1.
Safa, N.S.: Human Aspects of Information Security in Organisations. Computer Fraud & Security. 2016, 15–18 (2016). https://doi.org/10.1016/S1361-3723(16)30017-3.
2.
Smith, G.M.: Into Cerberus’ Lair: Bringing the Idea of Security to Light. The British Journal of Politics and International Relations. 7, 485–507 (2005). https://doi.org/10.1111/j.1467-856x.2005.00204.x.
3.
Leeuw, K. de, Bergstra, J.A.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007).
4.
Leeuw, K. de, Bergstra, J.A.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007).
5.
Öqvist, K.L.: Hands-On Guide to GDPR Compliance: Privacy by Design, Privacy by Default. International Association for Privacy Professionals, Portsmouth, NH (2018).
6.
Warren, S.D., Brandeis, L.D.: The Right to Privacy. Harvard Law Review. 4, (1890). https://doi.org/10.2307/1321160.
7.
Herath, T., Rao, H.R.: Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems. 18, 106–125 (2009). https://doi.org/10.1057/ejis.2009.6.
8.
Cho, H., Lee, J.-S., Chung, S.: Optimistic Bias About Online Privacy Risks: Testing the Moderating Effects of Perceived Controllability and Prior Experience. Computers in Human Behavior. 26, 987–995 (2010). https://doi.org/10.1016/j.chb.2010.02.012.
9.
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly. 34, (2010). https://doi.org/10.2307/25750690.
10.
Hovav, A., D’Arcy, J.: Applying an Extended Model of Deterrence Across Cultures: An Investigation of Information Systems Misuse in the U.S. and South Korea. Information & Management. 49, 99–110 (2012). https://doi.org/10.1016/j.im.2011.12.005.
11.
Herath, T., Rao, H.R.: Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness. Decision Support Systems. 47, 154–165 (2009). https://doi.org/10.1016/j.dss.2009.02.005.
12.
Ifinedo, P.: Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Computers & Security. 31, 83–95 (2012). https://doi.org/10.1016/j.cose.2011.10.007.
13.
Ciampa, M.D.: Security Awareness: Applying Practical Security in Your World. Cengage Learning, Australia (2017).
14.
Wilson, M., Hash, J.: Building an Information Technology Security Awareness and Training Program, https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=151287.
15.
Adams, A., Sasse, M.A.: Users Are Not the Enemy. Communications of the ACM. 42, 40–46 (1999). https://doi.org/10.1145/322796.322806.
16.
Arıcak, O.T., Dündar, Ş., Saldaña, M.: Mediating Effect of Self-Acceptance Between Values and Offline/online Identity Expressions Among College Students. Computers in Human Behavior. 49, 362–374 (2015). https://doi.org/10.1016/j.chb.2015.03.025.
17.
Pfleeger, S.L., Sasse, M.A., Furnham, A.: From Weakest Link to Security Hero: Transforming Staff Security Behavior. Journal of Homeland Security and Emergency Management. 11, (2014). https://doi.org/10.1515/jhsem-2014-0035.
18.
Colwill, C.: Human Factors in Information Security: The Insider Threat – Who Can You Trust These Days? Information Security Technical Report. 14, 186–196 (2009). https://doi.org/10.1016/j.istr.2010.04.004.
19.
Öqvist, K.L.: Hands-On Guide to GDPR Compliance: Privacy by Design, Privacy by Default. International Association for Privacy Professionals, Portsmouth, NH (2018).
20.
Dennedy, M.F., Fox, J., Finneran, T.R.: The Privacy Engineer’s Manifesto: Getting From Policy to Code to QA to Value. Apress Open, [Place of publication not identified] (2014).
21.
Wright, D., Hert, P. de eds: Privacy Impact Assessment. Springer, Dordrecht (2012).
22.
Clarke, R.: Privacy Impact Assessment: Its Origins and Development. Computer Law & Security Review. 25, 123–135 (2009). https://doi.org/10.1016/j.clsr.2009.02.002.
23.
Acquisti, A., Grossklags, J.: Privacy and Rationality in Individual Decision Making. IEEE Security and Privacy Magazine. 3, 26–33 (2005). https://doi.org/10.1109/MSP.2005.22.
24.
Johnston, Warkentin: Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly. 34, (2010). https://doi.org/10.2307/25750691.
25.
Sharman, R., Gupta, M.: Social and Human Elements of Information Security: Emerging Trends and Countermeasures. Information Science Reference, Hershey, Pa (2008).
26.
Gupta, M., Sharman, R.: Social and Human Elements of Information Security: Emerging Trends and Countermeasures. Information Science Reference, Hershey, PA (2009).
27.
Magnusson, J.: Intentional Decentralization and Instinctive Centralization. Information Resources Management Journal. 26, 1–17 (2013). https://doi.org/10.4018/irmj.2013100101.
28.
Cialdini, R.B.: Influence: The Psychology of Persuasion. Collins, New York (2007).
29.
Cialdini, R.B.: Influence: The Psychology of Persuasion. Collins, New York (2009).
30.
Okenyi, P.O., Owens, T.J.: On the Anatomy of Human Hacking. Information Systems Security. 16, 302–314 (2007). https://doi.org/10.1080/10658980701747237.
31.
Hadnagy, C.: Social Engineering: The Art of Human Hacking. John Wiley & Sons (2010).
32.
Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley, Indianapolis, Ind (2011).
33.
Mitnick, K.D., Simon, W.L.: Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker. Little, Brown, New York (2011).
34.
Da Veiga, A., Eloff, J.H.P.: A Framework and Assessment Instrument for Information Security Culture. Computers & Security. 29, 196–207 (2010). https://doi.org/10.1016/j.cose.2009.09.002.
35.
Dourish, P., Anderson, K.: Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena. Human-Computer Interaction. 21, 319–342 (2006). https://doi.org/10.1207/s15327051hci2103_2.
