El-Gayar,et al.  Information Security Policy Compliance: The Role of Information Security Awareness , 2012, AMCIS.

[33]  Frank Hadasch,et al.  Exploring Antecedent Environmental and Organizational Factors to User-Caused Information Leaks: a Qualitative Study , 2012, ECIS.

[34]  Alexandra Durcikova,et al.  On Not Falling for Phish: Examining Multiple Stages of Protective Behavior of Information System End-Users , 2012, ICIS.

[35]  Vishal Midha,et al.  The Impact of Training and Social Norms on Information Security Compliance: A Pilot Study , 2012, ICIS.

[36]  Ramzi El-Haddadeh,et al.  European Conference on Information Systems ( ECIS ) 5-15-2012 IMPLEMENTATION CHALLENGES FOR INFORMATION SECURITY AWARENESS INITIATIVES IN E-GOVERNMENT , 2017 .

[37]  Johan Van Niekerk,et al.  Combating Information Security Apathy By Encouraging Prosocial Organisational Behaviour , 2011, HAISA.

[38]  Dan Harnesk,et al.  Shaping security behaviour through discipline and agility , 2011 .

[39]  Jai-Yeol Son,et al.  Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies , 2011, Inf. Manag..

[40]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[41]  Stephen Flowerday,et al.  An assessment of the role of cultural factors in information security awareness , 2011, 2011 Information Security for South Africa.

[42]  Rossouw von Solms,et al.  Guidelines for the creation of brain-compatible cyber security educational material in Moodle 2.0 , 2011, 2011 Information Security for South Africa.

[43]  Mikko T. Siponen,et al.  Toward a New Meta-Theory for Designing Information Systems (IS) Security Training Approaches , 2011, J. Assoc. Inf. Syst..

[44]  Jing Fan,et al.  Study on e-government information misuse based on General Deterrence Theory , 2011, ICSSSM11.

[45]  Tejaswini Herath,et al.  A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings , 2011, Eur. J. Inf. Syst..

[46]  Yajiong Xue,et al.  Punishment, Justice, and Compliance in Mandatory IT Settings , 2011, Inf. Syst. Res..

[47]  Qing Hu,et al.  Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[48]  Jordan Shropshire,et al.  The influence of the informal social learning environment on information privacy policy compliance efficacy and intention , 2011, Eur. J. Inf. Syst..

[49]  Sherly Abraham,et al.  Information Security Behavior: Factors and Research Directions , 2011, AMCIS.

[50]  A. Deokar,et al.  Information Security Policy Compliance: A User Acceptance Perspective , 2011 .

[51]  Gen-Yih Liao,et al.  Exploring the Influences of Implementation Intention on Information Security Behaviors , 2011, AMCIS.

[52]  Alexandra Durcikova,et al.  Get a Cue on IS Security Training: Explaining the Difference between how Security Cues and Security Arguments Improve Secure Behavior , 2011, ICIS.

[53]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[54]  Hennie A. Kruger,et al.  A Vocabulary Test to Assess Information Security Awareness , 2010, Inf. Manag. Comput. Secur..

[55]  Yongge Wang,et al.  Constructivist Approach to Information Security Awareness in the Middle East , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[56]  S. K. Pandey,et al.  Research on software security awareness: problems and prospects , 2010, SOEN.

[57]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[58]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[59]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[60]  Henri Barki,et al.  User Participation in Information Systems Security Risk Management , 2010, MIS Q..

[61]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[62]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[63]  Eirik Albrechtsen,et al.  Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study , 2010, Comput. Secur..

[64]  Mo Adam Mahmood,et al.  Compliance with Information Security Policies: An Empirical Investigation , 2010, Computer.

[65]  Steven Furnell,et al.  An Analysis of Information Security Awareness within Home and Work Environments , 2010, 2010 International Conference on Availability, Reliability and Security.

[66]  Hiroshi Yasuda,et al.  Development of an E-learning Content-Making System for Information Security (ELSEC) and its Application to Anti-phishing Education , 2010, 2010 International Conference on e-Education, e-Business, e-Management and e-Learning.

[67]  Sean B. Maynard,et al.  Embedding Information Security Culture Emerging Concerns and Challenges , 2010, PACIS.

[68]  Allen C. Johnston,et al.  Reigning in the Remote Employee: Applying Social Learning Theory to Explain Information Security Policy Compliance Attitudes , 2010, AMCIS.

[69]  Jay F. Nunamaker,et al.  Encouraging Users to Behave Securely: Examining the Influence of Technical, Managerial, and Educational Controls on Users' Secure Behavior , 2010, ICIS.

[70]  Eirik Albrechtsen,et al.  Effects on employees' information security abilities by e-learning , 2009, Inf. Manag. Comput. Secur..

[71]  Erdem Uçar,et al.  The positive outcomes of information security awareness training in companies - A case study , 2009, Inf. Secur. Tech. Rep..

[72]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[73]  Adam Marks,et al.  A Comparative Study of Information Security Awareness in Higher Education Based on the Concept of Design Theorizing , 2009, 2009 International Conference on Management and Service Science.

[74]  Jie Zhang,et al.  Impact of perceived technical protection on security behaviors , 2009, Inf. Manag. Comput. Secur..

[75]  Izak Benbasat,et al.  Effects of Individual and Organization Based Beliefs and the Moderating Role of Work Experience on Insiders' Good Security Behaviors , 2009, 2009 International Conference on Computational Science and Engineering.

[76]  Qing Hu,et al.  User behaviour towards protective information technologies: the role of national cultural differences , 2009, Inf. Syst. J..

[77]  Björn Niehaves,et al.  Reconstructing the giant: On the importance of rigour in documenting the literature search process , 2009, ECIS.

[78]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[79]  Tero Vartiainen,et al.  What levels of moral reasoning and values explain adherence to information security rules? An empirical study , 2009, Eur. J. Inf. Syst..

[80]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[81]  Laurie J. Kirsch,et al.  If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security , 2009, Eur. J. Inf. Syst..

[82]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[83]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[84]  B. Venard Organizational Isomorphism and Corruption: An Empirical Research in Russia , 2009 .

[85]  Albert L. Harris,et al.  The impact of information richness on information security awareness training effectiveness , 2009, Comput. Educ..

[86]  Indira R. Guzman,et al.  Identifying Factors that Influence Corporate Information Security Behavior , 2009, AMCIS.

[87]  Izak Benbasat,et al.  Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance , 2009, AMCIS.

[88]  Evangelos A. Kiountouzis,et al.  Aligning Security Awareness With Information Systems Security Management , 2009, MCIS.

[89]  A. Hovav,et al.  Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures , 2009 .

[90]  Yacine Rezgui,et al.  Information security awareness in higher education: An exploratory study , 2008, Comput. Secur..

[91]  Hennie A. Kruger,et al.  Consensus ranking - An ICT security awareness case study , 2008, Comput. Secur..

[92]  Elmarie Biermann,et al.  Implementation of a Socially Engineered Worm to Increase Information Security Awareness , 2008, 2008 Third International Conference on Broadband Communications, Information Technology & Biomedical Applications.

[93]  Patricia A. H. Williams In a 'trusting' environment, everyone is responsible for information security , 2008, Inf. Secur. Tech. Rep..

[94]  Eirik Albrechtsen,et al.  Implementation and effectiveness of organizational information security measures , 2008, Inf. Manag. Comput. Secur..

[95]  Charlie C. Chen,et al.  A cross-cultural investigation of situational information security awareness programs , 2008, Inf. Manag. Comput. Secur..

[96]  Elmarie Kritzinger,et al.  Information security management: An information security retrieval and awareness model for industry , 2008, Comput. Secur..

[97]  Princely Ifinedo,et al.  IT Security and Privacy Issues in Global Financial Services Institutions: Do Socio-Economic and Cultural Factors Matter? , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[98]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[99]  Evangelos A. Kiountouzis,et al.  Investigating Information Security Awareness: Research and Practice Gaps , 2008, Inf. Secur. J. A Glob. Perspect..

[100]  Dong Hu,et al.  Teaching Computer Security using Xen in a Virtual Environment , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[101]  Tai-hoon Kim,et al.  Investigation of Stakeholders Commitment to Information Security Awareness Programs , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[102]  Lorne Olfman,et al.  Improving End User Behaviour in Password Utilization: An Action Research Initiative , 2008 .

[103]  Mahbubur Rahim,et al.  IT Security Expert’s Presentation and Attitude Changes of End-Users Towards IT Security Aware Behaviour: A Pilot Study , 2008 .

[104]  Khaled A. Alshare,et al.  A Conceptual Model for Explaining Violations of the Information Security Policy (ISP): A Cross Cultural Perspective , 2008, AMCIS.

[105]  Juhani Heikka,et al.  A Constructive Approach to Information Systems Security Training: An Action Research Experience , 2008, AMCIS.

[106]  Atreyi Kankanhalli,et al.  Processing Information Security Messages: An Elaboration Likelihood Perspective , 2008, ECIS.

[107]  Malcolm Robert Pattinson,et al.  How well are information risks being communicated to your computer end-users? , 2007, Inf. Manag. Comput. Secur..

[108]  S. Woodhouse,et al.  Information Security: End User Behavior and Corporate Culture , 2007, 7th IEEE International Conference on Computer and Information Technology (CIT 2007).

[109]  Qing Hu,et al.  The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies , 2007, J. Assoc. Inf. Syst..

[110]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[111]  Mikko T. Siponen,et al.  Which Factors Explain Employees' Adherence to Information Security Policies? An Empirical Study , 2007, PACIS.

[112]  Ronald C. Dodge,et al.  Phishing for user security awareness , 2007, Comput. Secur..

[113]  Hennie A. Kruger,et al.  Value-focused assessment of ICT security awareness in an academic environment , 2007, Comput. Secur..

[114]  Cynthia E. Irvine,et al.  A video game for cyber security training and awareness , 2007, Comput. Secur..

[115]  Michael Workman,et al.  Punishment and ethics deterrents: A study of insider security contravention , 2007, J. Assoc. Inf. Sci. Technol..

[116]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[117]  Hyeun-Suk Rhee,et al.  Out of Fear or Desire: Why do Employees Follow Information Systems Security Policies? , 2007, AMCIS.

[118]  James Ryan,et al.  Information Security Awareness: An Evaluation among Business Students with Regard to Computer Self-efficacy and Personal Innovation , 2007, AMCIS.

[119]  Laurie J. Kirsch,et al.  The Last Line of Defense: Motivating Employees to Follow Corporate Security Guidelines , 2007, ICIS.

[120]  Sharman Lichtenstein,et al.  Fostering Information Security Culture in Small and Medium Size Enterprises: An Interpretive Study in Australia , 2007, ECIS.

[121]  Michael Rosemann,et al.  Toward Improving the Relevance of Information Systems Research to Practice: The Role of Applicability Checks , 2008, MIS Q..

[122]  Mo Adam Mahmood,et al.  A New Model for Understanding Users' IS Security Compliance , 2006, PACIS.

[123]  Qing Chang,et al.  How Low Should You Go? Low Response Rates and the Validity of Inference in IS Questionnaire Research , 2006, J. Assoc. Inf. Syst..

[124]  Hennie A. Kruger,et al.  A prototype for assessing information security awareness , 2006, Comput. Secur..

[125]  P. Sheeran,et al.  Does changing behavioral intentions engender behavior change? A meta-analysis of the experimental evidence. , 2006, Psychological bulletin.

[126]  Qing Hu,et al.  User behavior toward preventive technologies - cultural differences between the United States and South Korea , 2006, ECIS.

[127]  Srinivasan V. Rao,et al.  Security Cultures in Organizations: A Theoretical Model , 2006, AMCIS.

[128]  Janis Warner Towards Understanding User Behavioral Intentions to Use IT Security: Examining the Impact of IT Security Psychological Climate and Individual Beliefs , 2006, AMCIS.

[129]  Jordan Shropshire,et al.  Personality and IT security: An application of the five-factor model , 2006, AMCIS.

[130]  Sriraman Ramachandran,et al.  Influences on Espoused and Enacted Security Cultures in Organizations , 2006, AMCIS.

[131]  John Ng'ang'a Gathegi,et al.  Information System Security: Self-Efficacy and Implementation Effectiveness , 2006, AMCIS.

[132]  Gurpreet Dhillon,et al.  Information Systems Security Governance Research : A Behavioral Perspective , 2006 .

[133]  Yair Levy,et al.  Towards a Framework of Literature Review Process in Support of Information Systems Research , 2006 .

[134]  Robert Willison,et al.  Understanding the perpetration of employee computer crime in the organisational context , 2006, Inf. Organ..

[135]  Irene M. Y. Woon,et al.  Forthcoming: Journal of Information Privacy and Security , 2022 .

[136]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[137]  Wm. Arthur Conklin,et al.  Modeling End User Behavior to Secure a PC in a Unmanaged Environment , 2005, AMCIS.

[138]  Jan vom Brocke,et al.  Security Awareness Management - Konzeption, Methoden und Anwendung , 2005, Wirtschaftsinformatik.

[139]  Helmut Krcmar,et al.  Beyond Technical Aspects of Information Security: Risk Culture as a Success Factor for IT Risk Management , 2005, AMCIS.

[140]  Sang M. Lee,et al.  An integrative model of computer abuse based on social control and general deterrence theories , 2004, Inf. Manag..

[141]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[142]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[143]  A. Adam Whatever happened to information systems ethics? Caught between the devil and the deep blue sea , 2004 .

[144]  Jeffrey M. Stanton,et al.  Behavioral Information Security: Two End User Survey Studies of Motivation and Security Practices , 2004, AMCIS.

[145]  Anat Hovav,et al.  The Role of Individual Characteristics on the Effectiveness of IS Security Countermeasures , 2004, AMCIS.

[146]  Indira R. Guzman,et al.  Examining the linkage between organizational commitment and information security , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[147]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[148]  Moez Limayem,et al.  Force of Habit and Information Systems Usage: Theory and Initial Validation , 2003, J. Assoc. Inf. Syst..

[149]  Kregg Aytes,et al.  A Research Model for Investigating Human Behavior Related to Computer Security , 2003, AMCIS.

[150]  Steven Furnell,et al.  A prototype tool for information security awareness and training , 2002 .

[151]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[152]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[153]  P. Chia Exploring Organisational Security Culture : Developing a comprehensive research model , 2002 .

[154]  Mikko T. Siponen,et al.  Five dimensions of information security awareness , 2001, CSOC.

[155]  Lori N. K. Leonard,et al.  Illegal, Inappropriate, And Unethical Behavior In An Information Technology Context: A Study To Explain Influences , 2001, J. Assoc. Inf. Syst..

[156]  Mikko T. Siponen,et al.  Critical analysis of different approaches to minimizing user-related faults in information systems security: implications for research and practice , 2000, Inf. Manag. Comput. Secur..

[157]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[158]  Ritu Agarwal,et al.  A Conceptual and Operational Definition of Personal Innovativeness in the Domain of Information Technology , 1998, Inf. Syst. Res..

[159]  I. Ajzen,et al.  A Comparison of the Theory of Planned Behavior and the Theory of Reasoned Action , 1992 .

[160]  I. Ajzen The theory of planned behavior , 1991 .

[161]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[162]  Fred D. Davis,et al.  User Acceptance of Computer Technology: A Comparison of Two Theoretical Models , 1989 .

[163]  P. M. Podsakoff,et al.  Self-Reports in Organizational Research: Problems and Prospects , 1986 .

[164]  R. Rogers Cognitive and physiological processes in fear appeals and attitude change: a revised theory of prote , 1983 .

[165]  A. Bandura Self-efficacy mechanism in human agency. , 1982 .

[166]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[167]  D. L. Beggs,et al.  Measurement and evaluation in the schools , 1974 .