About
133
Publications
172,174
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
5,101
Citations
Introduction
Current institution
Publications
Publications (133)
Purpose
The increased use of Information Systems (IS) as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as “password workarounds” or “shadow security.” These deviant password behaviors can put indiv...
Purpose
Artificial intelligence (AI) can assist in the worldwide shortage of cybersecurity workers in technical and managerial roles. Thus, the purpose of this study was to investigate the role of AI in automating many of the routine tasks associated with cybersecurity. As such, AI enables cybersecurity personnel to reduce their workloads and focus...
With the continued changes in the way businesses work, cyber-attack targets are in a constant state of flux between organizations, individuals, as well as various aspects of the supply chain of interconnected goods and services. As one of the 16 critical infrastructure sectors, the manufacturing sector is known for complex integrated Information Sy...
Purpose
While data breaches are reported daily, organizations are struggling with quantifying their cybersecurity posture. This paper aims to introduce the Universal Cybersecurity Footprint Index (UCFI), an organizational measure of Cybersecurity Footprint. The UCFI helps organizations understand the challenges related to their overall cybersecurit...
The currently most used method for authentication is the password because it is simple to implement, and computer users are very familiarized with it. However, passwords are vulnerable to attacks that can be mitigated by increasing the complexity of the chosen password, particularly in terms of length. One possible approach to accomplish this is th...
Cyberslacking is conducted by employees who are using their companies’ equipment and network for personal purposes instead of performing their work duties during work hours. Cyberslacking has a significant adverse effect on overall employee productivity, however, recently, due to COVID19 pandemic move to remote working also pose a cybersecurity ris...
The currently most used method for authentication is the password because it is simple to implement, and computer users are very familiarized with it. However, passwords are vulnerable to attacks that can be mitigated by increasing the complexity of the chosen password, particularly in terms of length. One possible approach to accomplish this is th...
Cyberslacking is conducted by employees who are using their companies’ equipment and network for personal purposes instead of performing their work duties during work hours. Cyberslacking has a significant adverse effect on overall employee productivity, however, recently, due to COVID19 pandemic move to remote working also pose a cybersecurity ris...
Distracted users appear to have difficulties correctly distinguishing between legitimate and malicious emails or search engine results. Additionally, mobile phone users appear to have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the goal of...
Organizations, small and big, are faced with major cybersecurity challenges over the past several decades, as the proliferation of information systems and mobile devices expand. While larger organizations invest significant efforts in developing approaches to deal with cybersecurity incidents, Small and Medium Businesses (SMBs) are still struggling...
Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauth...
Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this research stu...
Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of ph...
Data breach incidents are reported in the media to be on the rise with continuously increasing numbers. Additionally, data breaches serve a major negative impact to organizations. This study focuses on combining experience in data analytics, visualization, and quantitative analysis for business intelligence in the context of cybersecurity big-data...
Purpose
This study introduces the concept of audiovisual alerts and warnings as a way to reduce phishing susceptibility on mobile devices.
Design/methodology/approach
This study has three phases. The first phase included 32 subject matter experts that provided feedback toward a phishing alert and warning system. The second phase included developme...
This study investigates the effects of media affordances and information security awareness on knowledge sharing behavior among global software development (GSD) team members. Using survey data collected from 214 GSD team members, we identify the three organizational media affordances based on prior affordance literature: awareness, searchability,...
Purpose
This paper aims to introduce the concept of cybersecurity footprint.
Design/methodology/approach
Characteristics of cybersecurity footprint are presented based on documented cases, and the domino effect of cybersecurity is illustrated. Organizational and individual cybersecurity footprints are outlined. Active and passive – digital vs cybe...
Phishing emails, also defined as email spam messages, present a threat to both personal and organizational data loss. About 93% of cybersecurity incidents are due to phishing and/or social engineering. Users are continuing to click on phishing links in emails even after phishing awareness training. Thus, it appears that there is a strong need for c...
Social engineering is the technique in which the attacker sends messages to build a relationship with the victim and convinces the victim to take some actions that lead to significant damages and losses. Industry and law enforcement reports indicate that social engineering incidents costs organizations billions of dollars. Phishing is the most perv...
Phishing continues to be a significant invasive threat to computer and mobile device users. Cybercriminals continuously develop new phishing schemes using email, and malicious search engine links to gather personal information of unsuspecting users. This information is used for financial gains through identity theft schemes or draining financial ac...
Purpose
The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobil...
Phishing attacks target significant volume of Americans per year, and costs American organizations in the millions of dollars annually. Phishing is a cyber-attack using social engineering. Social engineering is the psychological manipulation of individuals in order to gain access to computer system(s) that the attacker is not authorized to use. Phi...
Insider threat mitigation is a growing challenge within organizations. The development of a novel alert visualization dashboard for the identification of potentially malicious cyber insider threats was identified as necessary to alleviate this challenge. This research developed a cyber insider threat dashboard visualization prototype for detecting...
While the introduction of the Internet facilitated communication channels at the workplace to improve employees’ productivity, it also raised new challenges, such as cyberslacking. The problem that this research study addresses is mobile device cyberslacking at the workplace as it relates to productivity. A mobile cyberslacking-commitment taxonomy...
Senior citizens are one of the most vulnerable groups of Internet users who are prone to cyberattacks. Thus, assessing senior citizens’ motivation to acquire cybersecurity skills is critical to help them understand the risks of cyber-attacks. This study investigated a set of constructs that contribute to senior citizens’ motivation to acquire cyber...
Purpose
Users’ mistakes due to poor cybersecurity skills result in up to 95 per cent of cyber threats to organizations. Threats to organizational information systems continue to result in substantial financial and intellectual property losses. This paper aims to design, develop and empirically test a set of scenarios-based hands-on tasks to measur...
Many small businesses struggle to improve their cybersecurity posture despite the risk to their business. Small businesses lacking adequate protection from cyber threats, or a business continuity strategy to recover from disruptions, have a very high risk of loss due to a cyberattack. These cyberattacks, either deliberate or unintentional, can beco...
The Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule (SR) mandate provides a national standard for the protection of electronic protected health information (ePHI). The SR’s standards provide healthcare covered entities (CEs’) flexibility in how to meet the standards because the SR regulators realized that all health care...
Mobile devices are increasingly reshaping how users go about their daily lives. The increasing use of mobile devices and the unfettered access to cyberspace has introduced new threats to users. Thus, mobile device users are continually being targeted for cybersecurity threats via vectors such as: public information sharing on social media, user sur...
Advanced Persistent Threats (APTs) have been growing with social engineering and corporate e-mail compromise reported as the two most penetration vectors to organizational networks. Historically, users (i.e., office assistants, managers, executives) have access to sensitive data and represent up to 95% of cybersecurity threats to organizations. Thi...
As organizational reliance on technology increases, cybersecurity attacks become more attractive to attackers and increasingly devastating to organizations. Due to lacking knowledge and skills, humans are often considered the most susceptible threat vector for cyber attacks. Previous studies in information systems (IS) literature have confirmed awa...
Research continues to warn of an increase of publicly available personal information, often attributed via social media, Website customization, online surveys, self-tracking via fitness and smartphones, as well as a plethora of other venues. Data breaches provide an additional source of personal information via public disclosure, Website distributi...
Business Intelligence (BI) systems have been rated as a leading technology for the last several years. However, organizations have struggled to ensure that high quality information is provided to and from BI systems. This suggests that organizations have recognized the value of information and the potential opportunities available but are challenge...
The goal of this work-in-progress research is to develop and validate a means to measure exposure to social engineering via a mixed method approach combining an expert panel using the Delphi method, developmental research, and a quantitative data collection. Retrieve full text here: http://digitalcommons.kennesaw.edu/ccerp/2017/research/5
Organizational information system users (OISUs) that are open to cyber threats vectors are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. The main goal of this research study wa...
Millions of people willingly expose their lives via Internet technologies every day, and even those who stay off the Internet find themselves exposed through data breaches. Trillions of private information records flow through the Internet. Marketers gather personal preferences to coerce shopping behavior, while providers gather personal informatio...
The protection of an organization’s information systems and assets from cybersecurity threats is increasingly important in today’s world, especially as they become more reliant upon information technology for daily operations. Employees who lack knowledge and skillsets are recognized as the most significant threat vector for cyber-attacks. Therefor...
Cyber threats have been growing with social engineering and business e-mail compromise reported as the two most rising penetration vectors. Advanced Persistent Threats (APTs) are penetration techniques that combine several approaches to gain access to organizational networks. Organizations need a team of skilled individuals to mitigate or prevent t...
The goal of the Joint Task Force on Cybersecurity Education is to develop comprehensive undergraduate curricular guidance in cybersecurity that will support future program development and associated educational efforts. This effort is a collaboration among the ACM, the IEEE Computer Society, the AIS Special Interest Group on Security and Privacy (S...
Texting while driving is a growing problem that current efforts have failed to curtail. This behavior has serious, and sometimes fatal, consequences, and the factors that cause a driver to text are not well understood. This study investigates the influence that boredom, social relationships, social anxiety, and social gratification (BRAG) have upon...
Employees spend time during work hours on non-work related activities including visiting ecommerce Websites, managing personal email accounts, and engaging in e-banking. These types of actions in the workplace are known as cyberslacking. Cyberslacking affects employees’ productivity, presents legal concerns, and undermines the security of the emplo...
Providing timely and cost-effective healthcare appears to be significantly desired. Factors such as computer skills and comprehension of instructions impact people's perception of the accessibility of such alternatives, especially for medical professionals. There are limited studies examining the aforementioned factors in information systems (IS) l...
While the Internet is a major business tool nowadays, individuals are still challenged to form teams and collaboration virtually. To evaluate the success of team formation in a virtual setting, this research study assessed the role of different computer-mediated communications (CMC) employed on the success of team formation measured by task perform...
The demand for information system authentication has significantly increased over the last decade. Research has shown that the majority of user authentications remain to be password based, however, it is well documented that passwords have significant limitations. To address this issue, companies have been placing increased requirements on the user...
Deception and dishonesty in online exams are believed to link to their unmonitored nature where users appear to have the opportunity to collaborate or utilize unauthorized resources during these assessments. The primary goal of this study was to investigate the deterrent effect of Webcam-based proctoring on misconduct during online exams. This stud...
Although advances in Information Technology (IT) have been significant over the past several decades when it comes to protection of corporate information systems (IS), human errors and social engineering appear to prevail in circumventing such IT protections. While most employees may have the best of intentions, without cybersecurity skills they re...
Since September 11, 2001, the United States Government (USG) has possessed unparalleled capability in terms of dedicated Intelligence and information collection assets supporting the analysts of the Intelligence Community (IC). The USG IC has sponsored, developed, and borne witness to extraordinary advances in technology, techniques, and procedures...
Reports of identity theft continue to be widely reported, while users continue to share an increasing amount of personal information online, especially within social networking sites (SNS) and e-learning systems (ELS). Research has suggested that many users lack awareness of the threats that risky online personal information sharing poses. However,...
Consumers have begun to take a more proactive approach to their healthcare by accessing pharmaceutical companies Websites to obtain health and drug information. In exchange for these benefits, companies require consumers to voluntarily disclose information. However, research has shown that consumers continue to be concerned about how their informat...
Cybersecurity threats are causing substantial financial losses for individuals, organizations, and governments. Information technology (IT) users' mistakes, due to poor cybersecurity skills, represent about 72% to 95% of cybersecurity threats to organizations. As opposed to IT professionals, computer end-users are one of the weakest links in the cy...
There is a growing interest in the assessment of tangible skills and competence. Specifically, there is an increase in the offerings of competency-based assessments, and some academic institutions are offering college credits for individuals who can demonstrate adequate level of competency on such assessments. An increased interest has been placed...
Effective systems analysis is at the core of the design, development and operation of any modern information system. As part of their analysis and design work, information technology (IT) professionals are called upon to interview clients, observe daily operations and interpret and evaluate existing or proposed solutions. Moreover, these practition...
Service organizations worldwide are turning to Six Sigma Program (SSP) to remove variability in their processes to attain a competitive marketplace advantage. SSP offers methodology, concepts, and statistical tools to understand and standardize processes by reducing sources of variability. An effective “Belt” certification program, considered a maj...
Organizations rely on password-based authentication methods to control access to their Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in such systems, focusing on three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requi...
Purpose
– The purpose of this paper is to investigate the effect of information quality (IQ) on citizens ' trust in e-government systems.
Design/methodology/approach
– This study used a mixed-method approach. In the first phase, the study drew IQ characteristics from the literature pool and then administered a qualitative questionnaire to a sample...
Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Intentional and unintentional users' misuse of information systems (IS) resources represents 50% to 75% of cybersecurity threats. Computer Crime and Security Survey revealed that nearly 60% of security breaches oc...
The modern workplace environment is filled with interruptions due to the necessity of coworkers to communicate with each other. Studies have revealed that interruptions can impact task performance (TP). Communication interruptions are due, in part, to the unavoidable side-effect of using technology to facilitate these interactions. This experimenta...
Network-based applications still rely heavily on password-based authentication methods to control access. In a recent study, a benchmarking instrument was used to assess authentication methods used in such systems. The authors' instrument was built on an extensive literature foundation and was validated with an expert panel assessment. This paper r...
Security and ethical issues with information systems (IS) are important concerns for most organizations. However, limited attention has been given to unethical behaviors and severity of cyber-security attacks, while these instances appear to be critically important. Although managers have been embracing e-learning systems for training and virtual-t...
Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS. This approach explored how authentication practices can be measured in three component areas...
A recent presidential directive mandated that all U.S. government agencies establish a centralized identification system. This study investigated the impact of users? involvement, resistance, and computer self-efficacy on the implementation success of a centralized identification system. Information System (IS) usage was the construct employed to m...
Organizations invest in Information Systems (IS) to help achieve strategic goals and to disseminate knowledge in order to enhance employee productivity. Most individuals consider knowledge as their intellectual property. However, sharing the knowledge about using IS and encouraging others to use IS has received limited attention in research. This s...
There exists a critical relationship between the professor chairing the Ph.D. dissertation commit-tees and his or her Ph.D. students. When problems arise in a Ph.D. program, issues of fairness based on fundamental principles in equity theory can guide both the professor chairing disserta-tion committees and the student to a just resolution. This pa...
A recent presidential directive mandated that all U.S. government agencies establish a centralized identification system. This study investigated the impact of users’ involvement, resistance, and computer self-efficacy on the implementation success of a centralized identification system. Information System (IS) usage was the construct employed to m...
The U.S. Navy continues to be a major developer and procurer of information systems (ISs), yet very limited research has been done to determine the factors that influence technology acceptance by naval personnel. Literature suggests that efforts to embrace information technology in improving decision making and reducing workload depend heavily on t...
Information Systems (IS) effectiveness has been studied over the past three decades, with user satisfaction utilized as a key measure. However, very little attention has been given to the role of user-perceived cognitive value of IS in measuring the effectiveness of such systems. Therefore, this article defines and articulates user-perceived value...
Purpose
Concerns for information security in e‐learning systems have been raised previously. In the pursuit for better authentication approaches, few schools have implemented students' authentication during online exams beyond passwords. This paper aims to assess e‐learners' intention to provide multibiometric data and use of multibiometrics during...
The main focus of this informative article is to bring attention to experimental research in the field of information systems, especially for novice researchers such as doctoral students. In the past three decades, information systems research has been heavily focused on theoretical model development and testing using survey-based methodology. Howe...
The U.S. Navy continues to be a major developer and procurer of information systems (ISs), yet very limited research has been done to determine the factors that influence technology acceptance by naval personnel. Literature suggests that efforts to embrace information technology in improving decision making and reducing workload depend heavily on t...
Information Systems (IS) effectiveness has been studied over the past three decades, with user satisfaction utilized as a key measure. However, very little attention has been given to the role of user-perceived cognitive value of IS in measuring the effectiveness of such systems. Therefore, this article defines and articulates user-perceived value...
Understanding the type of research methods that may best fit a given research agenda can be daunting task for novice researchers. In many instances, the problem can seem to be overwhelm-ing in that the novice does not possess the basic familiarity with the fundamental terms and con-cepts of some of the more commonly used approaches to make an infor...
A recent presidential directive mandated that all U.S. government agencies establish a centralized identification system. This study investigated the impact of users’ involvement, resistance, and computer self-efficacy on the implementation success of a centralized identification system. Information System (IS) usage was the construct employed to...
E-learning is becoming an increasingly important part of higher education institutions. However, instructors' use of e-learning systems in community colleges in the United States is relatively sparse. Thus, the purpose of this study was to investigate some individual factors that may affect instructors' intention to use e-learning systems in commun...
Information Systems (IS) effectiveness has been studied over the past three decades, with user satisfaction utilized as a key measure. However, very little attention has been given to the role of user-perceived cognitive value of IS in measuring the effectiveness of such systems. Therefore, this article defines and articulates user-perceived value...
The U.S. Navy continues to be a major developer and procurer of information systems (ISs), yet very limited research has been done to determine the factors that influence technology acceptance by naval personnel. Literature suggests that efforts to embrace information technology in improving decision making and reducing workload depend heavily on t...
In recent years, the application of Information Technologies (IT) has fostered a tremendous growth in e-learning courses at colleges and universities in the United States. Subsequently, some colleges and universities have reported dropout rates of over 60% in e-learning courses. This research investigated persistence in e-learning courses of 187 co...
Information Systems (IS) effectiveness has been studied over the past three decades, with user satisfaction utilized as a key measure. However, very little attention has been given to the role of user-perceived cognitive value of IS in measuring the effectiveness of such systems. Therefore, this article defines and articulates user-perceived value...
Authenticating users is a continuous tradeoff between the level of invasiveness and the degree of system security. Password protection has been the most widely authentication approach used, however, it is easily compromised. Biometric authentication devices have been implemented as a more robust approach. This paper reports on initial results of st...
The novice researcher, such as the graduate student, can be overwhelmed by the intricacies of the research methods employed in conducting a scholarly inquiry. As both a consumer and producer of research, it is essential to have a firm grasp on just what is entailed in producing legitimate, valid results and conclusions. The very large and growing n...
According to activity theory, activities are at the center of human behavior. Extensive attention has been given in literature to the success and effectiveness of online learning programs. Value theory suggests that human perceived value is a critical construct in investigating what is important to individuals. However, very limited attention has b...
Financial institutions all over the world are providing banking services via information systems, such as: automated teller machines (ATMs), Internet banking, and telephone banking, in an effort to remain competitive as well as enhancing customer service. However, the acceptance of such banking information systems (BIS) in developing countries rema...
The growing use of e-learning systems has been documented by numerous studies (Levy, 2005). Yet in spite of this enormous growth, little attention has been given to the issue of security of e learning systems both in research and in practice. Security of e-learning systems has a unique challenge as these systems are accessed and managed via the Int...
This paper introduces the importance of a well-articulated, research-worthy problem statement as the centerpiece for any viable research. The aim of this work is to help novice researchers under- stand the value of problem-based research by providing a practical guide on the development of a well articulated and viable statement of a research-worth...
A Presidential Directive mandated all U.S. government agencies to establish a centralized identification system (CIS). This study investigated the impact of users' involvement (UI), resistance, and computer self-efficacy (CSE) on the implementation success of a CIS. A survey instrument was developed based on existing measures. Respondents included...
This paper introduces the importance of a well-articulated, research-worthy problem statement as the centerpiece for any viable research. The aim of this work is to help novice researchers understand the value of problem-based research by providing a practical guide on the development of a well articulated and viable statement of a research-worthy...
Numerous studies have been conducted related to dropouts from on-campus and distance education courses. However, no clear definition of dropout from academic courses was provided. Additionally, literature suggest that students attending e-learning courses dropout at substantially higher rates than their counterparts in on-campus courses. However, l...
