Table 2 - uploaded by Paul Benjamin Lowry
Content may be subject to copyright.
Indicators of a Potentially Weak Security/Privacy Study and Possible Solutions
Source publication
In this essay, we outline some important concerns in the hope of improving the effectiveness of security and privacy research. We discuss the need to re-examine our understanding of information technology (IT) and information system (IS) artefacts and to expand the range of the latter to include those artificial phenomena that are crucial to inform...
Context in source publication
Context 1
... every study suffers from trade-offs and limitations and one or two key weaknesses, a weak study suffers from several limiting factors, all of compound to create the universally dreaded (albeit sometimes imaginary) 'fatal flaws'. A weak study will likely exhibit one or more of the characteristics summarised in Table 2, typically in multiple combinations. Here, we focus on factors we believe are especially pertinent to organisational security and privacy research, although many of these factors and solutions apply in other contexts. ...
Similar publications
Human activity recognition (HAR) has an important role in various areas of research, including security, health, daily activity, elderly, energy consumption in the smart building, etc. Most survey papers on HAR discuss single activity recognition. This study explained the research survey on group activity recognition (GAR) and linked it to the adva...
This paper is aimed at discussing the recent developments on the Internet of Things and its applications,and also the impact of recently evolved Big Data on manufacturing information systems is mainly discussed.Big Data analytics has been identified as most important technology to support data acquisition, storage, and analytics in data management...
Citations
... We contribute to the international literature on continuance intention, where we are the first to incorporate an Indian sample (Franque et al., 2020). We also answer prior calls for re-contextualization in security and privacy research (Lowry et al., 2017). ...
Mobile cloud computing apps have become the dominant type of mobile app, providing users with many benefits but also causing privacy concerns related to data being uploaded to the cloud. Since many mobile cloud computing apps have billions of current users around the world, the role of culture in privacy after adoption is pertinent to researchers, users, and developers. This study investigates how culture affects privacy considerations of mobile cloud app users in the post-adoption phase and how it shapes their response to developers’ institutional privacy assurances such as privacy policies and ISO 27018 certification. Based on surveys of current mobile cloud computing app users across three countries: the US (n = 1,045), the UK (n = 183), and India (n = 1,189), we find that users from different cultures differ in their considerations of privacy and in perceptions of institutional privacy assurance. The results show that cultural dimensions moderate the effects of value and risk of transferring to the cloud on continued use. We also find counterintuitive results for the direction in which uncertainty avoidance and power distance shape users’ reactions to institutional privacy assurances. Our findings suggest that MCC app developers need to be consider users’ cultures when designing and communicating their institutional privacy assurances.
... While BeReal does not "force" its users to post a picture when the daily countdown turns on, it is likely to discourage some user segments from using it in the first place. Additionally, the negative effect of privacy concerns for using a new technology confirms extant literature on the value of privacy for user technology (Lowry et al., 2017). ...
In contrast to conventional Social Network Sites, BeReal counteracts staged self-portrayal and aims for authenticity by posting a photo at an unannounced time within a short period. This study is the first to investigate drivers and barriers for using BeReal. Furthermore, this study successfully links BeReal usage intention to subjective well-being. Building on the Self-Determination Theory, the Unified Theory of Acceptance and Use of Technology 2, and specific particularities, a research model is validated by n = 657 consumers using partial least square structural equation modeling. The study contributes to the research intersection of SNS, technology acceptance, and effects on well-being.
... It has been described as a "principle to support, encourage and empower users to undertake informed control of their digital identities" (Park, 2013, p. 217). In the context of smart products, people need to understand how their data are collected, processed, and stored to assess privacy risks (Lowry et al., 2017). The more users know about data flows, the better equipped they will be to take control of their privacy by making informed decisions (Turow, 2003). ...
With the advent of the Internet of Things (IoT), it has become increasingly challenging for users to assess the privacy risks associated with consumer products and the continuous stream of user data needed to operate them. In this study, we propose and test three mechanisms with the potential to help users make more accurate assessments of privacy risks. We refer to these mechanisms as framing (i.e., presenting information on the collection and use of user data with or without direct reference to privacy risks), comparing (i.e., presenting a product and the associated information on data collection and use with or without reference to an alternative product), and educating (i.e., augmenting users’ general privacy literacy). To assess these mechanisms in different IoT contexts, we conducted two scenario-based online experiments with reference to a telematics device (n = 317) and a fitness tracker (n = 356). In both studies, we find that actual privacy risks as manipulated in the experiment are only moderately related to the privacy risks perceived by users. However, comparing and educating each helped users make more accurate privacy risk assessments. In Study 2, framing and comparing jointly enabled especially users with low privacy literacy to assess privacy risks more accurately. These findings have meaningful implications for key actors in the IoT ecosystem and those regulating it.
... Considering an information privacy issue under ESMS as an IS issue (Lowry et al. 2017), this study relaxes various assumptions in the prior literature, and "presents alternate viewpoints to the existing literature" (Chatterjee and Davison 2021, p. 228). In addition, the paper articulates implications for practitioners, as their primary goal is to devise best practices and interventions aimed at lessening the potential negative effects of privacy concerns in the context of ESMS (Alder & Ambrose, 2005). ...
Electronic surveillance/monitoring has become ubiquitous in modern organizations as advanced information technology (IT) expands organizational capacity to track system users’ daily information systems (IS) activities. Although this environmental shift surrounding IS raises an important (though largely unexplored) issue of IS users’ information privacy and subsequent IS behaviors, little is known about cognitive/psychological processes and boundary conditions underlying IS users’ information privacy concerns and behaviors under the context of non-volitional workplace surveillance. Grounded on psychological reactance theory, this paper articulates how and when information privacy concerns under workplace surveillance relate to IS use behaviors (i.e., effective IS use and shadow IT use) via psychological reactance. In addition, it investigates IS procedural fairness, a contextual boundary condition. We tested a research model using two surveys (via online platforms) data collected from a sample of 301 and 302 IS users working under electronic surveillance/monitoring systems in various organizations and industries. Using moderated mediation analyses, the results of the study show that (1) psychological reactance mediates the relationship between IS users’ information privacy concerns and effective IS use and shadow IT use, respectively; and (2) IS procedural fairness acts as a boundary condition for the given mediated relationships such that the negative impacts of information privacy concerns on psychological reactance and IS behaviors are mitigated. Implications for theory and practice are discussed.
... With the growing use of social media platforms, protecting online information privacy has become a challenging endeavor as ubiquitous technologies can violate basic privacy principles through unregulated access to information and personal data stored and shared in different nodes of the global network (Becker, 2019;Romansky & Noninska, 2020). Security and privacy are at the center of information system (IS) artifacts (Lowry et al., 2017). Various risks have been identified from the breach of information privacy (Romansky & Noninska, 2020). ...
... Stuart et al. (2019) developed a privacy framework to explain the complexity of privacy and encouraged collaborative future research to develop a comprehensive theory of the psychology of privacy. Therefore, in this study, we investigated the concept of privacy from the IS-artifact perceptive that is relevant to IS practices instead of focusing on the technological aspects of systems (Lowry et al., 2017). We revisited and reviewed privacy research in the present age and the prevalence of ubiquitous systems in the context of online platforms, Internet of Things (IoT), and big data (Lowry et al., 2017). ...
... Therefore, in this study, we investigated the concept of privacy from the IS-artifact perceptive that is relevant to IS practices instead of focusing on the technological aspects of systems (Lowry et al., 2017). We revisited and reviewed privacy research in the present age and the prevalence of ubiquitous systems in the context of online platforms, Internet of Things (IoT), and big data (Lowry et al., 2017). ...
Privacy in the information systems (IS) context is becoming increasingly challenging and complicated. This study conducted a systematic review of the information privacy literature in the IS context to identify theories to understand and explain online information privacy. We reviewed eight journals from the Association for Information Systems over the 10-year period from 2013 to 2023. These journals were identified as mainstream in the IS discipline by senior scholars in the field. We identified and explored 20 theories in depth. Our findings have important implications for academics and practitioners. Scholars can build on our findings to identify and adopt promising theories from other disciplines to be contextualized and applied to examining information privacy. New theories can enrich our understanding of information privacy and provide in-depth insights from different perspectives, thereby enhancing our understanding of information privacy issues.
... Extant IS research underscores the "wicked" nature of problems related to data privacy and end user control (Lowry et al., 2017). Both are abstract concepts that are created and upheld by legal, cultural, and organizational structures that differ across jurisdictions and societies. ...
... Wicked problems such as data privacy and control can thus not be solved piecemeal (Pries-Heje & Baskerville, 2008). For example, IS research has explored a range of privacy-enhancing technologies (e.g., cryptography tools, privacy-preserving interfaces) and approaches (e.g., privacy-by-design) to preserve end user privacy (Lowry et al., 2017). However, limited research has explored the unintended outcomes when end users neglect their privacy, while much work on privacy technologies is either conceptual or disconnected from end users and often overlooks societal implications (Bélanger & Crossler, 2011;Prat et al., 2015). ...
Digital platforms have radically transformed how we work, shop, and socialize. Despite their numerous benefits, they may also threaten social justice due to unforeseen consequences of specific design choices, preventing end users from participating equitably in the digital economy. As platform owners compete by leveraging personal data, it remains unclear how digital platforms can be designed to empower end users to control, legally own, and benefit from their data in a privacy-preserving way. Integrating design science research with heuristic theorizing, this study proposes a design theory for end user-centric digital platforms. We derive design theory components from over nine years of data regarding the Dataswyft platform, including five meta-requirements and eight design principles. They reveal how digital platforms can be designed for social justice by empowering end users, both technically and legally, to protect and control their data through a containerized microservice platform infrastructure. This platform design includes multiple data protection layers, end user-driven data collection, reconfiguration, and exchange functionalities, safeguarding mechanisms, and semi-centralized ecosystem governance structures. By evaluating an expository instantiation of the proposed design principles, we demonstrate the applicability and utility of our design theory, paving the way for data self-sovereignty and social sustainability.
... As the number of smart devices increases, security and privacy risks also increase. The main obstacle to the implementation of "smart home" technologies is the concern about the confidentiality of information (Lowry et al., 2017). To use its full potential, smart home technologies require access to a lot of information about the home and the user's personal life. ...
Article history: Smart socio-technological infrastructure is a new approach to the design and creation of complex systems, based on the integration of technological and social elements. Currently, smart socio-technological infrastructures are applied in all spheres of life, from business and industry to healthcare and medical facilities. The implementation of these infrastructures creates new opportunities for the development of various fields. However, it causes a number of problems. The reasons for new information security problems arising from the characteristics of smart socio-technological infrastructures may include the increase in the number of devices (the number of devices interacting with each other increases, which expands the potential attack plane), the complexity of integration (the integration of social and technological components leads to the creation of new vulnerabilities), data heterogeneity (where the processing and storage of various types of information, including confidential information, make them an attractive target for cybercriminals), the dynamism of the environment (smart socio-technological infrastructures are constantly evolving and adapting, which makes it difficult to ensure their security). This article examines information security problems of smart socio-technological infrastructures. New threats arising from the introduction of these infrastructures are classified. The development of information security culture is justified as one of the main factors of combating these threats, and recommendations are given on the principles and methods of its formation.
... Furthermore, we measured intentions to comply instead of actual compliance with ISP. We acknowledge multiple calls from scholars to study actual security behaviors (Crossler et al. 2013, Lowry et al. 2017. Future research based on secondary data could determine whether individuals' factors effectively prevented realized security events. ...
Organizations worldwide face critical concerns related to cybersecurity threats and information security policy (ISP) compliance. Even though humans are the weakest link in the cybersecurity chain, information security professionals understand the importance of promoting individual information security behaviors because employees are also the first line of defense against ever-increasing cyber threats. Despite a recent trend of working from home, organizations do not make significant differences in their information security interventions for remote workers, relying mainly on VPNs as the only used tool, essentially making employees follow in-office standard information security policies because they are “virtually in-office.” Our study suggests that organizations need to recognize the unique context of remote work and consider personal motivations when shaping information security practices. Furthermore, our study indicates that in order to motivate remote employees to follow secure information security practices, organizations should consider personal characteristics instead of focusing on generic interventions. For instance, our study compares onsite and remote workers, suggesting that personal values are more relevant in remote work settings. Our findings exemplify just one of the many potential personal characteristics to be considered, highlighting how personal values are important motivators for ISP compliance and how they differ for onsite and remote workers in their importance when following information security rules.
... However, academia has yet to fully embrace the task of comprehending the significance of consumers, their attitudes, and behavior concerning privacy within the evolution of IoT (Alraja, 2022;Lee et al., 2017). An imperative shift toward a usercentered approach to IoT and privacy has forcefully emerged, driven by the fact that IoT significantly and uniquely challenges established privacy norms (Lowry et al., 2017). The interconnected nature of IoT systems, along with the vast amounts of data they generate and often exchange without consumer awareness, heightens these privacy concerns. ...
Purpose
This study aims to analyze and synthesize literature on consumer privacy-related behavior and intelligent device-to-device interactions within the Internet of Things (IoT).
Design/methodology/approach
We conducted a systematic review using Elsevier’s Scopus database, focusing on studies published in English from 2000 to 2023. The review targeted articles within selected social sciences and business disciplines, specifically concerning consumer behavior in IoT contexts.
Findings
We categorized the privacy literature into three thematic clusters: legislation and policy, business implications and consumer behavior. Within the consumer behavior cluster, our analysis indicates a shift from general Internet and e-commerce privacy concerns prior to 2016, toward issues related to advertising and policy between 2017 and 2018, and increasingly toward pronounced concerns in technological systems, particularly IoT, from 2019 onwards. We identify eight distinct areas of privacy concern within IoT and propose a framework that links antecedents and privacy concerns to subsequent attitudes and behaviors. This framework highlights varying patterns of information disclosure and bridges theoretical constructs with empirical research in IoT privacy.
Originality/value
Originality lies in enhancing the Antecedents-Privacy Concerns-Outcomes (APCO) macro-model by integrating diverse theoretical perspectives on technological and individual-specific antecedents, alongside privacy concerns and beliefs. This comprehensive integration enriches the framework, enabling it to predict and categorize consumer behavior in IoT environments more effectively. The revised model provides a robust tool for understanding privacy-related behavior within the IoT, significantly enriching its theoretical relevance and practical applicability.
... Privacy and security are critical due to the sensitive health data collected by IoT devices, necessitating robust measures like encryption and access controls (Alraja et al., 2019). Barriers to technology adoption by healthcare providers and patients include concerns about workflow disruption and privacy, which can be addressed through training programs and incentives (Lowry et al., 2017). To overcome these challenges, collaboration between policymakers, industry stakeholders, and healthcare providers is crucial in developing regulatory frameworks that balance innovation and patient safety (Farahani et al., 2018). ...
This paper presents an open source platform aimed at revolutionizing healthcare delivery in the United States by significantly reducing the cost of virtual healthcare software. The proposed platform addresses the pressing challenges of accessibility and efficiency in the U.S. healthcare sector through cloud native backend solutions and mobile apps driven by modular design and IoT-enabled devices. By leveraging IoT technology, virtual healthcare platforms can provide real-time monitoring, remote consultations, and personalized care, thereby improving patient outcomes and reducing healthcare costs. The platform emphasizes nationwide scalability, inclusivity, and a transition towards a proactive, patient-centric healthcare model. By leveraging the opensource community, modular design and a plugin architecture, it aims to enable feature extensibility beyond what is foreseeable today, promote interoperability, ensure data privacy and security, and promote technology adoption among healthcare providers and patients. The proposal presented in this paper lays the foundation for the implementation aimed at harnessing the full potential of IoT and virtual healthcare to enhance accessibility and efficiency in the U.S. healthcare sector, ultimately advancing the quality of care and well-being of the population.
