Research Interests:
Research Interests:
Part-time and temporary employees and contractors become a major cybersecurity threat for organizations due to the ephemeral nature of their engagement. Compared with full-time employees, they may be less commited to the welfare of the... more
Part-time and temporary employees and contractors become a major cybersecurity threat for organizations due to the ephemeral nature of their engagement. Compared with full-time employees, they may be less commited to the welfare of the organization and, therefore, less willing to engage in security recommendations to protect it. Perceived psychological ownership is an important factor that shapes employees’ security behaviors. The endowment effect also explains employees’ tendencies to overvalue information that belongs to them, and conversely, extend fewer protections to information that they view as belonging to others. Thus, employees may be more motivated to safeguard their own information than organizational information. From a principle-agent perspective, this study investigates how three types of employees perceive organizational and personal information, and how different employees make decisions about protecting their own versus organizational information.
Research Interests:
Research Interests:
Although employee computer abuse is a costly and significant problem for firms, the existing academic literature regarding this issue is limited. To address this gap, we apply a multi‐theoretical model to explain employees' intentions... more
Although employee computer abuse is a costly and significant problem for firms, the existing academic literature regarding this issue is limited. To address this gap, we apply a multi‐theoretical model to explain employees' intentions to abuse computers. To understand the motives for such behaviour, we investigate the role of two forms of organizational justice – distributive and procedural – both of which provide explanations of how perceptions of unfairness are created in the organizational context. By applying deterrence theory, we also examine the extent to which formal sanctions influence and moderate the intentions to abuse computers. Finally, we examine how the potential motives for abuse may be moderated by techniques of neutralization, which allow offenders to justify their actions and absolve themselves of any associated feelings of guilt and shame. Utilizing the scenario‐based factorial survey method for our experimental design, we empirically evaluated the associatio...
Research Interests:
Research Interests:
Research Interests: Information Systems, Psychology, Computer Science, Perception, Information Security, and 10 morePersonality, Soft Systems Methodology, Computer Security, Situational Ethics, Business and Management, Information Systems Security, Big Five Personality Traits, Security Policy, Strategic Information System, and Information System
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Information systems development projects are a significant expenditure of time, effort and money for many enterprises. Historically it has been estimated that 50-80% of projects fail to achieve their objectives for a variety of reasons.... more
Information systems development projects are a significant expenditure of time, effort and money for many enterprises. Historically it has been estimated that 50-80% of projects fail to achieve their objectives for a variety of reasons. Researchers have identified numerous factors associated with system development failure. In this paper, we first synthesize the vast research regarding systems development risk factors and provide a framework that illustrates interactions between risk factors. The framework was used to develop an open-ended questionnaire that was answered by an inter-industry group of experienced systems development engineers and project managers. Analysis of their reports indicates that experienced professionals perceive that all risk factors (technical, resource, etc.) ultimately derive from organizationally-oriented factors, to be solved with organizational responses. This holistic viewpoint of risk assessment is counter to that of systems professionals more invol...
Research Interests:
Through persuasive communications, information technology (IT) executives hope to align the actions of end users with the expectations of senior management and of the firm regarding technology usage. One highly influential factor of... more
Through persuasive communications, information technology (IT) executives hope to align the actions of end users with the expectations of senior management and of the firm regarding technology usage. One highly influential factor of persuasive effectiveness is the source of the persuasive message. This study presents a conceptual model for explaining the influence of source credibility on end user attitudes and behavioral intentions to comply with organizationally motivated, recommended IT actions within a decentralized, autonomous environment. The results of this study suggest that the elements of source competency, trustworthiness, and dynamism are significant determinants of attitudes and behavioral intentions to engage in recommended IT actions. These findings reveal the importance of these elements of effective communication in persuading end users to follow recommended IT activities and advance IT acceptance and adoption research through the application of persuasive communica...
Research Interests:
Technology adoption by individuals has traditionally been regarded by information systems researchers as a choice between adoption and non-adoption of a single technology. With the current diversity of technology alternatives, the... more
Technology adoption by individuals has traditionally been regarded by information systems researchers as a choice between adoption and non-adoption of a single technology. With the current diversity of technology alternatives, the adoption decision may be more accurately specified as a choice between competing alternative technologies. The research question may no longer be simply whether technology is adopted, but rather which technology is adopted. The authors illustrate this with a simplified model of choice between two competing technologies, where the second technology is an enhanced version of the first. Their theoretical model is based on Expectancy Theory (ET). Results indicate that system characteristics can be successfully captured in the Valence Model of ET, and effort expectancy in the Force Model. Future research can expand on these results by including more factors in the Valence Model, and by comparing more than two alternative technologies.
Research Interests:
PurposeThe Health Insurance Portability and Accountability Act (HIPAA) is US legislation aimed at protecting patient information privacy, but it imposes a significant burden on healthcare employees, especially since the privacy provisions... more
PurposeThe Health Insurance Portability and Accountability Act (HIPAA) is US legislation aimed at protecting patient information privacy, but it imposes a significant burden on healthcare employees, especially since the privacy provisions are still evolving and healthcare organizations are still struggling to meet compliance criteria. This study seeks to illuminate characteristics of both the environment (organization) and the individual (healthcare professional) and their relevant influence on compliance intentions by leveraging theories from the domains of social psychology, management, and information systems.Design/methodology/approachA study of 208 healthcare professionals located at healthcare facilities throughout the USA were surveyed as to their perceptions regarding HIPAA compliance and the underlying organizational and individual factors that influence said compliance.FindingsThe findings indicate that perceptions of organizational support and self‐efficacy (SE) leading t...
Research Interests: Business, Information Systems, Social Psychology, Computer Science, Privacy, and 13 moreHealth Care, Public Relations, Self Efficacy, Communication Technology, Health Services, Legislation, United States of America, Empirical Study, Information Privacy, Data Format, Information system design, Health Insurance Portability and Accountability Act, and Environmental factor
Research Interests:
Research Interests:
The Technology Acceptance Model (TAM) and the Unified Theory of Acceptance and Use of Technology (UTAUT) provide insights into how and why individual computer users form a behavioral intent to adopt and use various information... more
The Technology Acceptance Model (TAM) and the Unified Theory of Acceptance and Use of Technology (UTAUT) provide insights into how and why individual computer users form a behavioral intent to adopt and use various information technologies. For several key reasons discussed in this paper, technologies and procedures related to end user security may possess unique characteristics that render traditional TAM and UTAUT principles less useful for explanation and prediction. This paper investigates the ...
If companies are to enjoy long-term success in the Internet marketplace, they must effectively manage the complex, multidimensional process of building online consumer trust. eMerchants must understand the characteristics of web... more
If companies are to enjoy long-term success in the Internet marketplace, they must effectively manage the complex, multidimensional process of building online consumer trust. eMerchants must understand the characteristics of web interfaces, policies, and procedures that promote trust and enact this knowledge in the form of specific trustbuilding mechanisms. Therefore, eMerchants must exercise a variety of trust-building techniques in the design of their online consumer interface as well as the principles upon which they operate. In doing ...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Despite the recent increased attention afforded malware by the popular press, there appears to be a dearth in user awareness and understanding of certain aspects of the security paradigm. This chapter presents a comparison of user... more
Despite the recent increased attention afforded malware by the popular press, there appears to be a dearth in user awareness and understanding of certain aspects of the security paradigm. This chapter presents a comparison of user awareness levels of rootkits, spyware, and viruses between U.S. and Chinese users. The results of a survey of 210 U.S. respondents and 278 Chinese respondents indicate that respondents’ awareness and knowledge of rootkits is well below that of spyware and viruses. Data analysis further reveals that there are significant differences in Chinese and U.S. user perceptions with regard to spyware and computer viruses. However, there is no difference in cross-cultural awareness with regard to rootkits. Due to the ubiquitous nature of the Internet, rootkits and other malware do not yield at transnational borders. An important step to mitigate the threats posed by malware such as rootkits is to raise awareness levels of users worldwide.
Research Interests:
Every enterprise must establish and maintain information technology (IT) governance procedures that will ensure the execution of the firm’s security policies and procedures. This chapter presents the problem and the framework for ensuring... more
Every enterprise must establish and maintain information technology (IT) governance procedures that will ensure the execution of the firm’s security policies and procedures. This chapter presents the problem and the framework for ensuring that the organization’s policies are implemented over time. Since many of these policies require human involvement (employee and customer actions, for example), the goals are met only if such human activities can be influenced and monitored and if positive outcomes are rewarded while negative actions are sanctioned. This is the challenge to IT governance. One central issue in the context of IT security governance is the degree to which IT security controls should be centralized or decentralized. This issue is discussed in the context of enterprise security management.
Research Interests:
Research Interests:
Insider computer abuse, the problem of intentional computer-related crimes by employees, is a costly problem for firms (Warkentin and Willison, 2009). To counter this threat, IT practitioners and IS researchers assess potential... more
Insider computer abuse, the problem of intentional computer-related crimes by employees, is a costly problem for firms (Warkentin and Willison, 2009). To counter this threat, IT practitioners and IS researchers assess potential antecedents ofand motivations for computer abuse intentions among employees. The theory of organizational justice, the techniques ofneutralization, and the role of deterrence are offered as lenses for evaluating the formation of employee disgruntlementleading to computer abuse behaviors. We have ...
Research Interests:
Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of... more
Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of fear appeals have yielded mixed results, leading IS security scholars and practitioners to question the validity of the conventional fear appeal framework and the manner in which fear
appeal behavioral modeling theories, such as protection motivation theory (PMT), have been applied to the study of information security phenomena. We contend that the conventional fear appeal rhetorical framework is inadequate when used in the context of information security threat warnings and that its primary behavioral
modeling theory, PMT, has been misspecified in the extant information security research. Based on these arguments, we propose an enhanced fear appeal rhetorical framework that leverages sanctioning rhetoric as a secondary vector of threats to the human asset, thereby adding the dimension of personal relevance, which is critically absent from previous fear appeal frameworks and PMT-grounded security studies. Following a hypothetical scenario research approach involving the employees of a Finnish city government, we validate the efficacy of the enhanced fear appeal framework and determine that informal sanction rhetoric effectively enhances conventional fear appeals, thus providing a significant positive influence on compliance intentions.
appeal behavioral modeling theories, such as protection motivation theory (PMT), have been applied to the study of information security phenomena. We contend that the conventional fear appeal rhetorical framework is inadequate when used in the context of information security threat warnings and that its primary behavioral
modeling theory, PMT, has been misspecified in the extant information security research. Based on these arguments, we propose an enhanced fear appeal rhetorical framework that leverages sanctioning rhetoric as a secondary vector of threats to the human asset, thereby adding the dimension of personal relevance, which is critically absent from previous fear appeal frameworks and PMT-grounded security studies. Following a hypothetical scenario research approach involving the employees of a Finnish city government, we validate the efficacy of the enhanced fear appeal framework and determine that informal sanction rhetoric effectively enhances conventional fear appeals, thus providing a significant positive influence on compliance intentions.
Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of... more
Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of fear appeals have yielded mixed results, leading IS security scholars and practitioners to question the validity of the conventional fear appeal framework and the manner in which fear appeal behavioral modeling theories, such as protection motivation theory (PMT), have been applied to the study of information security phenomena. We contend that the conventional fear appeal rhetorical framework is inadequate when used in the context of information security threat warnings and that its primary behavioral modeling theory, PMT, has been misspecified in the extant information security research. Based on these arguments, we propose an enhanced fear appeal rhetorical framework that leverages sanctioning rhetoric as a secondary vector of threats to the human asset, thereby adding the dimension of personal-relevance threat, which is critically absent from previous fear appeal frameworks and PMT-grounded security studies. Following a hypothetical scenario research approach involving the employees of a Finnish city government, we validate the efficacy of the enhanced fear appeal framework and determine that informal sanction rhetoric effectively enhances conventional fear appeals, thus providing a significant positive influence on compliance intentions.