ORX, "Operational Risk Loss Report 2012," Operational Risk eXchange Association2013.
 S. Jahner and H. Krcmar, "Beyond Technical Aspects of Information Security: Risk Culture as a Success Factor for IT Risk Management," in Americas Conference on Information Systems (11th AMCIS), Omaha, NE, 2005.
 M. Warkentin and R. Willison, "Behavioral and policy issues in information systems security: the insider threat," European Journal of Information Systems, vol. 18, pp. 101-105, 2009.
 A. J.-T. Chang and Q.-J. Yeh, "On security preparations against possible IS threats across industries," Information Management & Computer Security, vol. 14, pp. 343-360, 2006.
 S. Bauer, E. W. N. Bernroider, and K. Chudzikowski, "End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study," in AIS SIGSEC Workshop on Information Security & Privacy (WISP2013), Milano, 2013.
 R. S. Shaw, C. C. Chen, A. L. Harris, and H.-J. Huang, "The impact of information richness on information security awareness training effectiveness," Computers & Education, vol. 52, pp. 92-100, 2009.
 M. Siponen and A. Vance, "Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations," MIS Quarterly, vol. 34, pp. 487-502, 2010.
 M. Warkentin, D. Straub, and K. Malimage, "Featured Talk: Measuring Secure Behavior: A Research Commentary," presented at the Annual Symposium of Information Assurance & Secure Knowledge Management, Albany, NY, 2012.
 R. Ferguson, "Word of mouth and viral marketing: taking the temperature of the hottest trends in marketing," Journal of Consumer Marketing, vol. 25, pp. 179-182, 2008.
 K. Nelson-Field, E. Riebe, and K. Newstead, "The emotions that drive viral video," Australasian Marketing Journal (AMJ), vol. 21, pp. 205-211, 2013.
 R. D. Waters and P. M. Jones, "Using Video to Build an Organization's Identity and Brand: A Content Analysis of Nonprofit Organizations' YouTube Videos," Journal of Nonprofit & Public Sector Marketing, vol. 23, pp. 248-268, 2011.
 A. Dobele, A. Lindgreen, M. Beverland, J. Vanhamme, and R. van Wijk, "Why pass on viral messages? Because they connect emotionally," Business Horizons, vol. 50, pp. 291-304, 2007.
 P. Ifinedo, "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, vol. 31, pp. 83-95, 2012.
 R. E. Guadagno, D. M. Rempala, S. Murphy, and B. M. Okdie, "What makes a video go viral? An analysis of emotional contagion and Internet memes," Computers in Human Behavior, vol. 29, pp. 2312-2319, 2013.
 S.-P. Oriyano and R. Shimonski, "Mobile Attacks," Client-Side Attacks and Defense, pp. 223-241, 2012.
 T. Sommestad and J. Hallberg, "A review of the theory of planned behaviour in the context of information security policy compliance," in International Information Security and Privacy Conference, 2013.
 S. Bauer and E. W. N. Bernroider, "An Analysis of the Combined Influences of Neutralization and Planned Behavior on Desirable Information Security Behavior," presented at the 13th Annual Security Conference, Las Vegas, 2014.
 J. Webster and R. T. Watson, "Analyzing the Past to Prepare for the Future: Writing a Literature Review," MIS Quarterly, vol. 26, pp. xiii-xxiii, 2002.
 A. Hevner and S. Chatterjee, Design Research in Information Systems: Springer, 2010.
 K. Peffers, T. Tuunanen, M. Rothenberger, and S. Chatterjee, "A Design Science Research Methodology for Information Systems Research," Journal of Management Information Systems, vol. 24, pp. 45-78, 2007.
 E. Albrechtsen and J. Hovden, "Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study," Computers & Security, vol. 29, pp. 432-445, 2010.
 M. Sarstedt, C. M. Ringle, and J. F. Hair, "PLS-SEM: Indeed a Silver Bullet," The Journal of Marketing Theory and Practice, vol. 19, pp. 139-152, 2011.