Innovative Behavioral IS Security and Privacy Research

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 5
  • Item
    Design of Surveillance Technologies and Privacy Concerns
    ( 2023-01-03) Ahmad, Rizwan ; Gal, Uri ; Liu, Na
    Researchers from numerous management, social sciences and psychological disciplines have attempted to investigate the phenomenon of surveillance and the way it influences privacy concerns among individuals. But no study has attempted to interpret the relationship between individuals’ perception of surveillance technologies and the way they react to surveillance and develop their privacy concerns. We conduct a review of 207 prominent IT journals within the Scopus databases to examine and interpret individuals’ perception of different designs of surveillance technologies (non-obtrusive vs. obtrusive) and how such technologies influence privacy concerns at individual, corporate and societal level. Our review suggests that both non-obtrusive (automatic) and obtrusive (self-input) surveillance are used at individual, corporate and societal level differentially. In the light of our findings, we identify research gaps, propose recommendations, and further opportunities for future research that will enrich academic discourse in IS and create value for corporate firms, government and policy makers.
  • Item
    Introduction to the Minitrack on Innovative Behavioral IS Security and Privacy Research
    ( 2023-01-03) Vance, Anthony ; Warkentin, Merrill ; Johnston, Allen
  • Item
    Close the Intention-Behavior Gap via Attitudes: Case Study of the Volitional Adoption of a Two-Factor Authentication Service
    ( 2023-01-03) Mattson, Tom ; Aurigemma, Sal ; Ren, Jie
    Most of the theories used in the behavioral security literature explain the variance in intentions to act securely. Yet, individuals often fail to act on their intentions. This disconnect is referred to as the intention-behavior gap. Most theories propose a single structural path between intentions and actual behaviors with the expectation that individuals will act on their intentions. The purpose of our paper is to investigate this intention-behavior gap in the context of the volitional adoption of information security technologies. To do so, we conducted a two-phased qualitative study of the adoption of a two-factor authentication (2FA) service. In our bottom-up investigation, we discovered emergent themes related to the four functional areas of attitudes (i.e., functional attitude theory). Our paper contributes to the behavioral security literature by suggesting that individuals must change their negative attitudes related to different functional areas to start to reduce the intention-behavior gap.
  • Item
    Barking Up the Wrong Tree? Reconsidering Policy Compliance as a Dependent Variable within Behavioral Cybersecurity Research
    ( 2023-01-03) Cram, W. Alec ; D'Arcy, John
    A rich body of research examines the cybersecurity behavior of employees, with a particular focus on explaining the reasons why employees comply with (or violate) organizational cybersecurity policies. However, we posit that this emphasis on policy compliance is susceptible to several notable limitations that could lead to inaccurate research conclusions. In this commentary, we examine the limitations of using cybersecurity policy compliance as a dependent variable by presenting three assertions: (1) the link between policy compliance and organizational-level outcomes is ambiguous; (2) policies vary widely in terms of their clarity and completeness; and (3) employees have an inconsistent familiarity with their own organization’s cybersecurity policies. Taken together, we suggest that studying compliance with cybersecurity policies reveals only a partial picture of employee behavior. In response, we offer recommendations for future research.
  • Item
    Buying in and Feeling Responsible: A Model of Extra-role Security Behavior
    ( 2023-01-03) Nehme, Alaa ; Marler, Laura
    Extra-role security behavior has been recognized as a salient element of information security. Drawing upon the research on proactivity in the management literature, we identify ‘felt responsibility for constructive change’ (FRCC) as an important proactive motivational state that drives the behavior. We then follow proactive motivation theory and seek the contextual element and individual difference that precede FRCC. Based on buy-in theory, we propose that user participation in the development of information security-related activities and artifacts induces FRCC. To balance context specificity with generality, we model the individual difference of proactive personality as a moderator of this relation. Our model expands the scope of studying behavioral security by addressing users’ proactive involvement in protecting organizations’ information assets, as opposed to only examining reactive and passive user involvement. Further, the model extends the literature by addressing how promoting positive pre-kinetic events serves organizational information security.