Results

Found 10 articles

Clear filters

Examining the Differential Effectiveness of Fear Appeals in Information Security Management Using Two-Stage Meta-Analysis
PDF
2023 | Journal of Management Information Systems | Citations: 0
Authors: Lowry, Paul Benjamin; Moody, Gregory D.; Parameswaran, Srikanth; Brown, Nicholas James

Abstract: Most of the information security management research involving fear appeals is g ... Expand

Abstract: Most of the information security management research involving fear appeals is guided by either protection motivation theory or the extended parallel processing model. Over time, extant research has extended these theories, as well as their derivative theories, in a variety of ways, leading to several theoretical and empirical inconsistencies. The large body of fragmented, and sometimes conflicting, research has muddied the broader understanding of what drives protection- and defensive motivation. We provide guidance to the security discourse by offering the first study in the literature to employ two-stage meta-analytic structural equation modeling (TSSEM), which combines covariance-based structural equation modeling and meta-analysis. Information systems (IS) researchers have traditionally used meta-analysis for structural equation modeling for such purposes—an approach that has several serious statistical flaws. Using 341 systematically selected empirical security articles (representing 383 unique studies) and TSSEM, we pool a large series of five datasets to test six models, from which we examine the effects of constructs and paths in the security fear-appeals literature. We compare and test six versions of models inspired by issues in the broader fear-appeals literature. We confirm the importance of both the threat- and coping-appraisal processes; establish the central role of fear and that it has greater importance than threat; show that efficacy is a stronger predictor of protection motivation than is threat; demonstrate that response costs as currently measured are ineffective but that maladaptive rewards have a strong negative effect on protection motivation and a positive effect on defensive motivation; and provide evidence that dual models of danger control and fear control should be used. Collapse

Semantic filters: extended parallel process model

Topics: H1N1 flu self efficacy Python data quality information security management

Methods: structural equation modeling meta analysis statistical hypothesis test hierarchical linear modeling statistical power analysis

Theories: fear appeal theory extended parallel process model protection motivation theory
Beyond adaptive security coping behaviors: Theory and empirical evidence
PDF
2022 | Information & Management | Citations: 10
Authors: Chen, Yan; Luo, Xin (Robert); Li, Han

Abstract: Extant research seldom focuses on maladaptive security coping behaviors. Applyin ... Expand

Abstract: Extant research seldom focuses on maladaptive security coping behaviors. Applying the extended parallel process model, this study has developed a research model to reveal the processes underlying users’ adaptive and mal adaptive security coping behaviors. The model is empirically examined along with alternative models. Results show that perceived coping efficacy is the most influencing factor promoting adaptive coping behaviors and deterring maladaptive coping behaviors. Fear plays a mediating role in the threat appraisal process and leads to adaptive and maladaptive coping behaviors. Trust in the Internet as the contextual factor influences the threat and coping appraisal processes and adaptive coping behaviors. Collapse

Semantic filters: extended parallel process model

Topics: internet technology IT security threat IT security data security self efficacy

Methods: survey PLS tool descriptive statistic partial least squares regression literature study

Theories: extended parallel process model protection motivation theory
Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model
PDF
2021 | Information Systems Research | Citations: 28
Authors: Chen, Yan; Galletta, Dennis F.; Lowry, Paul Benjamin; Luo, Xin (Robert); Moody, Gregory D.; Willison, Robert

Abstract: Organizational information security (ISec) threats have exploded with advances i ... Expand

Abstract: Organizational information security (ISec) threats have exploded with advances in globalization and technology. Thus, organizations are scrambling to find both technical and behavioral approaches to shore up security. Whereas security technologies are crucial to these efforts, they are often rendered useless by employees’ misunderstanding, carelessness, or deliberate disregard of ISec polices (ISPs). Accordingly, organizations are increasingly seeking ways to encourage employees to work as security allies. A key approach in many organizations is encouraging employees to better understand and comply with ISPs. Consequently, ISec research has leveraged several theories to identify the underlying reasons for ISP compliance behaviors among employees. However, most of this research focuses unilaterally on compliance without simultaneously considering noncompliance, as if noncompliance were caused by opposite factors. A pressing need thus exists for a theoretical foundation that can consider both common outcomes and whether there is an explainable tipping point that can explain when a normally compliant employee chooses to become noncompliant, and vice versa. In this study, we contextualize the extended parallel process model (EPPM) to ISP compliance by accounting for dual outcomes of compliance/noncompliance and dual roles of coping—problem-focused coping and emotion-focused coping. We further extend the EPPM to include response costs and maladaptive rewards to predict the two possible outcomes. Additionally, we employ a weighted discriminant value measurement approach to examine the tipping point between compliance and noncompliance. To test our resulting theoretical model and new measure, we conducted two separate empirical studies with 816 employees, using survey and scenario methodologies. The empirical results from these studies indicate that our contextualization and extension of EPPM better explain the gaps than alternative theories in the ISP literature. Collapse

Semantic filters: extended parallel process model

Topics: self efficacy accounting IT security threat productivity data quality

Methods: literature sample structural equation modeling survey ANOVA parametric test

Theories: extended parallel process model
The Impact of Threat and Efficacy on Information Security Behavior: Applying an Extended Parallel Process Model to the Fear of Ransomware.
PDF
2021 | HICSS | Citations: 0
Authors: Masuch, Kristin; Hengstler, Sebastian; Schulze, Laura; Trang, Simon

Abstract: Information security has become an increasingly important aspect in companies an ... Expand

Abstract: Information security has become an increasingly important aspect in companies and households during this time of digitalization. Cyber attacks and especially ransomware attacks are a growing threat. How people react to and perceive this threat is a central component of this study. This paper is meant to investigate how threat and efficacy influence individuals’ information security behavior. For this purpose, a structural equation model was developed using the Extended Parallel Process Model (EPPM). The results show that participants who received a low threat message in their ransom demand were less afraid and more likely to deal with the issue. At the same time, they were not as confident as people who perceived a significant threat. Participants who felt that they had little adequate protection against ransomware were more fearful and therefore dealt with the topic more defensively. Conversely, they also had the intention to behave safely. Collapse

Semantic filters: extended parallel process model

Topics: ransomware behavioral intention data security cybersecurity behavior self efficacy

Methods: survey structural equation modeling partial least squares regression theoretical contribution design artifact

Theories: extended parallel process model
Are You Coping or Copping Out? Wearable Users’ Information Privacy Perspective

2020 | Americas Conference on Information Systems | Citations: 0
Authors: Baskaran, Krutheeka; Mathew, Saji K.; Sugumaran, Vijayan

Abstract: With the advent of wearable devices, we leave a huge digital footprint with eve ... Expand

Abstract: With the advent of wearable devices, we leave a huge digital footprint with every step taken in our daily lives. Though these devices positively impact health and lifestyle of users, violations of health information privacy have become ubiquitous, diverting academic attention towards these issues. This study focuses on understanding the coping behavior of fitness tracker users when confronted with the fear appeal of data privacy breach. A survey is conducted with 225 fitness tracker users using an adapted multi-item scale. A conceptual model drawn from Extended Parallel Process Model, privacy concern, and coping behavior literature is tested using SEM. The study shows, privacy concern has a strong influence on an individual's threat perception, affecting one's choice of coping behavior. The novelty of the study lies in the understanding of the impact of fear over loss of one's health-data privacy and the resulting shift in the attitude towards the technology itself. Collapse

Semantic filters: extended parallel process model

Topics: privacy information privacy concern smart wearable device fitness tracker internet technology

Methods: survey parametric test survey design one-way ANOVA data transformation

Theories: extended parallel process model
Providing Theoretical Foundations: Developing an Integrated Set of Guidelines for Theory Adaptation
PDF
2018 | Communications of the Association for Information Systems | Citations: 4
Authors: Crossler, Robert E.; Di Gangi, Paul M.; Johnston, Allen C.; Bélanger, France; Warkentin, Merrill

Abstract: Developing and advancing theory in the information systems (IS) discipline requi ... Expand

Abstract: Developing and advancing theory in the information systems (IS) discipline requires scholars to use and contribute to theory. While few IS scholars create new theories, many borrow and adapt theories from other disciplines to study a variety of phenomena in the realm of IS. Over time, this practice has raised concerns as to the appropriateness and quality of theories adapted in the discipline. In particular, this practice causes issues when one considers conflicting results from many studies that claim to leverage the same theoretical foundation. We examine the issues surrounding theory adaptation in IS and provide a set of integrated theory adaptation guidelines to help scholars successfully and reliably adapt theory. We illustrate how one might use our guidelines via using Protection Motivation Theory in an organizational information security setting. Collapse

Semantic filters: extended parallel process model

Topics: IS discipline information security policy compliance reference discipline organizational context data security

Methods: theory development qualitative interview theoretical contribution qualitative content analysis triangulation

Theories: protection motivation theory information systems theory psychological theory theory of change extended parallel process model
Behind Cyber Doors: Securing the Internet of Self

2018 | Americas Conference on Information Systems | Citations: 0
Authors: Nehme, Alaa; George, Joey F

Abstract: The role of citizens in securing their smart homes is critical. We develop a res ... Expand

Abstract: The role of citizens in securing their smart homes is critical. We develop a research model, based on healthrelated fear appeal frameworks, to examine the factors that motivate users to take security precautions. Our model synthesizes the protection motivation theory and the extended parallel process model. This synthesis distinguishes between users’ danger-control and fear-control coping mechanisms. Further, we draw from the criminology literature to refine fear’s compatibility with information threats as opposed to health ones. We also develop and incorporate the Internet of Self into our model to account for smart homes’ personal relevance to users. The theoretical foundation, contributions and hypotheses are discussed. Collapse

Semantic filters: extended parallel process model

Topics: internet of things mobile system internet technology smart home IT security

Methods: survey partial least squares regression theoretical contribution

Theories: extended parallel process model protection motivation theory
Examining Internet Users’ Adaptive and Maladaptive Security Behaviors Using the Extended Parallel Process Model

2017 | International Conference on Information Systems | Citations: 0
Authors: Chen, Yan

Abstract: Realizing the importance of the behavioral aspect of information security (ISec) ... Expand

Abstract: Realizing the importance of the behavioral aspect of information security (ISec), researchers have adopted the protection motivation theory (PMT) and its variations as one of major theories to investigate security behaviors. This has made contributions to IS research and improved our knowledge on the role of threat and coping appraisals in promoting adaptive security behaviors. However, IS research still needs a further understanding on when and how threat and coping appraisals work to promote adaptive security behaviors or trigger maladaptive security behaviors. To address this issue, this study develops a research model adopting the extended parallel process model (EPPM) and employs the model in an empirical study. This study also introduces a discriminant value approach to explain the interplay effect of threat and coping appraisals. The results demonstrate that coping appraisal plays a more dominant role in promoting adaptive security behaviors, while fear elicits both adaptive and maladaptive security behaviors. Collapse

Semantic filters: extended parallel process model

Topics: IT security threat internet technology self efficacy IT security training electronic commerce

Methods: survey literature study mediation analysis parametric test ANOVA

Theories: extended parallel process model fear appeal theory
Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences
PDF
2017 | Information Systems Research | Citations: 157
Authors: Wang, Jingguo; Li, Yuan; Rao, H. Raghav

Abstract: This study investigates users’ coping responses in the process of phishing email ... Expand

Abstract: This study investigates users’ coping responses in the process of phishing email detection. Three common responses are identified based on the coping literature: task-focused coping, emotion-focused coping (i.e., worry and self-criticism), and avoidance coping. The three responses are used to conceptualize a higher-order construct, coping adaptiveness, that resides on a continuum between maladaptive coping and adaptive coping (manifested as increased task-focused coping and decreased emotion-focused coping and avoidance coping). Drawing on the extended parallel process model and behavioral decision-making literature, this paper examines the antecedents (i.e., perceived phishing threat, perceived detection efficacy, and phishing anxiety) and behavioral consequences (i.e., detection effort and detection accuracy) of coping adaptiveness. A survey experiment with 547 U.S. consumers was conducted. The results show that perceived detection efficacy increases coping adaptiveness. Partially mediated by phishing anxiety, perceived phishing threat decreases coping adaptiveness. Coping adaptiveness positively impacts the two objective measures in the study, detection effort and detection accuracy. The results also suggest that coping adaptiveness and detection effort have different effects on false positives compared to false negatives: detection effort fully mediates the effect of coping adaptiveness on false positive rate (or detection accuracy related to legitimate emails), but has no impact on false negatives (or detection accuracy related to phishing emails), unlike coping adaptiveness. A post hoc analysis on coping responses reveals two patterns of coping among subjects, throwing more light on coping in phishing detection. Theoretical and practical implications are discussed. The online appendix is available at https://doi-org.ezproxy2.utwente.nl/10.1287/isre.2016.0680. Collapse

Semantic filters: extended parallel process model

Topics: phishing electronic mail email phishing data security internet technology

Methods: survey experiment machine learning descriptive statistic partial least squares regression

Theories: extended parallel process model
What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors

2015 | Management Information Systems Quarterly | Citations: 666
Authors: Boss, Scott R.; Galletta, Dennis F.; Benjamin Lowry, Paul; Moody, Gregory D.; Polak, Peter

Abstract: Because violations of information security (ISec) and privacy have become ubiqui ... Expand

Abstract: Because violations of information security (ISec) and privacy have become ubiquitous in both personal and work environments, academic attention to ISec and privacy has taken on paramount importance. Consequently, a key focus of ISec research has been discovering ways to motivate individuals to engage in more secure behaviors. Over time, the protection motivation theory (PMT) has become a leading theoretical foundation used in ISec research to help motivate individuals to change their security-related behaviors to protect them- selves and their organizations. Our careful review of the foundation for PMT identified four opportunities for improving ISec PMT research. First, extant ISec studies do not use the full nomology of PMT constructs. Second, only one study uses fear-appeal manipulations, even though these are a core element of PMT. Third, virtually no ISec study models or measures fear. Fourth, whereas these studies have made excellent progress in predicting security intentions, none of them have addressed actual security behaviors. This article describes the theoretical foundation of these four opportunities for improvement. We tested the nomology of PMT, including manipulated fear appeals, in two different ISec contexts that model the modern theoretical treatment of PMT more closely than do extant ISec studies. The first data collection was a longitudinal study in the context of data backups. The second study was a short-term cross-sectional study in the context of anti-malware software. Our new model demonstrated better results and stronger fit than the existing models and confirms the efficacy of the four potential improvements we identified. Collapse

Semantic filters: extended parallel process model

Topics: backup malware self efficacy website social influence

Methods: longitudinal research experiment survey cross sectional research self reported survey

Theories: health belief model technology threat avoidance theory extended parallel process model

Page 1 of 1

AIS11

Journals

Conferences

Semantic Filter

Found 10 articles

Examining the Differential Effectiveness of Fear Appeals in Information Security Management Using Two-Stage Meta-Analysis

Beyond adaptive security coping behaviors: Theory and empirical evidence

Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model

The Impact of Threat and Efficacy on Information Security Behavior: Applying an Extended Parallel Process Model to the Fear of Ransomware.

Are You Coping or Copping Out? Wearable Users’ Information Privacy Perspective

Providing Theoretical Foundations: Developing an Integrated Set of Guidelines for Theory Adaptation

Behind Cyber Doors: Securing the Internet of Self

Examining Internet Users’ Adaptive and Maladaptive Security Behaviors Using the Extended Parallel Process Model

Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences

What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors