Article

Robbing Peter to Pay Paul: Surrendering Privacy for Security’s Sake in an Identity Ecosystem

July 2017
Journal of the Association for Information Systems 18(7):487-515

DOI:10.17705/1jais.00463

Authors:

Robert E. Crossler

Washington State University

Clay Posey

Brigham Young University

Despite individuals’ and organizations’ best efforts, many significant information security threats exist. To alleviate these threats, researchers and policy makers have proposed new digital environments called identity ecosystems. These ecosystems would provide protection against attackers in that a third party intermediary would need to authenticate users of the ecosystem. While the additional security may help alleviate security threats, significant concern exists regarding ecosystem users’ privacy. For example, the possibility of targeted attacks against the centralized identity repository, potential mismanagement of the verified credentials of millions of users, and the threat of activity monitoring and surveillance become serious privacy considerations. Thus, individuals must be willing to surrender personal privacy to a known intermediary to obtain the additional levels of protection that the proposed ecosystems suggest. We investigate the reasons why individuals would use a future identity ecosystem that exhibits such a privacy-security tradeoff. Specifically, we adopted a mixed-methods approach to elicit and assess the major factors associated with such decisions. We show that 1) intrapersonal characteristics, 2) perceptions of the controlling agent, and 3) perceptions of the system are key categories for driving intentions to use ecosystems. We found that trustworthiness of the controlling agent, perceived inconvenience, system efficacy, behavioral-based inertia, censorship attitude, and previous similar experience significantly explained variance in intentions. Interestingly, general privacy concerns failed to exhibit significant relationships with intentions in any of our use contexts. We discuss what these findings mean for research and practice and provide guidance for future research that investigates identity ecosystems and the AIS Bright ICT Initiative.

Internet Privacy Concerns Revisited: Oversight from Surveillance and Right To Be Forgotten as New Dimensions

Article

Feb 2022
INFORM MANAGE-AMSTER

In the post-Snowden revelation era, concerns related to government surveillance and oversight have come to the forefront. The ability of the Internet to remember “everything” (or forget anything) also raises a privacy concern associated with the right to be forgotten (RTBF). In this paper, we examine the conceptualization of Internet privacy concerns (IPC) by extending Hong and Thong's (2013) model with the addition of two dimensions: oversight (i.e., due to surveillance) and the RTBF. We provide theoretical and empirical evidence for our proposed integrated conceptualization. Data were collected from Amazon's Mechanical Turk and analyzed with structural equation modeling using a nomological network that includes trusting beliefs. This research contributes to a better understanding of the conceptualization of IPC and provides a reliable and valid contemporary instrument for IPC.

The Identity Management Value Model: A Design Science Approach to Assess Value Gaps on Social Media: The Identity Management Value Model

Article

Sep 2018

Threats to the individual identity on social media are real and problematic. Yet, there is a paucity of research on online identity management. We posit that identity management on social media requires a value perspective to determine gaps between what social media users want from online identity management and what social media sites offer through their current security and privacy controls. Following the design science research paradigm, we present an Identity Management Value Model (IMVM). Based on multiple‐objectives decision analysis technique, the value model explicates a hierarchy of fundamental identity management objectives and quantifies the achievement of objectives on a social media site. The emergent value scores and value gaps provide an understanding of how well a social media site manages users online identity. We demonstrate the application of the value model for Facebook and assess a set of measures to reduce the value gaps on Facebook. We conducted sensitivity analysis followed by deterministic analysis to evaluate the value model. The evaluation results indicate that the modeling outcome is robust to a range of individual values and preferences. By focusing on individual values, this study extends the research on values in the context of identity management on social media. Social media companies might find the model useful for instituting identity management measures. Individual users could use the model for strategizing about personal identity management. Our study also demonstrates the usefulness of a retrospective design approach, accounting for user values in a principled and comprehensive manner.

Design of Surveillance Technologies and Privacy Concerns

Conference Paper

Jan 2023

Consumer perspectives on information privacy following the implementation of the GDPR

Article

Full-text available

Oct 2021

The General Data Protection Regulation (GDPR) was implemented in the European Union and European Economic Area in May 2018. The GDPR aims to strengthen consumers’ rights to data privacy in the wake of technological developments like big data and artificial intelligence. This was a hot topic for stakeholders, such as lawyers, companies and consumers, prior to the GDPR’s implementation. This paper investigates to what extent consumers are concerned about information privacy issues following the implementation of the GDPR. We present findings from an online survey conducted during spring 2019 among 327 Norwegian consumers, as well as findings from a survey conducted immediately prior to the implementation of the GDPR in spring 2018. We draw the following conclusions: (1) consumers gained significant knowledge about their information privacy from the GDPR, but felt relatively little need to execute their enhanced rights; (2) about 50% of respondents believed themselves to have control over their data, while almost 40% stated that they had no control about their personal data; and (3) consumers largely trusted companies to manage their personal data. These insights are of interest to both academia and to industries that deal with personal data.

Insider Threat: Cognitive Effects of Modern Apathy towards Privacy, Trust, and Security

Conference Paper

Jan 2022

The purpose of this study was to analyze how contemporary social apathy levels towards privacy have changed across time from before the integration of computers into American society. With private information stored in a computational net of digital information, rather than in personal possession and control, there may be signals towards the increase in the “inattentive” insider Threat to cybersecurity. By using the results of sequential privacy index surveys (Westin, 2003; Kumaragru & Cranor, 2005), along with trait and state subjective questionnaires, changes and possible shared factors in attitude towards privacy were evaluated. It was hypothesized that there would be significant evidence for 1) change over time in concern for privacy, 2) high distrust, 2) high apathy, 3) low motivation, 4) difference between privacy group membership and subjective measure factors. These questionnaires were randomly administered to volunteer undergraduate psychology students at the University of Central Florida (UCF) who were compensated with course extra credit through a university system. The results of this study suggested that privacy concern has lowered over time, there was an overall high level of subjective apathy, and high level of instrumental motivation, which was correlated with the level of privacy concern. This research is looking for indicators of lower concern for privacy, to mitigate the inattentive insider threat in the workplace. Future phases of this research will use the same privacy and subjective questionnaires with the addition of an Implicit Association Test (IAT) for privacy and apathy in the primed and unprimed positions. This research will be used to validate an IAT for privacy, conduct a cross-factor analysis of privacy concern, state, and traits, along with testing for the ability to prime privacy concern.

The multidimensional nature of privacy risks: Conceptualisation, measurement and implications for digital services

Article

Full-text available

Apr 2022
INFORM SYST J

While today consumers benefit from personalised service offerings, they are also understandably concerned about the privacy risks generated by disclosing their personal information online. We know that such perceived risks in general shape behaviour, but we know little about what specific privacy risks obstruct the use of digital services, making it difficult to implement technologies that could mitigate these risks. Based on qualitative and quantitative studies involving over 1000 participants, we conceptualise and quantify a multidimensional perspective on privacy risks consisting of physical, social, resource‐related, psychological, prosecution‐related, career‐related and freedom‐related privacy risks. Our results explicate the prospects of distinguishing privacy risk dimensions by demonstrating how they are differently pronounced across contexts and how technology designs can be tailored to assuage them. Thus, our findings improve the understanding of context and service‐specific privacy risks, helping managers to adjust their digital offerings to mitigate users' privacy risk perceptions.

Toward an Understanding of the Antecedents to Health Information Privacy Concern: A Mixed Methods Study

Article

Full-text available

Dec 2021
INFORM SYST FRONT

As personal health information is digitized and entrusted to healthcare professionals and the technology vendors that manage health information systems (e.g., electronic health records), questions continue to arise regarding how this information is used and protected. By understanding what factors shape people’s health information privacy concerns (HIPCs), organizations can better manage reactions and concerns regarding the use of new technologies and guidance can be produced to help people better protect their health information. We conduct a mixed methods study to examine antecedents to HIPC and find that individuals’ characteristics, perceptions, and experiences all play important roles in shaping HIPC. We also show that users who report high HIPC are less likely to allow their health information to be included in an electronic health record system. The study is conducted using Irish respondents and thus provides a European perspective from a country in which health information systems are not yet widespread.

"Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data"

Article

Full-text available

Jan 2019
J ASSOC INF SYST

An ever growing variety of smart, connected Internet of Things (IoT) devices poses completely new challenges for businesses regarding security and privacy. In fact, the adoption of smart products may depend on the ability of organizations to offer systems that ensure adequate sensor data integrity while guaranteeing sufficient user privacy. In light of these challenges, previous research indicates that blockchain technology could be a promising means to mitigate issues of data security arising in the IoT. Building upon the existing body of knowledge, we propose a design theory, including requirements, design principles, and features, for a blockchain-based sensor data protection system (SDPS) that leverages data certification. To support this, we designed and developed an instantiation of an SDPS (CertifiCar) in three iterative cycles intented to prevent the fraudulent manipulation of car mileage data. Following the explication of our SDPS, we provide an ex post evaluation of our design theory considering CertifiCar and two additional use cases in the areas of pharmaceutical supply chains and energy microgrids. Our results suggest that the proposed design ensures the tamper-resistant gathering, processing, and exchange of IoT sensor data in a privacy-preserving, scalable, and efficient manner.

Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data

Article

Full-text available

Mar 2019
J ASSOC INF SYST

A constantly growing pool of smart, connected Internet of Things (IoT) devices poses completely new challenges for business regarding security and privacy. In fact, the widespread adoption of smart products might depend on the ability of organizations to offer systems that ensure adequate sensor data integrity while guaranteeing sufficient user privacy. In light of these challenges, previous research indicates that blockchain technology may be a promising means to mitigate issues of data security arising in the IoT. Building upon the existing body of knowledge, we propose a design theory, including requirements, design principles, and features, for a blockchain-based sensor data protection system (SDPS) that leverages data certification. We then design and develop an instantiation of an SDPS (CertifiCar) in three iterative cycles that prevents the fraudulent manipulation of car mileage data. Furthermore, we provide an ex-post evaluation of our design theory considering CertifiCar and two additional use cases in the realm of pharmaceutical supply chains and energy microgrids. The evaluation results suggest that the proposed design ensures the tamper-resistant gathering, processing, and exchange of IoT sensor data in a privacy-preserving, scalable, and efficient manner.

Are Consumers Concerned About Privacy? An Online Survey Emphasizing the General Data Protection Regulation

Article

Full-text available

Jan 2018

A Typology and Model of Privacy-and Security-Concerned Users' Attitudes towards Digital Footprints and Consequent Influence on their Social Media Adaptation

Article

Full-text available

Oct 2024
J ASSOC INF SYST

How users with privacy and security concerns engage with social media in light of their perceptions of risks associated with their digital footprints is a critical question for research and practice. Using a mixed-methods approach, we examined privacy-and security-related concerns of social media users and their subsequent adaptation behaviors in two studies. The first study, a qualitative enquiry, helped us develop a 2x2 matrix of four groups of social media users with respect to their privacy-and security-related attitudes characterized as careless, carefree, conscious, and cautious. A conceptual model comprised of eight hypotheses was developed based on the qualitative study that captures the relationship between privacy-and security-related attitudes and social media adaptation behaviors. The second study, a quantitative study, tested the model and revealed that users with careless and carefree attitudes were likely to explore social media to maximize benefits and exploit certain applications, while cautious users were likely to avoid using social media. The findings were inconclusive for conscious users' adaptation behaviors, however. This could be due to their systematic and informed decision making, which is likely to have contextual variability. We contribute by offering a clear and coherent typology and model of privacy-and security-concerned users' attitudes and social media adaptation behaviors.

Unraveling trust management in cybersecurity: insights from a systematic literature review

Article

Full-text available

Aug 2024
INFORM TECHNOL MANAG

This paper presents the findings of a systematic literature review aimed at elucidating the key anchors, strategies, methods, and techniques pertinent to trust management (TM) in cybersecurity. Drawing upon a meticulous analysis of 106 scholarly papers published between 2001 and 2024, the review offers a comprehensive overview of TM in cybersecurity practices in diverse cyber contexts. The study identifies seven foundational anchors crucial for effective TM frameworks: authentication, authorization, access control, privacy protection, monitoring and auditing, encryption and cryptography, risk management, and iterative and interactive trust processes. Additionally, ten overarching strategies emerge from the synthesis of literature, encompassing identity and access management, role-based access control, least privilege principle, digital certificates or public key infrastructure, security policies and procedures, encryption and data protection, continuous monitoring and risk assessment, vendor and third-party risk management, compliance management and continuous collaboration. Furthermore, the review delineates several methods instrumental in TM processes, and various techniques augmenting these methods were also identified, ranging from trust scoring algorithms and trust aggregation mechanisms to trust reasoning engines and trust-aware routing protocols. The synthesis of literature not only elucidates the multifaceted nature of TM in cybersecurity presented in a framework but also underscores the evolving strategies and technologies employed to establish and maintain trust in dynamic digital ecosystems. By providing a comprehensive overview of anchors, strategies, methods, and techniques in TM in cybersecurity. This review offers valuable insights for practitioners, researchers, and policymakers engaged in enhancing trustworthiness and resilience in contemporary cyber environments.

An Empirical Investigation of The Unintended Consequences of Vulnerability Assessments Leading to Betrayal

Article

Jan 2024
J ASSOC INF SYST

When cybersecurity units conduct vulnerability assessments to evaluate the security of organizations, they can have unintended consequences for employees. Although cybersecurity personnel may view tactics such as fake phishing attacks and email scanning as protective measures, employees may view them as threats because being singled out as a security risk can harm their standing in the organization. To understand the implications of vulnerability assessments, we examine how organizations’ use of different tactics to identify user vulnerabilities can lead employees to feel betrayed by the cybersecurity unit, resulting in negative cybersecurity outcomes. Drawing on the theory of betrayal aversion, we develop a model that shows that when employees perceive these tactics as harmful, they can lead to an affective state of cybersecurity betrayal, resulting in a damaged relationship with the cybersecurity unit. In collaboration with an organization’s cybersecurity unit, we evaluated our model using an experimental vignette survey, post hoc interviews, and a crosssectional survey with two samples (i.e., employees in the organization and employees from a panel). We found that when organizations conduct vulnerability assessments to enhance cybersecurity, they often induce an affective state of betrayal and increase employees’ active resistance to cybersecurity (i.e., abandonment, avoidance, and sabotage of cybersecurity policies, technologies, and units). The paper concludes with implications for research and practice that explain the unintended consequences of vulnerability assessment and betrayal.

Explaining the digital divide in the European Union: the complementary role of information security concerns in the social process of internet appropriation

Article

May 2023

Most theoretical and empirical explanations of the generation of digital divides have been integrated into the resources and appropriation theory, which proposes a sequential model reflecting a socially unequally distributed digital divide. The unequal social distribution is reflected in internet use that is sequentially influenced by motivations/attitudes, physical access, and digital skills. We extend the sequential model by exploring the complementary role of information security concerns in producing the digital divide. Using a predictive approach, we tested a comprehensive partial least squares-structural equation model with data from a European Union survey, finding that information security concern is another significant determiner of the digital divide. Heterogeneity in social internet appropriation can be summarized in social mechanisms explained by education and age among well-educated Europeans, and by country digital development among less well-educated Europeans. We conclude with a discussion of theoretical and policy implications of our findings.

Beyond Paper and Plastic: A Meta-Model for Credential Use and Governance

Conference Paper

Full-text available

May 2023

ID cards, public transport tickets, and diplomas are examples of credentials that society has established as a means to provide trustworthy information to others. In the digital world, the emergence of self-sovereign identity as a new paradigm for the management of digital credentials aims to narrow the conceptual gap between digital and physical credentials. The ongoing digital transformation in the public sector requires dealing with a large variety of credentials in different forms systematically. However, there is still currently no generic conceptual model of credentials in the Information Systems (IS) discipline. We employ design science research to develop a unified meta-model on credentials, their use, and their governance. Our results contribute to research through an empirically grounded conceptualization of credentials and provide practitioners with a common basis to capture, analyze, and design the handling of credentials in real-world scenarios.

Becoming a blockchain user: understanding consumers’ benefits realisation to use blockchain-based applications

Article

Full-text available

Jan 2023

Data breaches and cyber incidents are on the rise, and companies continually research new technologies to defend against attacks and protect customer data. The blockchain is a data store designed to promote data privacy, as well as transaction integrity. Enterprises in several industries, especially banking, have investigated the implementation of blockchain-based databases to replace centralised databases as one mechanism for protecting customers’ data by separating transactional data from personally identifiable information. Despite the blockchain’s privacy protections, consumers remain largely unaware of these benefits. Building on the Health Belief Model (HBM), we include privacy concerns and inertia as critical factors that influence consumers’ perceptions of blockchain-based databases’ benefits. Using a sample of 304 respondents, we test a theoretical model incorporating these factors. Our study results indicate threat severity, threat susceptibility, awareness, and inertia significantly influence the perceived benefits of blockchain, which has a significant positive influence on consumers’ intention to switch to blockchain-based applications. Although consumers’ comfort with the status quo of traditional banking mechanisms is a significant barrier to the realisation of blockchain banking applications benefits, additional awareness of consumer privacy protections can persuade customers to use the blockchain-based applications, especially if they exhibit heightened privacy concerns.

Exploring the Competing Influences of Privacy Concerns and Positive Beliefs on Citizen Acceptance of Contact Tracing Mobile Applications

Article

Full-text available

Apr 2021
COMPUT HUM BEHAV

The continued proliferation of information technology in all aspects of our lives fosters benefits but also generates risks to individuals’ privacy. In emerging contexts, such as government surveillance technologies, there is a dearth of research investigating the positive and negative drivers of citizens’ acceptance. This is an important gap given the importance of citizen acceptance to the success of these technologies and the need to balance potentially wide-reaching benefits with any dilution of citizen privacy. We conduct a longitudinal examination of the competing influences of positive beliefs and privacy concerns on citizens’ acceptance of a COVID-19 national contact tracing mobile application among 405 Irish citizens. Combining privacy calculus theory with social exchange theory, we find that citizens’ initial acceptance is shaped by their perceptions of health benefits and social influence, with reciprocity exhibiting a sustained influence on acceptance over time and privacy concerns demonstrating a negative, albeit weak influence on willingness to rely on the application. The study offers important empirical and theoretical implications for the privacy literature in the government surveillance, location-based services, and mobile health application contexts, as well as practical implications for governments and developers introducing applications that rely on mass acceptance and reciprocal information disclosure.

Choose your own training adventure: Designing a gamified SETA artefact for improving information security and privacy through interactive storytelling

Article

Full-text available

Aug 2020

Online self-disclosure (OSD) on social networking sites can leave individuals and organisations vulnerable to security threats. Following a design science research (DSR) method, we created a gamified, “choose your own adventure” style security education, training, and awareness (SETA) artefact using two formats: text and visual. Both artefacts were designed to identify the security threats that trainees are most susceptible to, debrief them about the threat and its potential consequences, and facilitate behaviour change by letting trainees re-evaluate their decisions. Using a longitudinal randomised controlled experiment, we compared these two artefacts to no intervention and traditional security warning emails by assessing both instrumental (changes in attitudes, intentions, and OSD behaviour) and experiential (memorability and user experience) outcomes. Our survey of 1,718 employees showed that the text-based artefact was better at improving instrumental outcomes, and the visual-based artefact was better at improving experiential outcomes. This study provides a more granular understanding of the linkages between technology artefacts and human experiences through the application of design science thinking. The findings contribute to DSR by developing design principles, testable propositions, and realistic performance evaluation metrics for gamified SETA artefacts, and present practical recommendations for regulating employees’ information security and privacy behaviours inside and outside the workplace.

How Do Manufacturing Enterprises Construct E-Commerce Platforms for Sustainable Development? A Case Study of Resource Orchestration

Article

Full-text available

Aug 2020

The existing literatures mainly focus on the pricing, strategic significance and sustainable development characteristics of the e-commerce platform, and lack deep research on mechanisms in the process of construction like main structure of recourses and driving force. This paper takes Haier as a Chinese example and explores how manufacturing enterprises create and develop the sustainable e-commerce platform. The research findings show that: (1) An e-commerce platform respectively carries the functions of sales channels, service differences and innovation incubation in different stages of the manufacturing enterprises’ sustainable development; (2) For managing e-commerce platform of manufacturing enterprises’ sustainable development, resource orchestration can effectively realize the integration of value creation and resource; (3) Finally, it further reveals that the driving power which resource orchestration continuously promotes for the sustainable e-commerce platforms to construct is from the co-creation value of manufacturers and users. This paper discusses the structure of e-commerce platforms based on the main characteristics of each resource, and systematically explores the mechanism and evolutionary driving force of resource orchestration to promote the construction of e-commerce platforms for the sustainable development. It complements and enriches the innovation ecosystem and resource orchestration theory, providing significant practical guidance to the sustainable development of manufacturing enterprises.

“To protect my health or to protect my health privacy?” A mixed‐methods investigation of the privacy paradox

Article

May 2020

Grace Fox

This paper examines the role of privacy in the health context by investigating the influence of privacy concerns and perceived benefits on individuals' acceptance of health technologies used by healthcare providers and their own adoption of mobile health technologies. The study adopts a two‐stage sequential mixed‐methods design. The first stage is a quantitative survey of 447 citizens from two countries. The second stage involves 50 qualitative interviews which further untangle the roles of privacy concern and benefits. The integrated findings provide evidence that a privacy paradox exists. While individuals continue to express a high desire for privacy, their consideration of the benefits and privacy concerns prior to adoption is largely skewed toward the benefits, due to a lack of privacy knowledge, emphasis on immediate gratification, overestimation of the benefits, and underestimation of the risks. The study further extends the privacy calculus theory to the health context and acknowledges the factors impacting this comparison of benefits and privacy concerns prior to and postadoption of a new technology. The study provides actionable insights for practice, highlighting the importance of privacy education to foster awareness and control mechanisms to negate the potential negative effects of privacy concern.

Privacy Concerns and Benefits of Engagement with Social Media-enabled Apps: A Privacy Calculus Perspective

Article

Jun 2020
COMPUT HUM BEHAV

Privacy threats in a social media-enabled application (app) can originate from either the institution or other app users. Although privacy in social media is well studied, the role of social (peer) privacy concerns is largely unknown and most privacy studies on mobile apps focus on initial adoption and ignore long-term behavioral outcomes. Drawing on the privacy calculus theory, this study examines the impact of both institutional and social privacy concerns on long-term user engagement with social media-enabled apps. Findings from the analysis of 354 survey responses reveal that both institutional and social privacy concerns decrease engagement. Regarding the antecedents, the perceived sensitivity of information increases institutional privacy concerns. However, social privacy concerns is influenced by the perception of risk and control. Moreover, while the impacts of social and enjoyment benefits are expectedly positive, the perception of efficiency benefits decreases engagement. These findings are further investigated and validated through a follow-up text analysis study, suggesting that users who enjoy the functionality of these apps are more likely to express social privacy concerns and minimize their engagement. This study contributes to the literature of privacy on mobile apps by unraveling the intricate dynamics of privacy concerns and benefits in the social mobile era.

Privacy Calculus

Thesis

Full-text available

Nov 2017

Tobias Mini

The Privacy Calculus theory states that individuals always rationally weigh the potential benefits and potential risks of data disclosure decisions. The rational assumption, however, often turns out to be wrong. The scientific literature has identified some influencing factors. These can be, for example, emotions or the current mood. In addition, there are thinking styles such as the need for cognition or faith into intuition. Also, the framing of a message, status quo bias, anchoring effect, positivity bias, or peer pressure (herding effects and affective commitment) can lead to irrational data disclosure decisions. The trustworthiness and reputation (in particular the possibly resulting halo effect) can additionally lead to decisions with little cognitive effort. To identify contextual adjustments of the Privacy Calculus theory, expert interviews were conducted with ten Internet users. Respondents feel well informed about the potential benefits, but not about risks. However, information is often difficult to read, too long or not clear. Rational data disclosure decisions are more likely to be made in sensitive contexts (e.g. finance or health care), and irrational decisions tend to be made in less-sensitive contexts (e.g. social networks or e-commerce), with respondents focusing primarily on emotions, peer pressure, or trust and reputation. To investigate the impact of Privacy Calculus decisions on firm performance, a survey was conducted with 12 internet firms. Most companies explicitly consider privacy-specific characteristics when designing their products, but more likely to show the benefits than the risks of data disclosure. The Privacy Calculus theory is almost completely unknown in practice. However, if it is known, it will also be used to develop the privacy policy, business strategy and business model. However, most companies do not see an impact of Privacy Calculus decisions on firm performance.

The whole of cyber defense: Syncing practice and theory

Article

Dec 2024
J STRATEGIC INF SYST

Blockchain-driven Decentralized Identity Management: An Interdisciplinary Review and Research Agenda

Article

Aug 2024
INFORM MANAGE-AMSTER

Information Security Research in the Information Systems Discipline: A Thematic Review and Future Research Directions

Article

Jul 2024

Information security continues to grow in importance in all aspects of society and therefore evolves as a prevalent research area. The information systems (IS) discipline offers a unique perspective to move this stream of literature forward. Using a semiautomated thematic analysis approach based on the topic modeling technique, we review a broad range of information security literature to investigate how we may integrate and advance our understanding of information security. Our analysis reveals four major themes, including information security policy (ISP) compliance, motivations and susceptibility, software security decisions, and firm security strategy. We also identify a theme of security in broader contexts, in which studies consider the societal impacts of information security and online hacker behavior. This review contributes to IS literature by 1) synthesizing the broad range of information security research published in the top journals of the field, moving beyond prior reviews focusing on a narrower scope such as individual ISP compliance; 2) identifying major themes and proposing an overarching research framework encompassing these themes and their interconnections, allowing us to envision future research directions; and 3) enumerating a semiautomated topic modeling approach that other researchers can employ.

A qualitative systematic review of trust in technology

Article

May 2024

Although many information systems (IS) scholars have researched the antecedents and consequences of trust in technology, the sheer amount of work published, authors’ use of inconsistent construct terms, and variations in conceptualization and measurement make it difficult to compare and aggregate findings across studies. To provide scholars with an overview of the literature, we performed a systematic qualitative review of the IS literature. The goal of our review was to identify the antecedents and consequences of trust in technology that have received frequent empirical support, as well as those for which the evidence is not yet conclusive. To that end, we curated a glossary of unique construct terms and summarized the results of 241 relationships tested in 62 empirical research articles (both quantitative and qualitative) from the AIS “Basket of Eight” journals. From these, we identified 62 unique relationships: 22 are well-supported, 6 are supported by suggestive evidence, and 34 have received little support. These relationships summarize what is well-known and less well-known within the literature. By taking stock, we prepare a path for future research on the phenomenon of trust in the context of emerging technologies (e.g., artificial intelligence and blockchain). We conclude the paper with opportunities and directions for future research.

IT’s a Matter of Trust: Literature reviews and analyses of human trust in information technology

Article

Jan 2024

In this paper, we review and analyze two literatures on the construct of human trust in IT artifacts and in the entities that source, operate, and govern IT. The first literature review focuses on defining of the construct of trust across a range of disciplines. Our analysis of this literature identified 13 assumptions about the nature of trust. The assumptions illustrate the complexities of human trust. The second literature review focused on 214 empirical studies of the construct of trust published in the AIS Senior Scholars’ Basket of Eight journals. We analyze this literature to identify IS scholar’s most common assessments of trust from qualitative studies and most common measures of trust from quantitative studies. As a cumulative body of knowledge, IS scholars have deeply examined different types of trust. IS scholars have also extensively examined the assumption that trust is dynamic, as evidenced by the many qualitative papers that examined trust as a process, and trust in Web2 technologies, which are characterized by centralized applications and centralized governance. While the IS scholarly community has established a substantial tradition around the construct of trust, there is still interesting work to be done. With recent releases of open generative AI and with the rise of Web3 technologies like blockchains that purport to be “trustless”, the construct of trust in IT needs to be re-examined in these emerging contexts. We also encourage more research on trust in bi-directional relationships, on the limits of transitive trust, and on the construct of distrust.

A comparison of project control standards based on network analysis

Article

Full-text available

Oct 2021

Project control is a crucial function in project management. Over the years, several best practice standards have been developed to assist project managers in improving project control. The objective of this paper is to compare three prominent best practice models of PMBOK, PRINCE2, and the AACE framework with respect to the core processes of project control. Network analysis is used to achieve this objective. The results show that influential and linkage processes, such as Control quality, Review the stage status, Forecasting, and Change management have the most significant impacts on the complexity of the project control function. This work has the potential to help rethink the project control function by creating a more global view of the most central and critical processes for project control, from which enhancement in the ability to control the project can be drawn.

The Paradoxical Impact of Information Privacy on Privacy Preserving Technology: The Case of Self-Sovereign Identities

Article

Full-text available

Mar 2023
Int J Innovat Tech Manag

Advance of digital technologies brings great benefits but takes users at risk of the dark sides of the internet. Preventive mechanisms and privacy-preserving solutions could overcome this challenge. As such, self-sovereign identities (SSIs) provide users with increased control over personal information. However, users neglect their privacy in favor of the most convenient solution. In this paper, we empirically examine how information privacy influences adoption of SSIs. Our results contradict the existing theory that privacy is critical to the success of identity management (IdM) systems. Analogous to the privacy paradox, the study does not lend empirical support that perceived privacy has an impact on the adoption of an SSI. On the contrary, these findings contradict the prevailing view of privacy as a key factor for IdM systems and contribute to knowledge on privacy and adoption behavior.

Mixed-Methods in Information Systems Research: Status Quo, Core Concepts, and Future Research Implications

Article

Jan 2022

Mixed-methods studies are increasing in information systems research, as they deliver robust and insightful inferences combining qualitative and quantitative research. However, there is considerable divergence in conducting such studies and reporting their findings. Therefore, we aim (1) to evaluate how mixed-methods studies have developed in information systems research under the existence of heavily used guidelines and (2) to reflect on those observations in terms of potential for future research. During our review, we identified 52 mixed-methods papers and quantitatively elaborated on the adherence to the three core concepts of mixed-methods in terms of purpose, meta-inferences, and validation. Findings discover that only eight adhere to all three of them. We discuss the significance of our results for current and upcoming mixed-methods research and derive specific suggestions for authors. With our study, we contribute to mixed-methods research by showing how to leverage the insights from existing guidelines to strengthen future research and by contributing to the discussion of the legislation associated with research guidelines, in general, presenting the status quo in current literature.

The Convergence of Emerging Digital Technologies - Examining the Interplay of the Internet of Things and Distributed Ledger Technology

Thesis

Full-text available

Apr 2021

Jannik Lockl

Digitalization is driven by the fast emergence and adoption of digital technologies (DTs), the questioning of societal conventions and the adjustment of organizational routines. DTs play a visible role in our daily lives, both on an organizational and indeed on an individual level. Despite extensive efforts in research and industry, questions remain unanswered, be they about theoretical underpinnings or their respective influence on practical use. This lack of a thorough understanding limits the scientific discourse and denies practical users the full value of DTs. To fill in this research gap, the cumulative doctoral thesis contains within these pages comprises five research articles which examine the two DTs that are the Internet of Things (IoT) and distributed ledger technology (DLT). Upon examining each of these technologies in their own right, the subsequent sections of this dissertation will shed light on the convergence of these DTs, their implementation, and their adoption. The thesis covers questions of research as well as challenges in practice. It is thus relevant to researchers and practitioners alike. The IoT connects physical objects with the digital world through sensors, networking capabilities, and digital logic. To a large extent, the IoT builds on smart things, the term ‘smart’ commonly being used to describe the features and capabilities of such things. However, a clear understanding of smartness as one of the key concepts of the IoT has not been defined as of yet. The subsequent thesis addresses this knowledge gap by proposing the concept of a ‘smart action’ and deriving from it a general definition of smartness (research article #1). DLTs are distributed and physically decentralized databases which store information in a tamper-resistant way. For a decade, research on DLT was technology-driven, but nowadays it faces the challenge that technological progress was largely unaware of regulatory boundaries. After all, establishing rules and conventions of compliance is essential for the practical use of DLT. That is why this thesis conceptualizes how DLT could be designed to comply with the GDPR (research article #2). The IoT, much like DLT, are DTs that affect systems at the data layer. With a firmer grasp of the mutual influence of these DTs, DLT could serve as a storage for data generated by smart things of the IoT. The effects and interdependencies resulting from such a convergence of both DTs are, however, still unknown. To resolve this problem, research article #3 is an attempt to identify certain design principles for the development of a DLT-based IoT system. Although the convergence in question offers multiple opportunities for a variety of organizations, many of them have to date struggled to gain value from digitalization and successfully embed DTs in their processes. With regard to the implementation of DTs, research article #4 then provides a success model for process digitalization projects by highlighting factors that drive the success of such implementation projects. Throwing a glance at the users reveals that products and services based on DTs are often hard to comprehend and suffer from lacking adoption. As such a novel technological concept at the intersection of the IoT and DLT, a self-sovereign identity enables users to manage their digital identities in a privacy-preserving manner. To explain and predict its use, research article #5 investigates the effect of information privacy on the adoption of a self-sovereign identity.

Watchers, Watched, and Watching in the Digital Age: Reconceptualization of it Monitoring as Complex Action Nets

Article

Nov 2020

Despite increasing studies on IT monitoring, our understanding of how the relationships between the watcher and watched are affected by IT-mediation has remained limited in two areas. First, contradictory views exist on the relationships between the watchers and the watched. Studies either adapt traditional actor-centric frameworks assuming pre-defined watcher-watched relationships (e.g., panopticon or synopticon) or remove monitoring actors from the central focus to develop models based on data flows (e.g., dataveillance, assemblages, panspectron). Second, IT monitoring research has predominantly shared the assumptions of IT artifacts as stable objects, the use of which can be bounded and designed. To address these limitations, we develop a concept and framework of veillance applicable to a variety of possible IT or non-IT-mediated relationships between the watcher and the watched. We conduct a literature review with the proposed framework in order to identify IT-enabled transformations to the actors, goals, mechanisms and foci involved in monitoring. Based on our findings, we develop an action net model of IT veillance that aligns with theorization of IT artifacts as equivocal, distributable and open for uses, with edits and contributions by unbounded sets of heterogenous actors having diverse goals and capabilities. We define the action net of IT veillance as a flexible decentralized interconnected web shaped by watcher-watched relationships which are multidirectional, enabling multiple dynamic goals and foci. Cumulative contributions by heterogenous participants organize, impact on and manipulate the net through influencing dispositions, visibilities and the inclusion/exclusion of self and others. The proposed model makes three important theoretical contributions to our understanding of IT monitoring of watchers and watched and their relationships. We discuss implications and avenues for future studies on IT veillance.

ECIS2019-RP-Socio-Technical-Inertia-Beyond-Resistance-Review-Appendix.pdf

Data

Full-text available

Jul 2019

Alexander M. Schmid

This document oultines the results of a structured review of the literature on “socio-technical inertia”, replicating and extending the one by Schmid et al. (2017). An initial search revealed that the phenomenon lacks conceptual clarity in research. Neither in organizational studies nor in the field of Information Systems (IS) research could an unambiguous, established definition be found. This is remarkable, given that the notion of organizational inertia is latently present in both fields. In that light, we use the following working definition for the phenomenon: socio-technical inertia denotes the relative unresponsiveness to changes in the organizational environment due to path-dependent, internal consistencies among social and material entities, as well as their dynamic interaction. We build this definition, among others, on the recent work of Besson and Rowe (2012), Rowe et al. (2017) and Schmid et al. (2017).

Falsifying and withholding: exploring individuals’ contextual privacy-related decision-making

Article

Nov 2018
INFORM MANAGE-AMSTER

As firms rely increasingly on “big data” to segment and target current and potential customers, the challenge of data falsification—individuals providing incorrect personal data in response to requests—is becoming a significant problem. Based on public opinion surveys, within some demographic groups, over three-quarters of individuals confirm that they have given inaccurate information in response to data requests. Obviously, firms that embrace a covert assumption of honesty in online data disclosures are deluding themselves and are likely falling into the trap of “garbage in, garbage out” in their segmenting and targeting. Despite the frequency and importance of falsification, however, it has received scant attention in the privacy research stream. Most researchers focus on the act of disclosure (and its counter-construct, withholding of data) and overlook that many of the data elements being disclosed may in fact be falsified. To address this weakness in the literature stream, we develop a nomological model that predicts both falsification and withholding behavior, and we test it using a sample collected with the assistance of an online panel provider. We find strong support for the model and show how context could play a significant role in moderating some of the proposed relationships. We then discuss important implications for practice and research.

Intervention Effect Rates as a Path to Research Relevance: Information Systems Security Example

Article

Apr 2018
J ASSOC INF SYST

In the current information systems security (ISS) research, new theory contributions are especially valued. This research typically reflects the following formula: Suggest a new theory (or set of constructs) of ISS and show that it is empirically supported, then suggest another new theory (or set of constructs with some linkages) and show that it is empirically supported, and so on. Despite the merits of this approach, it leaves out many important scientific aspects. For example, after more than 30 years of ISS research, (1) we know little about the conditions and situations to which new theories (or constructs) do not apply; (2) we do not know which new theories are more effective than others in solving an ISS problem; and (3) we have not demonstrated that our best research, or new theoretical contributions, can beat industry best practices or practitioners’ intuitive approaches. We suggest that ISS research be examined in terms of long-term research programs comprising four levels: metalevel research, basic research, applied research, and postintervention research. The ultimate success of such programs does not entail new theories, “contextualized theories,” or adding IT artifacts to theories; rather, it hinges on the question of which program can demonstrate the best intervention effect rate for a given ISS problem. The lack of demonstrated intervention effectiveness (e.g., by showing treatment effect rates) is one important inhibitor that may prevent ISS research from achieving relevance in practice. Without reporting such evidence, ISS research cannot overpower the folklore, fads, or industry “best practices” that often guide operations. With such treatment effect rates, evidence-based practice may become more justifiable. We believe that our ideas also can be applied to information systems research in general.

Why Security and Privacy Research Lies at the Centre of the Information Systems (IS) Artefact: Proposing A Bold Research Agenda

Article

Full-text available

Nov 2017

In this essay, we outline some important concerns in the hope of improving the effectiveness of security and privacy research. We discuss the need to re-examine our understanding of information technology (IT) and information system (IS) artefacts and to expand the range of the latter to include those artificial phenomena that are crucial to information security and privacy research. We then briefly discuss some prevalent limitations in theory, methodology, and contributions that generally weaken security/privacy studies and jeopardise their chances of publication in a top IS journal. More importantly, we suggest remedies for these weaknesses, identifying specific improvements that can be made and offering a couple of illustrations of such improvements. In particular, we address the notion of loose re-contextualisation, using deterrence theory (DT) research as an example. We also provide an illustration of how the focus on intentions may have resulted in an underuse of powerful theories in security and privacy research, because such theories explain more than just intentions. We then outline three promising opportunities for IS research that should be particularly compelling to security and privacy researchers: online platforms, the Internet of things (IoT), and big data. All of these carry innate information security and privacy risks and vulnerabilities that can be addressed only by researching each link of the systems chain, that is, technologies–policies–processes–people–society–economy–legislature. We conclude by suggesting several specific opportunities for new research in these areas.

Creative Destruction as Sociomaterial Becoming: Insights from the Entrepreneurial Processes

Conference Paper

Jun 2014

Fear Appeals and Information Security Behaviors: An Empirical Study

Article

Full-text available

Sep 2010

Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However, within the context of computer security and information assurance, it is not yet clear how these fear-inducing arguments, known as fear appeals, will ultimately impact the actions of end users. The purpose of this study is to investigate the influence of fear appeals on the compliance of end users with recommendations to enact specific individual computer security actions toward the mitigation of threats. An examination was performed that culminated in the development and testing of a conceptual model representing an infusion of technology adoption and fear appeal theories. Results of the study suggest that fear appeals do impact end user behavioral intentions to comply with recommended individual acts of security, but the impact is not uniform across all end users. It is determined in part by perceptions of self-efficacy, response efficacy, threat severity, and social influence. The findings of this research contribute to information systems security research, human computer interaction, and organizational communication by revealing a new paradigm in which IT users form perceptions of the technology, not on the basis of performance gains, but on the basis of utility for threat mitigation.

Bridging the Qualitative-Quantitative Divide: Guidelines for Conducting Mixed Methods Research in Information Systems

Article

Full-text available

Mar 2013

Mixed methods research is an approach that combines quantitative and qualitative research methods in the same research inquiry. Such work can help develop rich insights into various phenomena of interest that cannot be fully understood using only a quantitative or a qualitative method. Notwithstanding the benefits and repeated calls for such work, there is a dearth of mixed methods research in information systems. Building on the literature on recent methodological advances in mixed methods research, we develop a set of guidelines for conducting mixed methods research in IS. We particularly elaborate on three important aspects of conducting mixed methods research: (1) appropriateness of a mixed methods approach; (2) development of meta-inferences (i.e., substantive theory) from mixed methods research; and (3) assessment of the quality of meta-inferences (i.e., validation of mixed methods research). The applicability of these guidelines is illustrated using two published IS papers that used mixed methods. Copyright © 2013 by the Management Information Systems Research Center (MISRC) of the University of Minnesota.

Internet Censorship in China

Article

Full-text available

Nov 2015
ACM T COMPUT-HUM INT

Internet censorship has been a popular topic both in academia and in the popular press. A fundamental question that has not been fully addressed is how censorship is perceived by people who experience it. A person may exhibit pro- or anti-censorship attitudes, but it is possible that (s)he may not even be aware of its existence. In this study, we report results of a large-scale survey on Chinese Internet users' experiences with Internet censorship. The results show that users' demographic backgrounds, Internet usage experience, and personality influence their attitudes toward censorship. Those who score high on authoritarian personality measures tend to support censorship. Attitudes toward censorship change so that over time it is viewed as more normal, which suggests a “normalization” process. We discuss how these findings can generalize beyond the Chinese context to other societies in which Internet censorship can exist.

Theorizing in Information Systems Research Using Focus Groups

Article

Full-text available

May 2012

France Belanger

Information Systems researchers have embraced a number of qualitative research approaches and methodologies, including interviews, observations, and even action research. One research method gaining visibility in IS research is the focus group research method. Focus groups have the potential to provide great insights into phenomena of interest to IS researchers as they allow researchers to get deeper into the topic of interest by providing more background information about the circumstances of the subject's answers or opinions. This paper presents a review of focus group research in the information systems literature, and provides a discussion of how and when the focus group research method can be the most appropriate method to use for IS theorizing. The discussion highlights the idea that the focus group research method is particularly useful for exploratory research on topics where concepts normally emerge through interactions among individuals or where concepts are initially unclear to participants, and as part of a multi-method research program for theory development. Examples of focus groups used in theory development are provided, together with a discussion of the limitations of the research method.

The Structure and Function of Collective Constructs: Implications for Multilevel Research and Theory Development

Article

Full-text available

Apr 1999

We address gaps in the multilevel organizational theory development literature by critically examining the structure and function of collective constructs. Structure emerges from interaction and can, over time, come to influence systems of interaction. Functions represent the causal outputs of constructs and provide a mechanism for integrating constructs across levels. We then discuss implications arising from this perspective and present a set of guidelines for multilevel research and theory development.

How Many Interviews Are Enough?

Article

Full-text available

Feb 2006
FIELD METHOD

Guidelines for determining nonprobabilistic sample sizes are virtually nonexistent. Purposive samples are the most commonly used form of nonprobabilistic sampling, and their size typically relies on the concept of “saturation,” or the point at which no new information or themes are observed in the data. Although the idea of saturation is helpful at the conceptual level, it provides little practical guidance for estimating sample sizes, prior to data collection, necessary for conducting quality research. Using data from a study involving sixty in-depth interviews with women in two West African countries, the authors systematically document the degree of data saturation and variability over the course of thematic analysis. They operationalize saturation and make evidence-based recommendations regarding nonprobabilistic sample sizes for interviews. Based on the data set, they found that saturation occurred within the first twelve interviews, although basic elements for metathemes were present as early as six interviews. Variability within the data followed similar patterns.

A Comparison of the Theory of Planned Behavior and the Theory of Reasoned Action

Article

Full-text available

Feb 1992
Pers Soc Psychol Bull

Research in social psychology has extensively referenced and used Fishbein and Ajzen's theory of reasoned action to predict and understand motivational influences on behavior Recently Ajzen has proposed an extension of the theory by including perceptions of behavioral control as an additional predictor of intentions and behavior. The present research compared Ajzen's theory of planned behavior with the theory of reasoned action for 10 behaviors chosen to represent a range with respect to control over performing the behavior. he results indicate that inclusion of perceived behavioral control enhances the prediction of behavioral intention and behavior Consistent with the theory of planned behavior, the effects of perceived behavioral control on a target behavior are most vivid when the behavior presents some problem with respect to control.

Applicant Attraction to Firms: Influences of Organization Reputation, Job and Organizational Attributes, and Recruiter Behaviors

Article

Full-text available

Feb 1998

We develop and then empirically test a model of how organization reputation, job and organizational attributes, and recruiter behaviors influence applicant attraction to firms using data from 361 campus recruitment interviews in which applicants completed surveys before and after the interview. Results indicate that recruiter behaviors did not have a direct effect on applicant attraction, but influenced attraction indirectly through influencing perceptions of job and organizational attributes. As hypothesized, job and organizational attributes positively influenced attraction, and organization reputation positively influenced applicant perceptions of job and organizational attributes and recruiter behaviors. Contrary to our hypotheses, however, organization reputation had a negative direct effect on applicant attraction. We discuss implications of our findings and suggest directions for future research.

Consumer trust in an Internet Store

Article

Full-text available

Nov 2000

The study reported here raises some questions about the conventional wisdom that the Internet creates a "level playing field" for large and small retailers and for retailers with and without an established reputation. In our study, consumers recognized differences in size and reputation among Internet stores, and those differences influenced their assessments of store trustworthiness and their perception of risk, as well as their willingness to patronize the store. After describing our research methods and results, we draw some implications for Internet merchants.

Using thematic analysis in psychology

Article

Full-text available

Jan 2006
Qual Res Psychol

Thematic analysis is a poorly demarcated, rarely acknowledged, yet widely used qualitative analytic method within psychology. In this paper, we argue that it offers an accessible and theoretically flexible approach to analysing qualitative data. We outline what thematic analysis is, locating it in relation to other qualitative analytic methods that search for themes or patterns, and in relation to different epistemological and ontological positions. We then provide clear guidelines to those wanting to start thematic analysis, or conduct it in a more deliberate and rigorous way, and consider potential pitfalls in conducting thematic analysis. Finally, we outline the disadvantages and advantages of thematic analysis. We conclude by advocating thematic analysis as a useful and flexible method for qualitative research in and beyond psychology.

Social Exchange Theory: An Interdisciplinary Review

Article

Full-text available

Dec 2005

Social exchange theory (SET) is one the most influential conceptual paradigms in organizational behavior. Despite its usefulness, theoretical ambiguities within SET remain. As a consequence, tests of the model, as well as its applications, tend to rely on an incompletely specified set of ideas. The authors address conceptual difficulties and highlight areas in need of additional research. In so doing, they pay special attention to four issues: (a) the roots of the conceptual ambiguities, (b) norms and rules of exchange, (c) nature of the resources being exchanged, and (d) social exchange relationships.

The Effect of the Performance Appraisal System on Trust for Management: A Field Quasi-Experiment

Article

Full-text available

Feb 1999

Recent theoretical developments have enabled the empirical study of trust for specific referents in organizations. The authors conducted a 14-month field study of employee trust for top management. A 9-month quasi-experiment found that the implementation of a more acceptable performance appraisal system increased trust for top management. The 3 proposed factors of trustworthiness (ability, benevolence, and integrity) mediated the relationship between perceptions of the appraisal system and trust. (PsycINFO Database Record (c) 2012 APA, all rights reserved)

Consumer Perceptions of Privacy and Security Risks for Online Shopping

Article

Full-text available

Jun 2001
J CONSUM AFF

Government and industry organizations have declared information privacy and security to be major obstacles in the development of consumer-related e-commerce. Risk perceptions regarding Internet privacy and security have been identified as issues for both new and experienced users of Internet technology. This paper explores risk perceptions among consumers of varying levels of Internet experience and how these perceptions relate to online shopping activity. Findings provide evidence of hypothesized relationships among consumers’ levels of Internet experience, the use of alternate remote purchasing methods (such as telephone and mail-order shopping), the perceived risks of online shopping, and online purchasing activity. Implications for online commerce and consumer welfare are discussed.

Man-in-the-middle attack to the HTTPS protocol

Article

Full-text available

Mar 2009

As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency for some organizations to use invalid or "self-signed" certifications for SSL, an approach that both trains the user to ignore certificate warnings displayed by the browser and leaves connections vulnerable to man in the middle attacks. In this article, we illustrate how easy such attacks are to execute; we hope this will serve as an incentive to adopt defenses that not only seem secure, but actually are!

Managing the Paradoxes of Mobile Technology

Article

Full-text available

Sep 2005

This paper reports on a large-scale, international focus group study that examined the user experience of mobile technology users in Hong Kong, Japan, Finland, and the U.S. We identify eight central mobile technology paradoxes that shape user experience and behavior. We suggest possible design features that relate to the experienced paradoxes and discuss how they could be better managed.

Implementation Team Responsiveness and User Evaluation of Customer Relationship Management: A Quasi-Experimental Design Study of Social Exchange Theory

Article

Full-text available

Jun 2002

Customer Relationship Management (CRM) systems require extensive configuration during which users come into extensive contact with the technical imple- mentation team. Previous research examining other Enterprise Resource Planning (ERP) modules has shown that user perception of the responsiveness of such teams, as an indicator of a possible social exchange, is significantly associated with an in- creased favorable assessment of the new system and ultimately its adoption, the rea- son being that perceived responsiveness creates a constructive social exchange. However, previous research, using survey data alone, did not examine causation. The objective of this study is to examine, using a quasi-experimental design, whether different degrees of actual responsiveness in different sites during CRM implementa- tion result in significant differences in the users' favorable assessment of the correct- ness and ultimately their approval of a new CRM. The data support these hypotheses, but show that the downstream effects of actual responsiveness are mediated by per- ceived responsiveness. Implications concerning the social exchange relationship dur- ing CRM adoption are discussed.

Web Home Page Complexity and Communication Effectiveness

Article

Full-text available

Apr 2001
J ASSOC INF SYST

To date, little research has been conducted to explore how consumers perceive and use the Web as an advertising medium. Although numerous guidelines for Web home page design exist, the vast majority of advice is based on opinion, personal experience or observation, not necessarily on empirical evidence.

Contribution to Quality of Life: A New Outcome Variable for Mobile Data Service

Article

Full-text available

Dec 2007
J ASSOC INF SYST

The rapid spread of technological innovations like mobile data services (MDS) has made mobile computing a fact of everyday life for many people. Therefore, we need to understand the contribution of mobile computing to overall quality of life (QoL). Employing the satisfaction hierarchy model and bottom-up spillover theory, this study proposes a theoretical model in the context of MDS that connects user satisfaction (a traditional outcome variable of IT) with contribution to QoL (a new outcome variable for mobile computing) in a range of life domains. The validity of the proposed model and outcome variable was tested through three empirical studies conducted in Korea. User satisfaction with MDS was found to affect the contribution of MDS to QoL in eleven life domains, and these contributions in turn influenced the overall contribution of MDS to QoL. The paper ends with a discussion of the study's implications and limitations.

The Evolving Nature of the Computer Self-Efficacy Construct: An Empirical Investigation of Measurement Construction, Validity, Reliability and Stability Over Time.

Article

Full-text available

Jan 2007
J ASSOC INF SYST

This paper reports an empirical study intended to provide detailed comparisons amongst and between the varieties of available measures of computer self-efficacy (CSE). Our purpose is to ascertain their relative abilities to isolate the CSE construct from other related constructs and to capture variance in performance attributed to changes in CSE level. In addition, we investigate the importance of ensuring the measure being used is sufficiently aligned with the task domain of interest. Finally, we explore the stability of CSE measures as they relate to the current state of evolution within the computing domain. Marakas, Yi, and Johnson ( 1998) proposed a framework for the construction of instruments intended to measure the CSE construct that we have adopted as a basis for this series of investigations. To that end, we advance and test a set of hypotheses derived from the Marakas et al. ( 1998) framework. Results of the analyses support the need for adherence to the tenets of the proposed framework as well as provide evidence that CSE measures suffer from degradation of their explanatory power over time. Further, this study brings forth the importance of appropriately validating measures of CSE using approaches intended for a formative rather than a reflective construct. These results suggest that the common practices of instrument validation and reuse of long-standing instruments to measure CSE may not be the most effective approach to the study of the construct. Implications for future research are discussed.

The contribution of critical IS research

Article

Full-text available

Mar 2008

Critical research might prove beneficial for IT professionals and practitioners as they can benefit from critical ideas without facing complexities. One of the problems with anyone who wants to do critical research or practice in IS is that there is no generally accepted and unequivocal definition of the term. Critical research is based on a deep suspicion that the state of the world is unjust and of many disadvantages. A major aim resulting from the critical intention is to promote individual empowerment and emancipation. The critical approach does not offer simple answers, rather it allows for asking new questions, which allow the practitioners to develop a new understanding of problematic situations, which in turn is a prerequisite for creative solutions. Critical research requires a willingness to take others seriously, whatever their role in relation to the project. It offers new perspectives, and can overcome limitations of traditional practices, and address ethical issues.

Threat or coping appraisal: Determinants of SMB executives′ decision to adopt anti-malware software

Article

Full-text available

Mar 2009

This study presents an empirical investigation of factors affecting small- and medium-sized business (SMB) executives’ decision to adopt anti-malware software for their organizations. A research model was developed by adopting and expanding the protection motivation theory from health psychology, which has successfully been used to investigate the effect of threat and coping appraisal on protective actions. A questionnaire-based field survey with 239 U.S. SMB executives was conducted, and the data were analyzed using partial least squares (PLS). This study demonstrates that threat and coping appraisal successfully predict SMB executives’ anti-malware software adoption intention, leading to SMB adoption. In addition, considerable variance in adoption intention and actual SMB adoption is addressed by social influence from key stakeholders and situation-specific variables, such as IT budget and vendor support. Further, the generalizability of the model was tested using industry type and IS expertise. The adoption intention of IS experts and IT intensive industries was mainly affected by threat appraisal and social influence, while that of non-IS experts and non-IT intensive industries was significantly influenced by coping appraisal and IT budget. Vendor support was a key facilitator of the anti-malware adoption for IS experts and IT intensive industry groups, while IT budget was for non-IS expert and non-IT intensive industry groups. Key implications for theory and practice are discussed.

Strategic alignment: A practitioner's perspective

Article

Full-text available

Dec 2005
J Enterprise Inform Manag

Purpose – Organizations are becoming increasingly aware of the importance of aligning information systems with organizational processes, goals and strategies. One way of representing and analysing strategic alignment is through the creation of a causal‐loop diagram, a subject which this paper seeks to examine. Design/methodology/approach – The exploratory research presented here involved six senior IS/IT managers during three two‐hour focus group sessions, which led to the development of such a diagram. The focus group sessions were recorded, transcribed and analysed using content analysis. Findings – The diagram presents a systemic view of IS/business alignment within organizations, as seen through the lens of these practitioners. The research suggests that, although practitioners understand that a high level of connection between IS and business planning processes may be dependent on the level of integration between the IS group and other sections of the organization, they are still unable to develop the necessary relationships. It appears that the culture of many organizations is impeding the development of this integration. Originality/value – The research method and technique allowed a systemic view of IS/business alignment within a typical organization. It highlights the inter‐relationship between the social and intellectual dimensions of alignment and shows that these should not be studied in isolation. In particular, the research highlights the inter‐relationship between the social and intellectual dimensions of alignment.

Shackled to the Status Quo: The Inhibiting Effects of Incumbent System Habit, Switching Costs, and Inertia on New System Acceptance

Article

Full-text available

Jan 2012

Given that adoption of a new system often implies fully or partly replacing an incumbent system, resistance is often manifested as failure of a user to switch from an incumbent technology to a newly introduced one. Thus, a potential source of resistance to adopting a new system lies in the use of an incumbent system. Using the status quo bias and habit literatures as theoretical lenses, the study explains how use of an incumbent system negatively impacts new system perceptions and usage intentions. We argue that habitual use of an incumbent system, rationalization due to perceived transition costs, and psychological commitment due to perceived sunk costs all encourage development of inertia. Inertia in turn fully mediates the impact of these incumbent system constructs on constructs related to acceptance of the new system via psychological commitment based on cognitive consistency and by increasing the importance of normative pressures. Specifically, we hypothesize that inertia leads to decreased perceptions of the ease of use and relative advantage of a newly introduced system and has a negative impact on intentions to use the new system, above and beyond its impact through perceptions. Finally, we hypothesize that inertia moderates the relationship between subjective norm and intention, such that normative pressures to use a new system become more important in the presence of inertia. Empirical results largely support the hypothesized relationships showing the inhibiting effect of incumbent-system habit, transition and sunk costs, and inertia on acceptance of a new system. Our study thus extends theoretical understanding of the role of incumbent system constructs such as habit and inertia in technology acceptance, and lays the foundations for further study of the interplay between perceptions and cognition with respect to the incumbent system and those with respect to a new system.

The Discovery of Grounded Theory: Strategies for Qualitative Research

Chapter

Jul 2017

Developments in Practice XXVII: Delivery IT Functions: A Decision Framework

Article

Jan 2007

Qualitative Research Interviews: biographic narrative and semi-structured method (only available commercially or in libraries)

Book

Sep 2018

Tom Wengraf

2001 introduction to in-depth semipstructured qualitative interviewing and to BNIM in paerticular. Unique in its conceptual coherence and its level of practical detail, it cov ers a full spectrum from the identification of topics and research questions, to the interviewing, to the answerin g of research questions, the compring and theorising of cases an d to strategies of writing-up presentations.

Evaluating Structural Equation Models with Unobservable Variables and Measurement Error

Article

Feb 1981

The statistical tests used in the analysis of structural equation models with unobservable variables and measurement error are examined. A drawback of the commonly applied chi square test, in addition to the known problems related to sample size and power, is that it may indicate an increasing correspondence between the hypothesized model and the observed data as both the measurement properties and the relationship between constructs decline. Further, and contrary to common assertion, the risk of making a Type II error can be substantial even when the sample size is large. Moreover, the present testing methods are unable to assess a model's explanatory power. To overcome these problems, the authors develop and apply a testing system based on measures of shared variance within the structural model, measurement model, and overall model.

The Effects of Security Education Training and Awareness Programs and Individual Characteristics on End User Security Tool Usage

Article

Jan 2009

Focus Groups: A Practical Guide for Applied Research

Book

Jan 2000

Understanding Attitudes and Predicting Social Behavior

Article

Jan 1980

A Framework for Theory Development in Design Science Research: Multiple Perspectives

Article

Jun 2012
J ASSOC INF SYST

One point of convergence in the many recent discussions on design science research in information systems (DSRIS) has been the desirability of a directive design theory (ISDT) as one of the outputs from a DSRIS project. However, the literature on theory development in DSRIS is very sparse. In this paper, we develop a framework to support theory development in DSRIS and explore its potential from multiple perspectives. The framework positions ISDT in a hierarchy of theories in IS design that includes a type of theory for describing how and why the design functions: Design-relevant explanatory/predictive theory (DREPT). DREPT formally captures the translation of general theory constructs from outside IS to the design realm. We introduce the framework from a knowledge representation perspective and then provide typological and epistemological perspectives. We begin by motivating the desirability of both directive-prescriptive theory (ISDT) and explanatory-predictive theory (DREPT) for IS design science research and practice. Since ISDT and DREPT are both, by definition, midrange theories, we examine the notion of mid-range theory in other fields and then in the specific context of DSRIS. We position both types of theory in Gregor's (2006) taxonomy of IS theory in our typological view of the framework. We then discuss design theory semantics from an epistemological view of the framework, relating it to an idealized design science research cycle. To demonstrate the potential of the framework for DSRIS, we use it to derive ISDT and DREPT from two published examples of DSRIS.

Research Framework for AIS Grand Vision of the Bright ICT Initiative

Article

Jun 2015

Jae Kyu Lee

The Internet has become a minefield of crime, fakes, and terror perpetuated by anonymous users on a global scale. The security burden of protecting organizations is becoming increasingly difficult and costly, and this burden cannot be lessened under the current Internet protocol. In order to fundamentally solve these side effects, the Council of the Association for Information Systems (AIS) has adopted a grand vision of an ICT-Enabled Bright Society (in short, the Bright ICT Initiative). With the goal of preventing undesirable activities on the Internet, diverse issues can be investigated using a bottom-up perspective. Scholars are beginning to examine the concept and various approaches with the support of the AIS conferences and the information system journals. However, a unique approach and fundamental solution must be identified in order to drastically eliminate the negative side effects of these adverse online activities. In order to achieve this, four principles are proposed that will provide the foundation of the framework for a new and safer Internet platform, the Bright Internet, while protecting users' privacy at an appropriate level. The proposed principles are origin responsibility, deliverer responsibility, rule-based digital search warrants, and traceable anonymity. This endeavor requires the investigation of technologies, policies, and international agreements on which new business models can be created.

Data Collection in the Digital Age: Innovative Alternatives to Student Samples

Article

Jun 2014

Online crowdsourcing markets (OCM) are becoming more popular as a source for data collection. In this paper, we examine the consistency of survey results across student samples, consumer panels, and online crowdsourcing markets (specifically Amazon's Mechanical Turk) both within the United States and outside. We conduct two studies examining the technology acceptance model (TAM) and the expectation-disconfirmation theory (EDT) to explore potential differences in demographics, psychometrics, structural model estimates, and measurement invariances. Our findings indicate that (1) U.S.-based OCM samples provide demographics much more similar to our student and consumer panel samples than the non-U.S.-based OCM samples; (2) both U.S. and non-U.S. OCM samples provide initial psychometric properties (reliability, convergent, and divergent validity) that are similar to those of both student and consumer panels; (3) non-U.S. OCM samples generally provide differences in scale means compared to those of our students, consumer panels, and U.S. OCM samples; and (4) one of the non-U.S. OCM samples refuted the highly replicated and validated TAM model in the relationship of perceived usefulness to behavioral intentions. Although our post hoc analyses isolated some cultural and demographic effects with regard to the non-U.S. samples in Study 1, they did not address the model differences found in Study 2. Specifically, the inclusion of non-U.S. OCM respondents led to statistically significant differences in parameter estimates, and hence to different statistical conclusions. Due to these unexplained differences that exist within the non-U.S. OCM samples, we caution that the inclusion of non-U.S. OCM participants may lead to different conclusions than studies with only U.S. OCM participants. We are unable to conclude whether this is due to of cultural differences, differences in the demographic profiles of non-U.S. OCM participants, or some unexplored factors within the models. Therefore, until further research is conducted to explore these differences in detail, we urge researchers utilizing OCMs with the intention to generalize to U.S. populations focus on U.S.-based participants and exercise caution in using non-U.S. participants. We further recommend that researchers should clearly describe their OCM usage and design (e.g., demographics, participant filters, etc.) procedures. Overall, we find that U.S. OCM samples produced models that lead to similar statistical conclusions as both U.S. students and U.S. consumer panels at a considerably reduced cost.

Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies

Article

Oct 2003

Interest in the problem of method biases has a long history in the behavioral sciences. Despite this, a comprehensive summary of the potential sources of method biases and how to control for them does not exist. Therefore, the purpose of this article is to examine the extent to which method biases influence behavioral research results, identify potential sources of method biases, discuss the cognitive processes through which method biases influence responses to measures, evaluate the many different procedural and statistical techniques that can be used to control method biases, and provide recommendations for how to select appropriate procedural and statistical remedies for different types of research settings.

Enabling Collaboration with IT

Article

Jan 2011

Globalizing organizations, outsourcing, mobile work, inter-organizational teams, innovation, and reaching out to suppliers and customers are driving today's need to improve collaboration within firms. And information technology (IT) is at the center of these trends. Businesses are also experimenting with different types of collaboration. While IT functions provide the heavy lifting, such as connectivity and information integrity, without which most collaboration efforts would not be effective, how new applications are implemented is often as important as the technology itself in delivering business value. This article explores IT's role in enabling collaboration in organizations, and at the same time, what IT's role should not be (i.e., what responsibilities and accountabilities should properly be the function of the business). It presents the results of research with a focus group of senior IT managers, looking first at why collaboration is becoming so important and the business value it enables. Next, it examines some of the different characteristics of collaboration and the key components of a collaboration program and at IT's role in one. It concludes that effective collaboration will not result from implementing more collaboration software. Instead, this will require a proactive and holistic strategy that integrates business goals and technology potential.

Online Instrument Delivery and Participant Recruitment Services: Emerging Opportunities for Behavioral Accounting Research

Article

Apr 2014

Behavioral accounting researchers have historically been constrained in their ability to reach externally valid research participants. The purpose of this paper is to familiarize researchers with two relatively new and innovative ways to overcome this issue. First, this paper discusses two online instrument delivery services provided by SurveyMonkey and Qualtrics that can be used to distribute experimental materials to geographically distributed participants quickly and inexpensively. Second, it reviews a number of participant recruitment services that behavioral accounting researchers can use to identify and recruit externally valid research participants. Specifically, this paper discusses commercial participant recruitment services provided by SurveyMonkey Audience, Qualtrics, Amazon's Mechanical Turk, and other commercial firms, as well as several non-commercial participant recruitment services associated with industry and professional organizations. Each service is evaluated against three criteria that are important to behavioral accounting researchers: (1) cost, (2) flexibility, and (3) access to populations of interest.

Understanding Compliance with Bring Your Own Device Policies Utilizing Protection Motivation Theory: Bridging the Intention-Behavior Gap

Article

Jun 2014

The purpose of this study is to examine the factors that determine whether employees follow Bring Your Own Device (BYOD) policies through the lens of the Protection Motivation Theory. BYOD is rapidly becoming the norm rather than the exception. As a result, firms are establishing BYOD policies to address the risk inherent in allowing individuals to use their own devices to access or store company data. This paper reports the results of a survey of accounting students, non-accounting students, and full-time employees. Results demonstrate that participants' intentions to comply with a BYOD policy were primarily motivated by Self Efficacy and Response Efficacy. Further, Threat Severity was more salient for accountants than non-accountants, perhaps due to their sensitivity to confidential data. Finally, when actual compliance behavior was considered, costs to comply were much more salient to employees and could be strong deterrents to full compliance. These findings have important theoretical and practical implications.

Qualitative Interview Design: A Practical Guide for Novice Investigators

Article

May 2010

Daniel W Turner

Qualitative research design can be complicated depending upon the level of experience a researcher may have with a particular type of methodology. As researchers, many aspire to grow and expand their knowledge and experiences with qualitative design in order to better utilize diversified research paradigms for future investigations. One of the more popular areas of interest in qualitative research design is that of the interview protocol. Interviews provide in-depth information pertaining to participants' experiences and viewpoints of a particular topic. Often times, interviews are coupled with other forms of data collection in order to provide the researcher with a well-rounded collection of information for analyses. This paper explores the effective ways to conduct in-depth, qualitative interviews for novice investigators by employing a step-by-step process for implementation. Qualitative research design can be complicated depending upon the level of experience a researcher may have with a particular type of methodology. As researchers, many aspire to grow and expand their knowledge and experiences with qualitative design in order to better utilize a variety of research paradigms. One of the more popular areas of interest in qualitative research design is that of the interview protocol. Interviews provide in-depth information pertaining to participants' experiences and viewpoints of a particular topic. Often times, interviews are coupled with other forms of data collection in order to provide the researcher with a well-rounded collection of information for analyses. This paper explores the effective ways to conduct in-depth, qualitative interviews for novice investigators by expanding upon the practical components of each interview design.

ERP in Practice: A Snapshot of Post-Installation Perception and Behaviors

Article

Jan 2008

Prediction of Goal-Directed Behavior: Attitudes, Intentions, and Perceived Behavioral Control

Article

Sep 1986

A proposed theory of planned behavior, an extension of Ajzen and Fishbein's (1980, Understanding attitudes and predicting social behavior. Englewood-Cliffs, NJ: Prentice-Hall) theory of reasoned action, was tested in two experiments. The extended theory incorporates perceived control over behavioral achievement as a determinant of intention (Version 1) as well as behavior (Version 2). In Experiment 1, college students' attendance of class lectures was recorded over a 6-week period; in Experiment 2, the behavioral goal was getting an “A” in a course. Attitudes, subjective norms, perceived behavioral control, and intentions were assessed halfway through the period of observation in the first experiment, and at two points in time in the second experiment. The results were evaluated by means of hierarchical regression analyses. As expected, the theory of planned behavior permitted more accurate prediction of intentions and goal attainment than did the theory of reasoned action. In both experiments, perceived behavioral control added significantly to the prediction of intentions. Its contribution to the prediction of behavior was significant in the second wave of Experiment 2, at which time the students' perceptions of behavioral control had become quite accurate. Contrary to expectations, there was little evidence for interactions between perceived behavioral control and the theory's other independent variables.

Protecting Patient Privacy and Data Security

Article

Feb 2013
NEW ENGL J MED

On December 4, 2012, two Australian radio DJs called London's King Edward VII's Hospital, identified themselves, in fake British accents, as Queen Elizabeth and Prince Charles, and asked about a celebrity patient who had been admitted for pregnancy complications. A nurse, filling in at the reception desk in the early morning hours, answered the phone and, without attempting to verify the callers' identities, transferred them to the duty nurse caring for the Duchess of Cambridge. The duty nurse then provided them with confidential patient information.1 The Australian DJs broadcast the phone call, considering it a humorous prank, but as the . . .

Consumer Acceptance of Electronic Commerce: Integrating Trust and Risk with the Technology Acceptance Model

Article

Mar 2003

Paul Pavlou

This paper aims to predict consumer acceptance of e-commerce by proposing a set of key drivers for engaging consumers in on-line transactions. The primary constructs for capturing consumer acceptance of e-commerce are intention to transact and on-line transaction behavior. Following the theory of reasoned action (TRA) as applied to a technology-driven environment, technology acceptance model (TAM) variables (perceived usefulness and ease of use) are posited as key drivers of e-commerce acceptance. The practical utility of TAM stems from the fact that e-commerce is technology-driven. The proposed model integrates trust and perceived risk, which are incorporated given the implicit uncertainty of the e-commerce environment. The proposed integration of the hypothesized independent variables is justified by placing all the variables under the nomological TRA structure and proposing their interrelationships. The resulting research model is tested using data from two empirical studies. The first, exploratory study comprises three experiential scenarios with 103 students. The second, confirmatory study uses a sample of 155 on-line consumers. Both studies strongly support the e-commerce acceptance model by validating the proposed hypotheses. The paper discusses the implications for e-commerce theory, research, and practice, and makes several suggestions for future research.

Exchange & Power in Social Life

Book

Jan 1964

Peter M Blau

An Integrative Model of Organizational Trust: Past, Present, and Future

Article

Apr 2007

A considerable amount of research has examined trust since our 1995 publication. We revisit some of the critical issues that we addressed and provide clarifications and extensions of the topics of levels of analysis, time, control systems, reciprocity, and measurement. We also recognize recent research in new areas of trust, such as affect, emotion, violation and repair, distrust, international and cross-cultural issues, and context-specific models, and we identify promising avenues for future research.

A Practical Guide to Factorial Validity Using PLS-Graph: Tutorial and Annotated Example

Article

Jan 2005

This tutorial explains in detail what factorial validity is and how to run its various aspects in PLS. The tutorial is written as a teaching aid for doctoral seminars that may cover PLS and for researchers interested in learning PLS. An annotated example with data is provided as an additional tool to assist the reader in reconstructing the detailed example.

Trustworthiness in Electronic Commerce: The Role of Privacy, Security, and Site Attributes

Article

Dec 2002
J STRATEGIC INF SYST

While the growth of business-to-consumer electronic commerce seems phenomenal in recent years, several studies suggest that a large number of individuals using the Internet have serious privacy concerns, and that winning public trust is the primary hurdle to continued growth in e-commerce. This research investigated the relative importance, when purchasing goods and services over the Web, of four common trust indices (i.e. (1) third party privacy seals, (2) privacy statements, (3) third party security seals, and (4) security features). The results indicate consumers valued security features significantly more than the three other trust indices. We also investigated the relationship between these trust indices and the consumer's perceptions of a marketer's trustworthiness. The findings indicate that consumers' ratings of trustworthiness of Web merchants did not parallel experts' evaluation of sites' use of the trust indices. This study also examined the extent to which consumers are willing to provide private information to electronic and land merchants. The results revealed that when making the decision to provide private information, consumers rely on their perceptions of trustworthiness irrespective of whether the merchant is electronic only or land and electronic. Finally, we investigated the relative importance of three types of Web attributes: security, privacy and pleasure features (convenience, ease of use, cosmetics). Privacy and security features were of lesser importance than pleasure features when considering consumers' intention to purchase. A discussion of the implications of these results and an agenda for future research are provided.

Security lapses and the omission of information security measures: A threat control model and empirical test

Article

Sep 2008
COMPUT HUM BEHAV

Organizations and individuals are increasingly impacted by misuses of information that result from security lapses. Most of the cumulative research on information security has investigated the technical side of this critical issue, but securing organizational systems has its grounding in personal behavior. The fact remains that even with implementing mandatory controls, the application of computing defenses has not kept pace with abusers’ attempts to undermine them. Studies of information security contravention behaviors have focused on some aspects of security lapses and have provided some behavioral recommendations such as punishment of offenders or ethics training. While this research has provided some insight on information security contravention, they leave incomplete our understanding of the omission of information security measures among people who know how to protect their systems but fail to do so. Yet carelessness with information and failure to take available precautions contributes to significant civil losses and even to crimes. Explanatory theory to guide research that might help to answer important questions about how to treat this omission problem lacks empirical testing. This empirical study uses protection motivation theory to articulate and test a threat control model to validate assumptions and better understand the “knowing-doing” gap, so that more effective interventions can be developed.

Privacy calculus model in e-commerce - A study of Italy and the United States

Article

Aug 2006

This study examines cross-cultural differences beliefs related to e-commerce use for Italy and the United States. We argue that for both cultures, the user's decision to make an online purchase is simultaneously influenced by a set of contrary factors. These include decision facilitators such as propensity to trust and institutional trust, and decision inhibitors such as perceived risk and privacy concerns. We argue that substantial cultural differences exist that affect the above factors and the relationships among them. We use Hofstede's cultural theory and Fukuyama's theory of trust and social capital, along with emic factors important for the Italian society, to develop the study's propositions. The hypotheses were empirically tested using LISREL structural equation modeling and multigroup analysis. The results revealed that the Italian society exhibited lower propensity to trust, institutional trust, privacy concerns, and higher perceived risk. The relationships between institutional trust and e-commerce use, privacy concerns and e-commerce use, and perceived risk and institutional trust are all weaker for Italy. The relationship between perceived risk and privacy concerns is stronger for Italy. The paper's major contribution is in validating an important model of e-commerce use across two cultures and showing the moderating effects of culture.European Journal of Information Systems (2006) 15, 389–402. doi:10.1057/palgrave.ejis.3000590

The mysterious case of the missing paradigm: A review of critical information systems research 1991-2001

Article

Jul 2007

In this journal, Chen and Hirschheim have provided a historical analysis of positivist and interpretivist research paradigms and methodologies in the 10 years following the much cited work of Orlikowski and Baroudi. In this paper, we investigate the mysterious case of the missing paradigm – that of the critical approach to information systems (IS) research. We take Chen and Hirschheim’s survey as our starting point and aim to fill the gap left by the absence of the critical paradigm in their analysis and make some criticisms of their method. Recent years have seen the growth of IS research that consciously adopts a critical perspective. This paper charts the development of critical IS research over the period of 1991–2001, adding some comments on more recent developments. We conclude by critically reflecting on the current development of critical research in the field of IS.

Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions.

Article

Sep 2010

Although firms are expending substantial resources to develop technology and processes that can help safeguard the security of their computing assets, increased attention is being focused on the role people play in maintaining a safe computing environment. Unlike employees in a work setting, home users are not subject to training, nor are they protected by a technical staff dedicated to keeping security software and hardware current. Thus, with over one billion people with access to the Internet, individual home computer users represent a significant point of weakness in achieving the security of the cyber infrastructure. We study the phenomenon of conscientious cybercitizens, defined as individuals who are motivated to take the necessary precautions under their direct control to secure their own computer and the Internet in a home setting. Using a multidisciplinary, phased approach, we develop a conceptual model of the conscientious cybercitizen. We present results from two studies-a survey and an experiment-conducted to understand the drivers of intentions to perform security-related behavior, and the interventions that can positively influence these drivers. In the first study, we use protection motivation theory as the underlying conceptual foundation and extend the theory by drawing upon the public goods literature and the concept of psychological ownership. Results from a survey of 594 home computer users from a wide range of demographic and socio-economic backgrounds suggest that a home computer user's intention to perform security-related behavior is influenced by a combination of cognitive, social, and psychological components. In the second study, we draw upon the concepts of goal framing and self-view to examine how the proximal drivers of intentions to perform security-related behavior identified in the first study can be influenced by appropriate messaging. An experiment with 101 subjects is used to test the research hypotheses. Overall, the two studies shed important new light on creating more conscientious cybercitizens. Theoretical and practical implications of the findings are discussed.

Robbing Peter to Pay Paul: Surrendering Privacy for Security’s Sake in an Identity Ecosystem

Abstract

No full-text available

Recommended publications

The War of the Fingerprints: Identities, Hierarchies and Bodies

Identities and Identity Work in Organizations

Gender (In) Authenticity, Belonging and Identity Work in Engineering

“Fraudulent” Identities: The Politics of Defining Quilombo Descendants in Brazil