Innovative Behavioral IS Security and Privacy Research
Permanent URI for this collection
Browse
Recent Submissions
1 - 10 of 10
-
ItemDefending Organizational Assets: A Preliminary Framework for Cybersecurity Success and Knowledge Alignment( 2020-01-07)Cybersecurity governance is a critical issue for organizations engaging in a constant struggle for success in protecting their data, brand, customers, and other assets from malignant actors. The nature of what constitutes successful cybersecurity practices and governance, however, is not yet clear, in part because an appropriate measure for cybersecurity success is not likely to be singular or simple. In this qualitative study, we explore perspectives of cybersecurity success through interviews representing various technical and non-technical roles across a variety of organizations, then provide a preliminary framework for understanding dimensions of cybersecurity success (financial, information integrity, operational, and reputational) as well as their associated knowledge domains and alignments.
-
ItemTaking It Out on IT: A Mechanistic Model of Abusive Supervision and Computer Abuse( 2020-01-07)One salient issue in organizational information security is computer abuse. Drawing on the management literature, we identify abusive supervision as a potential factor that affects the latter. As such, this paper proposes a model that formulates why subordinates commit computer abuse in response to abusive supervision. The model focuses on the mechanism of displacing aggression in retaliating against the organization. Drawing upon neutralization and deterrence theories and grounded in appraisal theory, the model offers several propositions. Most notably, the model identifies an interplay among the relevant appraisals, the emotion of anger, neutralization, deterrence and computer abuse. The model also incorporates two conditional moderators, including supervisor’s organization embodiment and controllability. The specific propositions and implications are discussed.
-
ItemCan Trust be Trusted in Cybersecurity?( 2020-01-07)Human compliance in cybersecurity continues to be a persistent problem for organizations. This research-in-progress advances theoretical understanding of the negative effects of trust formed between individuals and the cybersecurity function (i.e., those responsible for protection), cybersecurity system (i.e., the protective technologies), and organization (i.e., those verifying the cybersecurity department) that leads to suboptimal compliance behaviors. In contrast to the current information security literature that focuses on how organizations can induce compliance, this study begins to provide understanding into the degradation of compliance by organizations and how to combat it. An integrated model is conceptualized using the theories of trust and attention. This model provides the theoretical foundation to study the role of dark side trust in the context of cybersecurity and provides initial mechanisms to reduce it. Additionally, by developing this conceptualization of dark side trust and model, this study contributes to the general study of trust in information systems research outside of the domain of cybersecurity.
-
Item“Information Security Is Not Really My Job”: Exploring Information Security Role Identity in End-Users( 2020-01-07)Given the significant role individuals play on the welfare of organizations’ security, end users are encouraged to see themselves as part of the information security solution and are expected to perform certain end-user security roles. However, there is often a divide between the organization’s expectations of the end-user’s information security role and the end-user’s functional role. We explore the concept of role identity in order to understand the factors that increase the importance ascribed to the information security end user role, which in turn affects performance and actions towards security behaviors. We develop a model that focuses on two issues: (1) factors that increase information security role identity (ISRI) and (2) consequents of ISRI, specific to security behaviors. A survey was used to explore the relationships in the model. Theoretical and practical implications of this research are presented.
-
ItemPost Data Breach Use of Protective Technologies: An Examination of Users’ Dilemma( 2020-01-07)This preliminary research addresses the technology use uncertainties that arise when users are presented with protective technologies following a data breach or privacy violation announcement. Prior studies have provided understanding of determinants of technology use through several perspectives. The study complements prior research by arguing that, beyond individual dispositions or technology features, data breach announcements bring users’ focus on the actions of the breaching organization. Fair process and information practices provide avenue for organizations to alleviate users’ concerns and increase service usage. We draw on organizational justice theory to develop a model that explicates the effect of organizational fairness process and use of technologies. We test this model using data from 200 Facebook users recruited from Amazon MTurk. We found that procedural and informational justice have differential effect on users’ desire to use protective technologies. Our findings have both theoretical and practical implications.
-
ItemUnderstanding the Role of Incentives in Security Behavior( 2020-01-07)A key challenge for researchers has been to affect change in user security behavior in organizations. Several theories from different domains have been used for understanding and changing user security behavior including deterrence, fear appeals, and education; however, the success of these approaches has been low. In this research we examine the role of financial incentives in changing user behavior; we specifically provide incentives to users for good security practices. The study attempts to switch user behavior such that they adopt good security habits however it recognizes the limitations of extrinsic rewards in being temporary and couples the extrinsic rewards to affect intrinsic motivation through use of nudges. The field study shows positive results however the number of subjects in our study was small (24). Our goal is to extend the study by large scale data collection to further validate our results.
-
ItemLow Effort and Privacy – How Textual Priming Affects Privacy Concerns of Email Service Users( 2020-01-07)The integration of digital applications and systems into the everyday routines of users is inevitably progressing. Ubiquitous and invisible computing requires the perspective of a new user and the inclusion of insights from related disciplines such as behavioral economics or social psychology. This paper takes up the call for research by Dinev et al. (2015) and examines the influence of textual priming elements on the privacy concerns of users of email accounts. The paper provides an operationalization of a privacy concern as a dependent variable, incorporated in an online experiment with 276 participants. The results show highly significant differences between the groups investigated by the experiment. Specifically, the users of different email providers show interesting results. While users of Gmail show no significant reaction in the experiment, users of other email providers show significant differences in the experimental setting.
-
ItemThe Effect of Privacy Policies on Information Sharing Behavior on Social Networks: A Systematic Literature Review( 2020-01-07)Online social networks (OSN) such as Facebook and Instagram have dramatically changed the way people operate. It, however, raises specific privacy concerns due to their inherent handling of personal data. The paper highlights the privacy concerns associated with OSN, strategies to protect the users’ privacy, and finally the overall effect of privacy policies on information sharing behavior on OSN. We examined a sample of 51 full papers that explore privacy concerns in OSN, strategies to protect users’ privacy, and the effects of privacy policies on the users’ information sharing behavior. The overall findings disclosed that users are concerned about their identity being stolen, and how third-party applications use their information. However, privacy policies do not have a direct impact on the information sharing behavior of OSN users. The findings help researchers and practitioners better understand the impact of privacy concern on users' information sharing behaviors on OSN.
-
ItemHaving Two Conflicting Goals in Mind: The Tension Between IS Security and Privacy when Avoiding Threats( 2020-01-07)Despite users of personal IT devices perceive high risks of losing their personal data if their devices get lost or damaged, many are reluctant to use user-friendly online services (i.e., online backups) to recover from such incidents. We suggest that the reason for this denial are information privacy concerns because users need to disclose their personal files to the safeguard provider. As safeguarding services promise to reduce the IS security threat of losing data, individuals are subsequently tensed between two goals: protecting their data against loss (IS security) and their information privacy. To shed light on this goal conflict, our work builds on the theory of goal-directed behavior. Based on a quantitative online survey among 446 participants, we show that privacy concerns impede threat avoidance to prevent data loss. Comparing current users and non-users of online backup services, our results confirm that provider-related privacy concerns are significantly higher for non-users.
-
Item