What factors influence an organizations decisions to hire information security professionals?

Al-Darwish, A.I. and Choe, P. (2019), “A framework of information security integrated with human factors”, in Moallem, A. (Ed.), HCI for Cybersecurity, Privacy and Trust, , Springer, Cham, Vol. 11594.

Alfawaz, S., Nelson, K. and Mohannak, K. (2010), “Information security culture: a behaviour compliance conceptual framework”, Paper Presented at the 8th Australasian Information Security Conference, Brisbane, Australia, 2010, pp. 47-55.

Årstad, I. and Aven, T. (2017), “Managing major accident risk: concerns about complacency and complexity in practice”, Safety Science, Vol. 91, pp. 114-121.

Ashenden, D. and Sasse, M.A. (2013), “CISOs and organisational culture: their own worst enemy?”, Computers and Security, Vol. 39, pp. 396-405.

Beautement, A., Becker, I., Parkin, S., Krol, K. and Sasse, M.A. (2016), “Productive security: a scalable methodology for analysing employee security behaviours”, Proceedings of the SPOUPS, USENIX Association.

Beus, J., Payne, S., Bergman, M. and Arthur, W. (2010), “Safety climate and injuries: an examination of theoretical and empirical relationships”, Journal of Applied Psychology, Vol. 95, pp. 713-727.

Braun, V. and Clarke, V. (2006), “Using thematic analysis in psychology”, Qualitative Research in Psychology, Vol. 3, pp. 77-101.

Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010), “Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness”, MIS Quarterly, Vol. 34, pp. 523-548.

Christian, M.J., Bradley, J., Wallace, J. and Burke, M. (2009), “Workplace safety: a meta-analysis of the roles of person and situational factors”, Journal of Applied Psychology, Vol. 95, pp. 1103-1127.

Chulkov, D.V. (2017), “Escalation of commitment and information security: theories and implications”, Information and Computer Security, Vol. 25, pp. 580-592.

da Veiga, A. and Martins, N. (2017), “Defining and identifying dominant information security cultures and subcultures”, Computers and Security, Vol. 70, pp. 72-94.

Dang-Pham, D. and Pittayachawan, S. (2015), “Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: a protection motivation theory approach”, Computers and Security, Vol. 48, pp. 281-297.

Dor, D. and Elovici, Y. (2016), “A model of the information security investment decision-making process”, Computers and Security, Vol. 63, pp. 1-13.

Druskat, U.V. and Wheeler, J.V. (2003), “Managing from the boundary: the effective leadership of self-managing work teams”, Academy of Management Journal, Vol. 46, pp. 435-457.

D'Arcy, J., Herath, T. and Shoss, M.K. (2014), “Understanding employee responses to stressful information security requirements: a coping perspective”, Journal of Management Information Systems, Vol. 31, pp. 285-318.

ENISA (European Union Agency for Network and Information Security) (2018), “Cybersecurity culture guidelines: behavioural aspects of cybersecurity”, www.ensisa.europa.eu.

Festinger, L. (1954), “A theory of social comparison processes”, Human Relations, Vol. 7, pp. 117-140.

Flanagan, J.C. (1954), “The critical incident technique”, Psychological Bulletin, Vol. 51, pp. 327-358.

Grill, M. and Nielsen, K. (2019), “Promoting and impeding safety: a qualitative study into direct and indirect safety leadership practices of construction site managers”, Safety Science, Vol. 114, pp. 148-159.

Grote, G. (2009), “Coordination in high-risk organizations: the need for flexible routines”, Cognition, Technology and Work, Vol. 11, pp. 17-27.

Grote, G. (2012), “Safety management in different high-risk domains – all the same?”, Safety Science, Vol. 50, pp. 1983-1992.

Grote, G. (2015), “Promoting safety by increasing uncertainty: implications for risk management”, Safety Science, Vol. 71, pp. 71-79.

Hallberg, J., Johansson, P., Karlsson, F., Lundberg, F., Lundgren, B. and Törner, M. (Eds) (2017), Informationssäkerhet Och Organisationskultur [Information Security and Organizational Culture], Studentlitteratur, Lund.

Hamer, R., Waterson, P. and Jun, T. (2021), “Human factors and nuclear safety since 1970 – a critical review of the past, present and future”, Safety Science, Vol. 133, .

Hooper, V. and Blunt, C. (2019), “Factors influencing the information security behaviour of IT employees”, Behaviour and Information Technology, Vol. 39, pp. 862-874.

Hwang, I. and Cha, O. (2018), “Examining technostress creators and role stress as potential threats to employees' information security compliance”, Computers in Human Behaviour, Vol. 81, pp. 282-293.

ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) (2013), Information Technology Security Techniques Code of Practice for Information Security Management, http://docplayer.net/668061-Information-technology-security-techniques-code-of-practicefor-information-security-controls.html ( 10 May 2018).

Jackson, J. (2017), Coworker Influence upon Individual Internalization of Safety, , Carleton University, Ottawa.

Karlsson, F., Karlsson, M. and Åström, J. (2017), “Measuring employees' compliance – the importance of value pluralism”, Information and Computer Security, Vol. 25, pp. 279-299.

Khatib, R. and Barki, H. (2020), “An activity theory approach to information security non-compliance”, Information and Computer Security, Vol. 28, pp. 485-501.

Kirlappos, I., Parkin, S. and Sasse, M.A. (2015), “‘Shadow security’ as a tool for the learning organization”, Computers and Society, Vol. 45, pp. 29-37.

Lankton, N., Stivason, C. and Gurung, A. (2019), “Information protection behaviours: morality and organizational criticality”, Information and Computer Security, Vol. 27, pp. 468-488.

McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M. and Malcolm Pattinson, M. (2017), “Individual differences and information security awareness”, Computers in Human Behaviour, Vol. 69, pp. 151-156.

Organ, D. (1988), Organizational Citizenship Behavior: the Good Soldier Syndrome, Lexington Books, Lexington.

Organ, W.D. (1997), “Organizational citizenship behavior: it's construct clean-up time”, Human Performance, Vol. 10, pp. 85-97.

Patton, M.Q. (1990), Qualitative Evaluation and Research Methods, Sage, Thousand Oaks, CA.

Pérez-González, D., Preciado, S.T. and Solana-Gonzalez, P. (2019), “Organizational practices as antecedents of the information security management performance: an empirical investigation”, Information Technology and People, Vol. 32, pp. 1262-1275.

Pfleeger, S.L., Sasse, M.A. and Furnham, A. (2014), “From weakest link to security hero: transforming staff security behaviour”, Journal of Homeland Security and Emergency Management, Vol. 11, pp. 489-510.

Pousette, A. (2001), Feedback and Stress in Human Service organisationsDep of Psychology, University of Gothenburg, Gothenburg, .

Ripamonti, S.C. and Scaratti, G. (2015), “Safety learning, organizational contradictions and the dynamics of safety practice”, Journal of Workplace Learning, Vol. 27, pp. 530-560.

Schneider, B. (1975), “Organizational climates: an essay”, Personnel Psychology, Vol. 28, pp. 447-479.

Schneider, B. (1990), Organizational Climate and Culture, Jossey-Bass Publishers, San Francisco.

Schneider, B., Gonzales-Roma, V., Ostroff, C. and West, M. (2017), “Organizational climate and culture: reflections on the history of the construct in JAP”, Journal of Applied Psychology, Vol. 102, pp. 468-482, .

Schneider, B. and Reichers, A.E. (1983), “On the etiology of climates”, Personnel Psychology, Vol. 36, pp. 19-39.

Smith, W. and Lewis, M. (2011), “Toward a theory of paradox: a dynamic equilibrioum model of organizing”, Academy of Management Review, Vol. 36, pp. 381-403.

Sommestad, T. (2018), “Work-related groups and information security policy compliance”, Information and Computer Security, Vol. 26, pp. 533-550.

Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J. (2014), “Variables influencing information security policy compliance: a systematic review of quantitative studies”, Information Management and Computer Security, Vol. 22, pp. 42-75.

Tracy, S.J. (2004), “Dialectic, contradiction, or double bind? Analyzing and theorizing employee reactions to organizational tension”, Journal of Applied Communication Research, Vol. 32, pp. 119-146.

Weick, K. (1995), Sensemaking in Organizations, Sage, Thousand Oaks, CA.

Willig, C. (2013), Introducing Qualitative Research in Psychology, McGraw-Hill Education, London.

Wood, C. (2004), “Why information security is now multi-disciplinary, multi-departmental, and multi-organizational in nature”, Computer Fraud and Security, Vol. 1, pp. 16-17.