Conceptual inconsistencies in variable definitions and measurement items within ISP non-/compliance research : A systematic literature review

Gerdin, Marcus; Grönlund, Åke; Kolkowska, Ella

oru.seÖrebro University Publications

Simple search

Advanced search -
Research publications Advanced search -
Student theses Statistics

English Svenska Norsk

Change search

Cite ExportLink to record

Permanent link

https://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-119696

Direct link

http://oru.diva-portal.org/smash/record.jsf?pid=diva2:1944836

Cite

Citation style

apa
ieee
modern-language-association-8th-edition
vancouver
Other style

More styles

Language

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Other locale

More languages

Output format

html
text
asciidoc
rtf

Conceptual inconsistencies in variable definitions and measurement items within ISP non-/compliance research: A systematic literature review

Gerdin, Marcus

Örebro University, Örebro University School of Business.ORCID iD: 0000-0003-0658-4548

Grönlund, Åke

Örebro University, Örebro University School of Business.ORCID iD: 0000-0002-3713-346X

Kolkowska, Ella

Örebro University, Örebro University School of Business.

2025 (English)In: Computers & Security, ISSN 0167-4048, E-ISSN 1872-6208, Vol. 152, article id 104365Article, review/survey (Refereed) Published

Abstract [en]

The rich stream of research focusing on employee non-/compliance with information security policies (ISPs) suffers from inconsistent results. Attempts to explain such inconsistencies have included investigation of possible contextual moderating factors. Another promising, yet not systematically investigated, explanation concerns conceptual inconsistencies in variable definitions and in questionnaire measurement items. Based on a systematic literature review covering 36 ISP non-/compliance articles using Protection Motivation Theory (PMT) and/or Theory of Planned Behavior (TPB), we found four major types of conceptual inconsistencies and unclarities within and across studies; (i) inconsistencies in variable definitions; (ii) inconsistencies between variable measurement items; (iii) inconsistencies between variable definitions and measurement items; and (iv) unclearly/vaguely worded measurement items. The review contributes to the field by demonstrating that the inconsistent results in the field may not only be due to unknown contextual moderators, but also to conceptual incongruences within and across studies.

Place, publisher, year, edition, pages

Elsevier, 2025. Vol. 152, article id 104365

Keywords [en]

Information security policy, Protection motivation theory, Theory of planned behavior, Variable properties, Non-compliance

National Category

Information Systems, Social aspects

Identifiers

URN: urn:nbn:se:oru:diva-119696DOI: 10.1016/j.cose.2025.104365ISI: 001428697400001Scopus ID: 2-s2.0-85217911678OAI: oai:DiVA.org:oru-119696DiVA, id: diva2:1944836

Available from: 2025-03-17 Created: 2025-03-17 Last updated: 2025-03-17Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Gerdin, Marcus Grönlund, Åke Kolkowska, Ella

Search in DiVA

doi

urn-nbn

Total: 6 hits

Cite ExportLink to record

Permanent link

https://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-119696

Direct link

http://oru.diva-portal.org/smash/record.jsf?pid=diva2:1944836

Cite

Citation style

apa
ieee
modern-language-association-8th-edition
vancouver
Other style

More styles

Language

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Other locale

More languages

Output format

html
text
asciidoc
rtf

v. 2.46.0

WCAG

Örebro University Library

DiVA Portal

DiVA Log in

To Örebro University

Gerdin, Marcus

Grönlund, Åke

Kolkowska, Ella

Abstract [en]

Place, publisher, year, edition, pages

Keywords [en]

National Category

Identifiers

Open Access in DiVA

Other links

Authority records

Search in DiVA

By author/editor

By organisation

In the same journal

On the subject

Search outside of DiVA

Altmetric score