Innovative Behavioral IS Security and Privacy Research
Permanent URI for this collection
Browse
Recent Submissions
1 - 10 of 10
-
ItemLessons Learned from an Information Security Incident: A Practical Recommendation to Involve Employees in Information Security( 2018-01-03)With the increasingly negative impact of information security attacks, measures of information security, which address the weakest link in the information security chain, namely the employee, have become a necessity for today’s business world. One way to improve employees’ - yet limited - information security awareness is to learn from past information security incidents. This study theoretically builds upon the so called involvement theory to extend the existing research on information security awareness. Insights gained from 34 interviews suggest that involvement accompanied with a detailed review of past security incidents has a positive effect on staff’s information security awareness. Employees, directly affected by an information security incident, gain significant information security expertise and knowledge which they can, again, share with their colleagues. Moreover, constructive team work in the light of information security risks as well as an adequate adjustment of security-related measures is fostered.
-
ItemCybHER: A Method for Empowering, Motivating, Educating and Anchoring Girls to a Cybersecurity Career Path( 2018-01-03)There are challenging problems to solve in cybersecurity. We must engage women as an untapped resource in our national effort to protect our country and critical infrastructure. Developing original ways to engage young women serves to address this recognized national need for recruitment through security education at the K-12 and undergraduate level. This would further address the widening gap between the availability and demand for qualified and diverse security professionals. Designing security iterations that are creative, socially relevant, and accessible to an underrepresented population in cybersecurity is a challenge that informs how education and outreach can be performed within other contexts. This research will discuss the CybHER model for engaging and supporting young women in cybersecurity while anchoring them to this field. By providing 5 different interventions, CybHER seeks to empower, motivate, educate, and anchor girls to cybersecurity. Further, existing CybHER outreach activities and lessons will be discussed.
-
ItemExploring the Propagation of Fake Cyber News: An Experimental Approach( 2018-01-03)The rising trend of fake news in cyberspace has escalated with increasing velocity of information exchange and an explosion of information sources. Combating fake news in the cyber security context is important due to its use as a content-based social engineering attack, or weaponization of information to compromise corporate information assets. This research aims to explore the proliferation of this type of threat through initial empirical analysis of propagation of cyber news with particular emphasis on potential for generation of weaponized information in the form of fake cyber news. Antecedents of the propagation of cyber news were examined using the Theory of Engagement. An exploratory experiment was conducted with 84 subjects in the field of cyber security on a social network platform. An analysis of the data showed that aesthetics and readability were important factors at the point of entry, but after initial engagement with the news, only novelty influenced propagation.
-
ItemToo Crowded to Disclose! Exploring the Relationship Between Online Crowdedness and Self-Disclosure( 2018-01-03)Nowadays, people communicate with many others online. Of the online sites, product review pages have become an important communication medium on which consumers share information about a product. Drawing upon this trend, we examined the factors that affect reviewers’ self-disclosure behavior. Prior studies have found that privacy behaviors such as self-disclosure are affected by diverse contextual factors. In this study, we propose that online crowdedness is an important contextual factor for self-disclosure behavior. Using review data from the largest online apparel rental site in the U.S., we empirically explored the relationship between online crowdedness and self-disclosure behavior. The result shows that online crowdedness can discourage self-disclosure behavior.
-
ItemOptimizing Privacy Policy Videos to Mitigate the Privacy Policy Paradox( 2018-01-03)This research takes a design science approach to improving privacy policies through the design and use of mediated content, such as video. Research has emerged to indicate that privacy policies communicated through video (separate from-”and in addition to-”traditional textual privacy policy documents) are more effective at engendering trust, decreasing perceived risk, and encouraging information disclosure than textual privacy policies, which are seldom read or understood. We extend this research by examining design factors such as narrator gender, animation style, music tone, and color scheme. We implemented a field experiment and survey to determine how variations in these design elements affect consumers’ perceived risk, perceived benefits, and disclosure decisions. The results indicate that the most effective privacy policy videos use female narrators with vibrant color palettes and light musical tones. The animation style (animated imagery versus animated text) has no effect on consumers’ perceived risk/benefits or disclosure decisions.
-
ItemThe Role of Rational Calculus in Controlling Individual Propensity toward Information Security Policy Non-Compliance Behavior( 2018-01-03)We draw on recent advances in cognitive neural science to articulate an employee security behavioral model. Cognitive neural science studies suggest two neurological processes occurring in human brain when making decisions: the automatic or reflexive process, which is the default mode for decision making, and the controlled or reflective process, which interrupts the automatic process when the brain encounters unexpected events or novel decisions. We map rational choice to the controlled process and self-control to the automatic process and test a decision model using survey data in the context of employee non-compliance behavior to organization information security policies.
-
ItemIs the Privacy Paradox a Matter of Psychological Distance? An Exploratory Study of the Privacy Paradox from a Construal Level Theory Perspective( 2018-01-03)Institutional operators in the digital marketplace have delighted consumers with precise, highly personalized and customized products and services through the collection and mining of customers’ personally identifiable data. However, the ethical conduct of online businesses continues to be a debatable issue, due to the increasing concerns over information privacy. Despite such controversies, scrutiny of consumer behavior has shown that consumers’ concerns for privacy do not transfer into protective behaviors or abstinence during online activity. The aim of this study is to illuminate the disparity known as the -˜privacy paradox’ through the directions of the construal level theory. Based on semi-structured interviews with 21 online shopping consumers, we explain that, due to spatial, temporal, social, and hypothetical distance of privacy values, privacy is construed as an abstract phenomenon influencing the formation of distant-future attitudes and intentions rather than actual behavior.
-
ItemPerceived Control and Privacy in a Professional Cloud Environment( 2018-01-03)Cloud customers need to assess whether their cloud service provider offers high-quality services and handles sensitive information confidentially. Privacy protection is therefore a major challenge during cloud sourcing. Although cloud customers want control over their sensitive information, they have limited resources to do so. They therefore consider other control agents, such as certification authorities or collectives, but the effectiveness of these groups to ensure privacy protection is unknown. This study differentiates between three control agents (personal control, proxy control, and collective control) and investigates the influence of these agents on cloud customers’ perceived control over sensitive information to protect privacy during cloud sourcing. Results show that proxy and collective control influence cloud customers’ perceptions but personal control does not. Therefore, only external control agents, who can apply sanctions, are perceived as being able to effectively protect privacy.
-
ItemDependent Variables in the Privacy-Related Field: A Descriptive Literature Review( 2018-01-03)As privacy is an ongoing issue of both society and research, there is a tremendous amount of research on privacy in the domain of information systems. A plethora of these studies has been conducted on privacy-related dependent variables. This descriptive literature review summarizes used dependent variables and gives a detailed analysis of the variables including the research setting, used theories, used methodologies, and used research designs. Results show among others that 1) some dependent variables are under-researched, 2) the majority is using intention to disclose as their dependent variable, 3) many articles are not grounded in a basic underlying theory and 4) the majority is using cross-sectional surveys as their research design. Based on the results several recommendations for future research are given, including to use certain dependent variables, to focus on actual disclosure behaviour and to conduct longitudinal studies.
-
Item