A third stream of research has examined ways
to improve end user compliance with an organization's information security policies (D'Arcy et al. 2009;
Bulgurcu et al. 2010; Johnston andWarkentin 2010; Siponen and Vance 2010; Spears and Barki 2010).
Little attention, however, has been paid to the operational aspects of information security governance
(Dhillon et al. 2007).