Examining the Relationship between National Cybersecurity Commitment, Culture, and Digital Payment Usage: An Institutional Trust Theory Perspective

2023 | Information Systems Frontiers | Citations: 1

Authors: Krishna, Ben; Krishnan, Satish; Sebastian, M. P.

Abstract: Cyberattacks can be considered one of the fundamental challenges that paralyze t ... Expand

Abstract: Cyberattacks can be considered one of the fundamental challenges that paralyze the progress of digital payment usage (DPU) progress among citizens, as consumers shun away from using digital banking services due to increased concern over information security. National Cybersecurity Commitment (NCSC) has emerged as a preventive cybersecurity mechanism for countries to tackle such cybersecurity threats. Previous studies have shown that a country's NCSC positively impacts the business and economy of the country. This study examines the effect of NCSC on digital payment usage (DPU) across nations by grounding our discussion on the institutional trust theory. As trusting belief in security measures is a culturally embedded characteristic, we also examine the moderating role of national culture through Hofstede’s cultural dimensions. We use multilevel models to analyze publicly available archives of repeated cross-sectional data covering 76 countries to test the proposed relationships. Our findings indicate that NCSC has a positive influence on DPU. Further, our results highlight that the relationship between NCSC and DPU in a country is contingent on cultural dimensions. Overall, the evidence suggests that a competent cybersecurity environment compatible with cultural values can influence the speedy diffusion of digital payments in a country. Implications of our findings for research and practice are also discussed. Collapse

Topics: IT security internet technology national culture electronic finance information system use

Methods: longitudinal research hierarchical linear modeling cross sectional research archival research time series analysis

Theories: trust theory cultural dimensions theory contingency theory theory of economic growth

Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches

2023 | Management Information Systems Quarterly | Citations: 1

Authors: Li, Wilson Weixun; Leung, Alvin; Yue, Wei

Abstract: Data breaches can severely damage a firm's reputation and its customers' confid ... Expand

Abstract: Data breaches can severely damage a firm's reputation and its customers' confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms' scope for addressing databreach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches. Collapse

Topics: IT investment data breach IT security defense data security IT security threat

Methods: longitudinal research robustness check autocorrelation analysis survey literature study

Theories: institutional theory protection motivation theory

The Application of Role-Based Framework in Preventing Internal Identity Theft Related Crimes: A Qualitative Case Study of UK Retail Companies

2023 | Information Systems Frontiers | Citations: 0

Authors: Okeke, Romanus Izuchukwu; Eiza, Max Hashem

Abstract: This paper aims to examine the challenges of preventing internal identity theft ... Expand

Abstract: This paper aims to examine the challenges of preventing internal identity theft related crimes (IIDTRC) in the UK retail sector. Using an in-depth multiple case studies of a selected number of cross-functional management teams in the UK retail companies, management roles were analysed. We used semi-structured interview as a qualitative data collection technique and used Nvivo aided thematic analysis and interpretivism underpinned by Role-Based Framework (RBF) for analysis. Our findings revealed that vagueness of roles and lack of clarity in sharing data security responsibilities are the major challenges of preventing IIDTRC in UK retail companies. We suggest an application of RBF which provides a conceptual analysis for cross-functional management team to address the challenges of preventing IIDTRC. RBF enables clarity of shared roles where both information security and crimes prevention teams work in unison is required to prevent IIDTRC to maximise internal data security. Contributions for policymakers are offered in this paper. Collapse

Topics: criminality data security IT security outsourcing IT security threat

Methods: case study qualitative interview personal interview survey qualitative content analysis

Theories: organizational role theory

Why Individual Employees Commit Malicious Computer Abuse: A Routine Activity Theory Perspective

2020 | Journal of the Association for Information Systems | Citations: 13

Authors: Luo, Xin (Robert); Li, Han; Hu, Qing; Xu, Heng

Abstract: Prior information security studies have largely focused on understanding employe ... Expand

Abstract: Prior information security studies have largely focused on understanding employee security behavior from a policy compliance perspective. We contend that there is a pressing need to develop a comprehensive understanding of the circumstances that lead to employee commitment of deliberate and malicious acts against organizational digital assets. Drawing on routine activity theory (RAT), we seek to establish a comprehensive model of employee-committed malicious computer abuse (MCA) by investigating the motivations of the offenders, the suitability of the desired targets, and the effect of security guardianship in organizational settings. Specifically, we delineate the effects of the individual characteristics of self-control, hacking self-efficacy, and moral beliefs, as well as the organizational aspects of deterrence based on the routine activity framework of crime. We tested this research model using research participants holding a wide range of corporate positions and possessing varying degrees of computer skills. Our findings offer fresh insights on insider security threats, identify new directions for future research, and provide managers with prescriptive guidance for formulating effective security policies and management programs for preventing MCA in organizations. Collapse

Topics: self efficacy IT security threat data security usability security policy

Methods: survey conjoint analysis PLS tool cross sectional research structural equation modeling

Theories: activity theory social learning theory rational choice theory theory of planned behavior general deterrence theory

Behind Cyber Doors: Securing the Internet of Self

2018 | Americas Conference on Information Systems | Citations: 0

Authors: Nehme, Alaa; George, Joey F

Abstract: The role of citizens in securing their smart homes is critical. We develop a res ... Expand

Abstract: The role of citizens in securing their smart homes is critical. We develop a research model, based on healthrelated fear appeal frameworks, to examine the factors that motivate users to take security precautions. Our model synthesizes the protection motivation theory and the extended parallel process model. This synthesis distinguishes between users’ danger-control and fear-control coping mechanisms. Further, we draw from the criminology literature to refine fear’s compatibility with information threats as opposed to health ones. We also develop and incorporate the Internet of Self into our model to account for smart homes’ personal relevance to users. The theoretical foundation, contributions and hypotheses are discussed. Collapse

Topics: internet of things mobile system internet technology smart home IT security

Methods: survey partial least squares regression theoretical contribution

Theories: extended parallel process model protection motivation theory

Framework to explain factors affecting severity of exposure of medical data breach: a statistical analysis

2018 | Americas Conference on Information Systems | Citations: 0

Authors: Pal, Shounak; Mukhopadhyay, Arunabha

Abstract: With the advent of internet and online storing of records and information, cyber ... Expand

Abstract: With the advent of internet and online storing of records and information, cyber-attack has become a major concern. Theories on criminology explains the impact of a crime-conducive environment, typically in terms of corruption index or crimes committed. Prior works does not show much empirical research on factors affecting severity of cyber-attack, especially those like state-level socio-economic factors, or vulnerable data asset type and content, or source of attack. Our work uses past identity theft records in healthcare industry to (i) establish the importance of the form of target data and agent source, and (ii) explain the effect of the state-level factors like crime rate, population density, literacy rate, internet usage, and per-capita income. Our work will help security managers in policy making and taking countermeasures against cybercrimes. It will also encourage academicians to work on social factors and their interactions with individuals and technology in determining cyber-attack severity. Collapse

Topics: computer crime IT security defense data breach information system use identity theft

Analyzing Persistent Impact of Cybercrime on the Societal Level: Evidence for Individual Security Behavior

2017 | International Conference on Information Systems | Citations: 1

Authors: Riek, Markus; Abramova, Svetlana; Böhme, Rainer

Abstract: Cybercrime has evolved into a serious global problem with considerable social an ... Expand

Abstract: Cybercrime has evolved into a serious global problem with considerable social and economic impact. Avoidance, one form of individual security behavior, can lead to longlasting negative outcomes on the societal level, but is rarely studied. While avoidance effects are difficult to study for recent innovations, theoretical models and data exist for established online services. Building on a parsimonious research model, we study the persistence of aggregate avoidance effects towards the use of online services along with protection behavior using a longitudinal approach. We use structural equation modelling in a secondary analysis of three representative pan-European surveys, conducted in 2012-2014. We find that cybercrime experience increases perceived risk and ultimately leads to avoidance of online banking, online shopping, and unknown websites. It also has a direct impact on two forms of protection behavior, namely: changing security settings and using different passwords. Trend analyses show that these effects are persistent over time. Collapse

Topics: computer crime online banking electronic commerce website social network

Methods: longitudinal research structural equation modeling survey archival research factor analysis

Theories: technology acceptance model theory of planned behavior

Back to Pen and Paper: Recovering Assessment Questions from Computer-Based Examination Applications

2017 | Americas Conference on Information Systems | Citations: 0

Authors: Saini, Shalabh; Grispos, George; Liu, Charles Zhechao; Choo, Kim-Kwang Raymond

Abstract: Computer-based examination platforms are increasingly utilized to deliver examin ... Expand

Abstract: Computer-based examination platforms are increasingly utilized to deliver examinations. The advantages of implementing such a solution over a traditional pen-and-paper approach include support for remote candidates, reduced financial costs, shorter grading time and reduced carbon footprints. While the benefits are attractive, the nature of computer-based examinations makes them more susceptible to cheating. One conjecture previously discussed in the literature is that candidates could recover questions from hard drives. However, minimal research has been conducted to affirm these assumptions. Hence, this research investigates the extent to which questions can be recovered from a computer-based examination and makes recommendations to counter such problems based on the Routine Activity Theory. The study contributes to the discipline by empirically demonstrating that questions can be recovered from three computer-based examination applications using freely available computer forensic tools, and highlighting the need for additional security measure to enhance the creditability of the computer-based examination applications. Collapse

Topics: virtualization technology laptop computer hard disk drive Microsoft Windows criminality

Methods: experiment case study synthesis statistical hypothesis test literature study

Theories: activity theory

An assessment of opportunity-reducing techniques in information security: An insider threat perspective

2016 | Decision Support Systems | Citations: 0

Authors: Padayachee, Keshnee

Abstract: This paper presents an evaluation of extant opportunity-reducing techniques empl ... Expand

Abstract: This paper presents an evaluation of extant opportunity-reducing techniques employed to mitigate insider threats. Although both motive and opportunity are required to commit maleficence, this paper focuses on the concept of opportunity. Opportunity is more tangible than motive; hence it is more pragmatic to reflect on opportunity-reducing measures. To this end, opportunity theories from the field of criminology are considered. The exploratory evaluation proffers several areas of research and may assist organizations in implementing opportunity-reducing information security controls to mitigate insider threats. The evaluation is not definitive, but serves to inform future understanding. Collapse

Topics: data security criminality insider threat IT security defense data loss prevention system

Methods: delphi study survey personal interview

Insider Threats in a Financial Institution: Analysis of Attack-Proneness of Information Systems Applications

2015 | Management Information Systems Quarterly | Citations: 0

Authors: Jingguo Wang; Gupta, Manish; Rao, H. Raghav

Abstract: This study investigates the risk of insider threats associated with different ap ... Expand

Abstract: This study investigates the risk of insider threats associated with different applications within a financial institution. Extending routine activity theory (RAT) from criminology literature to information systems security, hypotheses regarding how application characteristics, namely value, inertia, visibility, accessibility, and guardians, cause applications to be exposed to insider threats are developed. Routine activity theory is synthesized with survival modeling, specifically a Weibull hazard model, and users’ system access behavior is investigated using seven months of field data from the institution. The inter-arrival times of two successive unauthorized access attempts on an application are employed as the measurement of risk. For a robustness check, the daily number of unauthorized attempts experienced by an application as an alternative measurement of risk are introduced and a zero-inflated Poisson-Gamma model is developed. The Markov chain Monte Carlo (MCMC) method is used for model estimations. The results of the study support the empirical application of routine activity theory in understanding insider threats, and provide a picture of how different applications have different levels of exposure to such threats. Theoretical and practical implications for risk management regarding insider threats are discussed. This study is among the first that uses behavioral logs to investigate victimization risk and attack proneness associated with information assets. Collapse

Topics: insider threat criminality IT manager data protection risk management

Methods: nonparametric test survey hazard function survival function robustness check

Theories: activity theory