IS Security and Privacy
Permanent URI for this collectionhttps://hdl.handle.net/10125/112513
Browse
Recent Submissions
Item type: Item , Now and Later? Comparing a Nomothetic and Idiographic Analysis of Cybersecurity Fatigue(2026-01-06) Cram, W. Alec; D'Arcy, John; Benlian, AlexanderFrom receiving phishing warnings to participating in required training sessions, today’s workers are inundated with a seemingly endless flow of cybersecurity-related activities. For some, this encumbrance can lead to feelings of fatigue, an increased susceptibility to ignore cybersecurity requirements, and engagement in workarounds. However, the extent that cybersecurity fatigue phenomena fluctuate over time remains unclear, despite the notable consequences for organizational risk. In response, we conducted a three-wave, repeated measures survey over a period of seven months, then compared the nomothetic (cross-sectional, between-person) results at wave 1 with the idiographic (longitudinal, within-person) results spanning waves 1-3. Together, the analysis reveals conflicting theoretical conclusions; namely, that only two of the four significant relationships at wave 1 were significant over waves 1-3. We draw on ego-depletion theory as a preliminary theoretical explanation for this finding and highlight paths for future inquiry.Item type: Item , The Framing Effect in Privacy Management Tools(2026-01-06) Aleem, Usman; Cavusoglu, Hasan; Benbasat, Izak; Al Natour, SamehThe study explores the influence of privacy management tools on privacy decision making in online social networks. We specifically examine the role of framing effects in biasing users’ decisions to share information. A theoretical model of the effects of different types of frames embedded within information sharing tools, as well as the roles of tie strength and information sensitivity is tested in a controlled experiment. The results indicate that privacy tools influence individuals’ sharing behavior and can induce greater disclosure depending on the frame they employ. Furthermore, tie strength and information sensitivity are also found to affect sharing behavior.Item type: Item , Going the ‘Extra’ Mile: The Role of Sensemaking in Extra-Role Security Behaviors(2026-01-06) Asyali, Ayse Nur; Tharwat, Ayah; Frank, Muriel; Jaeger, LennartAs organizations are increasingly challenged by evolving information security threats that demand more than employee compliance to address, interest has grown in understanding extra-role security behaviors (ERSBs)—voluntary actions employees take beyond formal security policies that benefit organizations' security. Despite this interest, theoretical understanding of the individual and organizational factors that shape the cognitive process motivating such behaviors remains limited. Drawing on the lens of sensemaking, this study develops a theoretical framework presenting the process by which employees navigate organizational ambiguity and engage in ERSBs. Based on 40 in-depth interviews, our findings highlight the critical roles of security culture as organizational antecedent as well as cognitive frames and emotions as individual antecedents on the sensemaking process, ultimately influencing ERSBs. Using these insights, organizations and practitioners can better design and communicate policies, promote security dialogue, and build a security-forward environment that encourages ERSBs across all organizational roles.Item type: Item , Introduction to the Minitrack on IS Security and Privacy(2026-01-06) Johnston, Allen; Vance, Anthony; Warkentin, Merrill; Renaud, Karen