Results

Found 43 articles

Clear filters

A deep learning-based Cyber-risk Management framework for smart cities

2023 | Americas Conference on Information Systems | Citations: 0
Authors: Sharma, Kalpit; Mukhopadhyay, Arunabha

Abstract: A malicious hacker can compromise speed limit signs in a smart city, leading to ... Expand

Abstract: A malicious hacker can compromise speed limit signs in a smart city, leading to collisions and congestion on pathways. We propose a Deep Learning-based Cyber-risk Assessment and Mitigation (DL-CRAM) model for the smart city administrator to address this. The model comprises three modules: cyber-risk assessment (CRA), cyber-risk quantification (CRQ), and cyber-risk mitigation (CRM). The CRA module uses a Convolutional Neural Network (CNN) algorithm to assess the probability of misreading two-digit speed limit signs. The CRQ module calculates the expected loss for the smart city due to collisions or congestion on the pathways. The CRM module proposes strategies to reduce cyber-risk using technological means and pass the residual risk to third-party cyber-insurer. Collapse

Semantic filters: general deterrence theory

Topics: smart city phishing financial information system autonomous driving system

Methods: survey artificial neural network decision tree classification deep learning

Theories: protection motivation theory general deterrence theory
How Do Paternalistic Leaders Motivate Employees’ Information Security Compliance? Building a Climate and Applying Sanctions
PDF
2023 | Journal of the Association for Information Systems | Citations: 0
Authors: Zhu, Jiawen; Feng, Gengzhong; Liang, Huigang; Tsui, Kwok-Leung

Abstract: This paper examines the underlying mechanisms through which paternalistic leade ... Expand

Abstract: This paper examines the underlying mechanisms through which paternalistic leadership (PL) motivates employees' information systems policy (ISP) compliance. We propose that the three dimensions of PL-authoritarian leadership (AL), benevolent leadership (BL), and moral leadership (ML)-influence employees' ISP compliance by affecting their perceptions of two information security control mechanisms: sanctions and the information security climate. Based on survey data from 760 participants, we found that the impact of AL is partially mediated by employees' perceptions of sanctions, the impact of BL is partially mediated by employees' perceptions of the information security climate, and the impact of ML is partially mediated by employees' perceptions of both sanctions and the information security climate. Our research extends the existing literature by exploring the impact of specific leadership styles on employees' perceptions of information security control mechanisms and by proposing that perceptions of information security control mechanisms play a mediating role between PL and ISP compliance. The findings suggest that in addition to choosing effective control mechanisms, it is also important for leaders to adjust their leadership style to ensure that employees perceive control mechanisms in the expected manner.Jiawen Zhu is an assistant professor in the School of Management, Xi'an Jiaotong University. She received a joint PhD degree from Xi'an Jiaotong University and City University of Hong Kong. Her research interests focus on topics relating to information security management, such as information security compliance and leadership in information security management and information security control mechanisms. Her research has been published in Collapse

Semantic filters: general deterrence theory

Topics: data security organizational context information security management organizational value IT policy

Methods: survey digital trace data self reported survey post-hoc analysis factor analysis

Theories: general deterrence theory
Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions
PDF
2022 | ACM SIGMIS Database | Citations: 0
Authors: Siponen, Mikko; Soliman, Wael; Vance, Anthony

Abstract: In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the ... Expand

Abstract: In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security research. Our review of IS research applying DT highlights that many fundamental assumptions of DT are unrecognized and therefore unexamined. This may have resulted in misunderstandings and conceptual confusions regarding some of the basic concepts of DT. For example, some IS studies confuse general deterrence with specific deterrence or do not recognize the difference between the two. Moreover, these fundamental assumptions, when directly examined, may provide important information about the applicability of DT in certain IS security contexts. This research commentary aims to identify and discuss some of the fundamental assumptions of DT and their implications for IS research. By examining these assumptions, IS researchers can study the previously unexplored aspects of DT in different IS contexts. Further, by recognizing these assumptions, IS scholars can revise them and build new variants of DT to better account for specific characteristics of IS behaviors and contexts. Collapse

Semantic filters: general deterrence theory

Topics: IT security IT security threat data security phishing social network

Methods: literature sample literature study synthesis field experiment experimental group

Theories: deterrence theory general deterrence theory
How to deal with corruption? Examining the roles of e-government maturity, government administrative effectiveness, and virtual social networks diffusion
PDF
2021 | International Journal of Information Management | Citations: 0
Authors: Arayankalam, Jithesh; Khan, Anupriya; Krishnan, Satish

Abstract: The role of e-government in combating corruption is an active area of research i ... Expand

Abstract: The role of e-government in combating corruption is an active area of research in Information Systems (IS). Drawing on the value framework for assessing e-government impact, and grounding our discussion on three theoretical perspectives, namely, (1) technological determinism theory, (2) general deterrence theory, and (3) Habermas’ public sphere perspective, we seek to explore how the diffusion of virtual social networks (VSNs) influences the relationships among e-government maturity, government administrative effectiveness, and cor ruption in a country. Our analyses based on publicly available archival data substantiate the (1) indirect re lationships between e-government maturity in a country and corruption in three branches of its government (i.e., legislature, executive, and judiciary) through government administrative effectiveness, (2) interaction effect of VSN diffusion on the relationship between e-government maturity in a country and its government adminis trative effectiveness, and (3) interaction effects of VSN diffusion on the relationships between government administrative effectiveness in a country and its corruption dimensions. The key contributions of this research include the establishment of the (1) role of e-government in combating corruption in three branches of the government, and (2) idea of the public sphere in the context of VSN diffusion, and the subsequent exploration of its effects on e-government outcomes of a country. Collapse

Semantic filters: general deterrence theory

Topics: government system social network legal information system knowledge base societal evaluation criteria

Methods: structural equation modeling mediation analysis archival research partial least squares path modeling survey

Theories: general deterrence theory lemon market theory
When enough is enough: Investigating the antecedents and consequences of information security fatigue
PDF
2021 | Information Systems Journal | Citations: 9
Authors: Cram, W. Alec; Proudfoot, Jeffrey G.; D'Arcy, John

Abstract: Despite concerns raised by practitioners, the potential downside of the informat ... Expand

Abstract: Despite concerns raised by practitioners, the potential downside of the information security demands imposed by organizations on their employees has received limited scholarly attention. Our research focuses on information security fatigue (hereafter security fatigue), which is defined as a socio-emotional state experienced by an individual who is tired of and disillusioned with security policies and their associated guidelines and procedures. This research delves into the security fatigue concept, investigates its antecedents and reports how fatigue affects employee security policy compliance (and non-compliance). Since security fatigue is not well articulated in the literature and there is limited understanding of its antecedents and consequences, we take a research approach that affords novel insight into this phenomenon. Specifically, we conduct 38 in-depth interviews with business and IT professionals, and then use a qualitative approach to construct a model, including seven research propositions, to highlight the key aspects of security fatigue. Our results indicate that four distinct antecedents contribute to security fatigue, which result in three unique consequences. We discuss security fatigue in relation to past theoretical views and related concepts within the security policy compliance literature and identify directions for future research. Collapse

Semantic filters: general deterrence theory

Topics: security policy information security policy compliance IT security data security IT security threat

Methods: qualitative interview qualitative coding grounded theory cross sectional survey longitudinal survey

Theories: general deterrence theory protection motivation theory theory of planned behavior
High-Risk Deviant Decisions: Does Neutralization Still Play a Role?
PDF
2021 | Journal of the Association for Information Systems | Citations: 0
Authors: Trinkle, Bradley; Warkentin, Merrill; Malimage, Kalana; Raddatz, Nirmalee

Abstract: Extant research has shown that neutralization processes can enable potential IS ... Expand

Abstract: Extant research has shown that neutralization processes can enable potential IS security policy violators to justify their behavior and overcome the deterrence effect of sanctions in order to engage in unethical behaviors. However, such sanctions are typically moderate and not career ending. We test the boundary conditions of this theory by evaluating whether neutralization plays a role in overcoming the impact of extreme levels of deterrence. We extend the Siponen and Vance (2010) framework within a professional context that assigns extreme sanctions to violators. Using the scenario-based factorial survey method common in IS security research, we collected data from future auditors who understand these extreme sanctions. We test the reasons that auditors may use to form intentions to falsify information concerning an information security issue with a company's accounting information system, thereby jeopardizing data integrity and security by modifying working papers to hide irregularities and, by doing so, violating their professional standards, which could result in career-ending sanctions. We empirically validated and tested the theoretical model. Our results show that sanctions play an important role in reducing employees' intentions to violate policy but that, even under extreme boundary conditions, employees might seek to rationalize their unethical behavior by denying responsibility for their actions through, for example, arguing that their supervisors pressured them into performing the violations. We also establish that messages heightening the awareness and perceptions of the certainty and severity of organizational punishment are likely to attenuate such deviant behaviors. We discuss the implications of these findings and suggest future avenues for research. Collapse

Semantic filters: general deterrence theory

Topics: behavioral intention accounting IT career IT security threat accounting information system

Methods: survey hierarchical linear modeling statistical hypothesis test experiment experimental design

Theories: deterrence theory neutralization theory behavioral theory general deterrence theory protection motivation theory
Curbing cyberloafing: studying general and specific deterrence effects with field evidence
PDF
2021 | European Journal of Information Systems | Citations: 6
Authors: Hensel, Przemysław G.; Kacprzak, Agnieszka

Abstract: Although the General Deterrence Theory has frequently been employed to study the ... Expand

Abstract: Although the General Deterrence Theory has frequently been employed to study the prevention of misconduct associated with computer use, the common reliance on survey data makes it difficult to measure the general and specific deterrence effects. We use one-group pre-test-post-test quasi-experiment based on data from a monitoring system covering 230 employees for nine months to study general and specific effects of two interventions: the reminder about possible punishment and the actual punishment. The interrupted time series analysis (ITSA) with ARIMA modelling employed to study the longitudinal effects of the interventions allowed to deliver novel findings. Punishing the violators of organisational policy affected both the punished and unpunished employees (decrease in cyberloafing by 41% and 24%, respectively). The effect was maintained for three months, that is until the end of our dataset. The punishment had a stronger effect on unpunished employees located closer in the organisational structure to the punished ones than on the remaining unpunished employees. Moreover, we show that reminder about the possibility of punishment brought no statistically significant effect, likely due to the earlier experience of punishment avoidance. We discuss implications for theory and designing organisational policies intended to curb cyberloafing. Collapse

Semantic filters: general deterrence theory

Topics: electronic surveillance internet technology human resource management information system use wireless LAN

Methods: longitudinal research qualitative interview time series analysis autoregressive integrated moving average autocorrelation analysis

Theories: general deterrence theory
Why Individual Employees Commit Malicious Computer Abuse: A Routine Activity Theory Perspective
PDF
2020 | Journal of the Association for Information Systems | Citations: 13
Authors: Luo, Xin (Robert); Li, Han; Hu, Qing; Xu, Heng

Abstract: Prior information security studies have largely focused on understanding employe ... Expand

Abstract: Prior information security studies have largely focused on understanding employee security behavior from a policy compliance perspective. We contend that there is a pressing need to develop a comprehensive understanding of the circumstances that lead to employee commitment of deliberate and malicious acts against organizational digital assets. Drawing on routine activity theory (RAT), we seek to establish a comprehensive model of employee-committed malicious computer abuse (MCA) by investigating the motivations of the offenders, the suitability of the desired targets, and the effect of security guardianship in organizational settings. Specifically, we delineate the effects of the individual characteristics of self-control, hacking self-efficacy, and moral beliefs, as well as the organizational aspects of deterrence based on the routine activity framework of crime. We tested this research model using research participants holding a wide range of corporate positions and possessing varying degrees of computer skills. Our findings offer fresh insights on insider security threats, identify new directions for future research, and provide managers with prescriptive guidance for formulating effective security policies and management programs for preventing MCA in organizations. Collapse

Semantic filters: general deterrence theory

Topics: self efficacy IT security threat data security usability security policy

Methods: survey conjoint analysis PLS tool cross sectional research structural equation modeling

Theories: activity theory social learning theory rational choice theory theory of planned behavior general deterrence theory
Taking it out on IT: A Mechanistic Model of Abusive Supervision and Computer Abuse

2020 | HICSS | Citations: 1
Authors: Nehme, Alaa; George, Joey F

Abstract: One salient issue in organizational information security is computer abuse. Draw ... Expand

Abstract: One salient issue in organizational information security is computer abuse. Drawing on the management literature, we identify abusive supervision as a potential factor that affects the latter. As such, this paper proposes a model that formulates why subordinates commit computer abuse in response to abusive supervision. The model focuses on the mechanism of displacing aggression in retaliating against the organization. Drawing upon neutralization and deterrence theories and grounded in appraisal theory, the model offers several propositions. Most notably, the model identifies an interplay among the relevant appraisals, the emotion of anger, neutralization, deterrence and computer abuse. The model also incorporates two conditional moderators, including supervisor’s organization embodiment and controllability. The specific propositions and implications are discussed. Collapse

Semantic filters: general deterrence theory

Topics: IT security threat data security

Methods: theory development

Theories: appraisal theory neutralization theory deterrence theory general deterrence theory
The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context
PDF
2020 | Information Systems Research | Citations: 14
Authors: Sarkar, Sumantra; Vance, Anthony; Ramesh, Balasubramaniam; Demestihas, Menelaos; Wu, Daniel Thomas

Abstract: In recent years, we have witnessed substantial increases in the frequency, scope ... Expand

Abstract: In recent years, we have witnessed substantial increases in the frequency, scope, and cost of data breaches. Accordingly, information security researchers have sought to understand why employees comply with or violate information security policies (ISPs) designed to prevent security incidents. Research suggests that compliance is not uniform but rather depends on contextual and individual factors, such as national culture. Scholars have long recognized that organizational subculture may be equally influential. A key example is professional subcultures, within which members typically share similar education, training, values, and identity. Research shows that behavior can vary widely across professional subcultures, and thus a single approach to promoting ISP compliance may not be equally effective across these subcultures. However, it is presently unclear how subculture influences ISP compliance. To address this need, we adopt a mixed-methods design to examine differences in ISP violation behavior among different professional subcultures in a healthcare organization. We first conducted an exploratory qualitative study to identify different attitudes toward ISP violations among three prominent professional healthcare groups: physicians, nurses, and support staff. Then, using a combination of qualitative interviews, observational fieldwork, and a quantitative survey, we explored how professional group membership moderates (1) the influence of perceptions of sanctions on intentions to violate the ISP and (2) the effect of intentions to violate on actual ISP violation behaviors. Our findings highlight the substantial effect of professional subculture on ISP violations in organizations and provide insights for researchers and managers that may be used to improve overall ISP compliance. Collapse

Semantic filters: general deterrence theory

Topics: workstation national culture data security organizational context IT security training

Methods: qualitative interview survey mixed method partial least squares regression survey design

Theories: general deterrence theory theory of planned behavior

Page 1 of 5 Next

AIS11

Journals

Conferences

Semantic Filter

Found 43 articles

A deep learning-based Cyber-risk Management framework for smart cities

How Do Paternalistic Leaders Motivate Employees’ Information Security Compliance? Building a Climate and Applying Sanctions

Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions

How to deal with corruption? Examining the roles of e-government maturity, government administrative effectiveness, and virtual social networks diffusion

When enough is enough: Investigating the antecedents and consequences of information security fatigue

High-Risk Deviant Decisions: Does Neutralization Still Play a Role?

Curbing cyberloafing: studying general and specific deterrence effects with field evidence

Why Individual Employees Commit Malicious Computer Abuse: A Routine Activity Theory Perspective

Taking it out on IT: A Mechanistic Model of Abusive Supervision and Computer Abuse

The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context