Innovative Behavioral IS Security and Privacy Research

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 10
  • Item
    Defending Organizational Assets: A Preliminary Framework for Cybersecurity Success and Knowledge Alignment
    ( 2020-01-07) Clark, Mark ; Espinosa, J. ; Delone, William
    Cybersecurity governance is a critical issue for organizations engaging in a constant struggle for success in protecting their data, brand, customers, and other assets from malignant actors. The nature of what constitutes successful cybersecurity practices and governance, however, is not yet clear, in part because an appropriate measure for cybersecurity success is not likely to be singular or simple. In this qualitative study, we explore perspectives of cybersecurity success through interviews representing various technical and non-technical roles across a variety of organizations, then provide a preliminary framework for understanding dimensions of cybersecurity success (financial, information integrity, operational, and reputational) as well as their associated knowledge domains and alignments.
  • Item
    Taking It Out on IT: A Mechanistic Model of Abusive Supervision and Computer Abuse
    ( 2020-01-07) Nehme, Alaa ; George, Joey
    One salient issue in organizational information security is computer abuse. Drawing on the management literature, we identify abusive supervision as a potential factor that affects the latter. As such, this paper proposes a model that formulates why subordinates commit computer abuse in response to abusive supervision. The model focuses on the mechanism of displacing aggression in retaliating against the organization. Drawing upon neutralization and deterrence theories and grounded in appraisal theory, the model offers several propositions. Most notably, the model identifies an interplay among the relevant appraisals, the emotion of anger, neutralization, deterrence and computer abuse. The model also incorporates two conditional moderators, including supervisor’s organization embodiment and controllability. The specific propositions and implications are discussed.
  • Item
    Can Trust be Trusted in Cybersecurity?
    ( 2020-01-07) Pienta, Daniel ; Tams, Stefan ; Thatcher, Jason
    Human compliance in cybersecurity continues to be a persistent problem for organizations. This research-in-progress advances theoretical understanding of the negative effects of trust formed between individuals and the cybersecurity function (i.e., those responsible for protection), cybersecurity system (i.e., the protective technologies), and organization (i.e., those verifying the cybersecurity department) that leads to suboptimal compliance behaviors. In contrast to the current information security literature that focuses on how organizations can induce compliance, this study begins to provide understanding into the degradation of compliance by organizations and how to combat it. An integrated model is conceptualized using the theories of trust and attention. This model provides the theoretical foundation to study the role of dark side trust in the context of cybersecurity and provides initial mechanisms to reduce it. Additionally, by developing this conceptualization of dark side trust and model, this study contributes to the general study of trust in information systems research outside of the domain of cybersecurity.
  • Item
    “Information Security Is Not Really My Job”: Exploring Information Security Role Identity in End-Users
    ( 2020-01-07) Ogbanufe, Obi
    Given the significant role individuals play on the welfare of organizations’ security, end users are encouraged to see themselves as part of the information security solution and are expected to perform certain end-user security roles. However, there is often a divide between the organization’s expectations of the end-user’s information security role and the end-user’s functional role. We explore the concept of role identity in order to understand the factors that increase the importance ascribed to the information security end user role, which in turn affects performance and actions towards security behaviors. We develop a model that focuses on two issues: (1) factors that increase information security role identity (ISRI) and (2) consequents of ISRI, specific to security behaviors. A survey was used to explore the relationships in the model. Theoretical and practical implications of this research are presented.
  • Item
    Post Data Breach Use of Protective Technologies: An Examination of Users’ Dilemma
    ( 2020-01-07) Ayaburi, Emmanuel ; Andoh-Baidoo, Francis ; Lee, Jae Ung
    This preliminary research addresses the technology use uncertainties that arise when users are presented with protective technologies following a data breach or privacy violation announcement. Prior studies have provided understanding of determinants of technology use through several perspectives. The study complements prior research by arguing that, beyond individual dispositions or technology features, data breach announcements bring users’ focus on the actions of the breaching organization. Fair process and information practices provide avenue for organizations to alleviate users’ concerns and increase service usage. We draw on organizational justice theory to develop a model that explicates the effect of organizational fairness process and use of technologies. We test this model using data from 200 Facebook users recruited from Amazon MTurk. We found that procedural and informational justice have differential effect on users’ desire to use protective technologies. Our findings have both theoretical and practical implications.