The introduction of information security regulations is a key element in the efforts of organizations to achieve a high level of information security. In order for information security regulations to contribute to improved information security, the users have to comply with them. Therefore, it is crucial to know: What affects whether the users comply with the information security regulations? A number of research studies have been performed in order to identify what affects the compliance. Some of these studies include quantitative results regarding how different factors affect the information security regulations compliance. This report presents a meta-analysis based on published quantitative studies in order to create a consolidated view of the importance of various factors. Based on the results of the meta-analysis nine questions are addressed, including the following examples: Who will benefit from this information? Anyone who creates security regulations or tries to ensure that they are complied with will benefit from this information. Which scientific theory is best to start from? There is no clear answer, but the Theory of planned behavior seems to explain the most, while Deterrence theory explains the least. Why do the scientific theories explain such a small part of the behavior? Human behavior is complex and the theories attempt to explain it with only a few variables. There are also measurement problems and weaknesses in the studies. What should be done to improve the compliance? Focus should be on the factors that seem important, such as norms and attitudes related to the regulations. Are there any problems concerning the quality of the studies? There are several weaknesses and problems with the studies, such as a lack of methods for the selection of respondents. Which scientific theory do the Swedish Armed Forces use today? It seems to be a combination of Deterrence Theory and Protection Motivation Theory. Do the policies themselves affect whether they are complied with? The relevance is important, but how the policies are formulated and communicated seems to be irrelevant when these factors have been investigated.