Studies | Exogenous variable | Endogenous variable | Dependent variable |
---|---|---|---|
Straub [13] | Deterrent certainty, deterrent severity | Â | Computer abuse |
Kankanhalli et al. [42] | Deterrent efforts, deterrent severity, preventive efforts | Â | IS security effectiveness |
Lee et al. [43] | Security policy, security awareness, security systems | Self-defense intention | Abuse by invaders/insiders |
Pahnila et al. [36] | Sanctions | Intention to comply with IS security policy | Actual compliance of IS security policy |
Herath & Rao [15] | Severity of penalty, Certainty of detection | Â | Policy compliance intention |
Herath & Rao [16] | Punishment severity, deterrent certainty, security policy attitude | Â | SPCI |
D’Arcy et al. [14] | Security policy, security education, training, and awareness program, computer monitoring | Perceived certainty of sanction, Perceived severity of sanction | IS misuse intention |
D’Arcy & Hovav [39] | Security policy, security education, training, and awareness program, computer monitoring |  | IS misuse intention |
Li et al. [41] | Detection probability, Sanction severity | Â | Internet use policy compliance intention |
Siponen et al. [38] | Deterrence | Â | Actual compliance of information security policy |
Hu et al. [37] | Perceived certainty of sanction, perceived severity of sanction, perceived celerity of sanctions | Â | Intention to commit violation |
Siponen & Vance [46] | Formal sanction, Informal sanction | Â | Intention to violate IS security policy |
Xue et al. [56] | Actual punishment | Punishment expectancy, perceived justice of punishment | Compliance intention |
Guo et al. [57] | Attitude toward security policy, perceived sanction, perceived deterrent certainty | Attitude toward non-malicious security violation | Non-malicious security violation intention |
Son [58] | Perceived deterrent certainty, perceived deterrent severity | Â | Compliance of IS security policy |
Hovav & D’Arcy [17] | Procedural countermeasure, technical countermeasure | Perceived certainty of sanction, perceived severity of sanction, moral belief | IS misuse intention |
Guo & Yuan [19] | Organizational sanction, workgroup sanction | Personal self-sanction | Intention of information security violation |
D’Arcy & Devarja [59] | Certainty*severity |  | Technology misuse intention |
Chen et al. [60] | Punishment, certainty of control | Â | Intention to comply with IS security policy |
Cheng et al. [61] | Perceived certainty, perceived severity | Â | IS security policy violation intention |