Kosheek Sewchurran, Derek Smith and Dewald Roode
The paper aims to paper an overview of a completed doctoral thesis which pursued the development of underlying theory (ontology) to give coherence to research in the information…
Abstract
Purpose
The paper aims to paper an overview of a completed doctoral thesis which pursued the development of underlying theory (ontology) to give coherence to research in the information systems (IS) project management space.
Design/methodology/approach
As a result of the considerable concern about a lack of underlying theory in project management the author has chosen to investigate the development of underlying theory to serve as a regional ontology to give debates undertaken to improve IS project management coherence. The thesis is a critical interpretive a priori effort. In the pursuit of the goal of developing a regional ontology, the notions, concepts and theories related to existentialism and social construction were investigated. These were investigated because the research literature places considerable emphasis on the need to understand as‐lived project experiences.
Findings
One of the significant outcomes that results from this research is the development of a proposed regional ontology. This was achieved by fusing the theories of Heidegger's Dasein, Bourdieu's “Theory of practice” and Maturana and Varela's “Theory of living systems”. The regional ontology is a consolidation of the various concepts defined by these researchers. These theories complement each other to give rise to a relational model of social construction which also has related phenomenological, existential and biological perspectives.
Practical implications
The proposed ontology was interpreted using the popular alternatives that have recently emerged alongside the established best practices such as project management body of knowledge. The perspectives of complex, responsive processes of relating, the temporary organisation, agility and organisational becoming were reviewed using the regional ontology. The interpretation process illustrated that the regional ontology is able to provide a more fundamental and coherent context to subsume and delimit these emerging new frames.
Originality/value
The thesis also discusses the researcher's view of contemporary project management practice that accords with the regional ontology principles. Through argument and the contemporary context of IS project management practice that was sketched, the principles of the regional ontology are illuminated. Through this process it was possible to claim that established best practice modes of education should not exist in isolation but should instead be situated within a wider analogical context that embraces the values of learning, becoming and innovating.
Details
Keywords
Brian O’Donovan and Dewald Roode
The debate about the emerging discipline of IS has been continuing at least since Banville and Landry questioned the possibility of “disciplining” MIS in 1989. Recent papers such…
Abstract
The debate about the emerging discipline of IS has been continuing at least since Banville and Landry questioned the possibility of “disciplining” MIS in 1989. Recent papers such as those in the book by Mingers and Stowell introduce fresh viewpoints and reopen the discussion along a new frontier. It would appear that an ontological framework to define a discipline could assist in making sense of what it is that information systems are all about. To this end, we develop a framework which derives from Heidegger’s concept of a regional ontology informed by the fundamental ontology of Dasein. This framework draws from Heidegger’s work and contends that a discipline also has Dasein’s kind of being. Following Heidegger, we arrive at a static model of a discipline in which the two constitutive parts are the cultural structure and the context of significance. A discipline is a totality, which emerges from and integrates these two components which are simultaneously irreducible to one another, and nonseparable in the whole. We then utilise Heidegger’s four ways of being, to show how change in a discipline can be incorporated in the framework. Finally, we reflect on how the framework could contribute towards the understanding of the discipline of information systems.
Details
Keywords
Kavya Sharma, Xinhui Zhan, Fiona Fui-Hoon Nah, Keng Siau and Maggie X. Cheng
Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research…
Abstract
Purpose
Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.
Design/methodology/approach
A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).
Findings
The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.
Originality/value
This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.
Details
Keywords
Hao Chen, Ofir Turel and Yufei Yuan
Electronic waste (e-waste) such as discarded computers and smartphones may contain large amounts of confidential data. Improper handling of remaining information in e-waste can…
Abstract
Purpose
Electronic waste (e-waste) such as discarded computers and smartphones may contain large amounts of confidential data. Improper handling of remaining information in e-waste can, therefore, drive information security risk. This risk, however, is not always properly assessed and managed. The authors take the protection motivation theory (PMT) lens of analysis to understand intentions to protect one's discarded electronic assets.
Design/methodology/approach
By applying structural equation modeling, the authors empirically tested the proposed model with survey data from 348 e-waste handling users.
Findings
Results highlight that (1) protection intention is influenced by the perceived threat of discarding untreated e-waste (a threat appraisal) and self-efficacy to treat the discarded e-waste (a coping appraisal) and (2) optimism bias plays a dual-role in a direct and moderating way to reduce the perceived threat of untreated e-waste and its effect on protection intentions.
Originality/value
Results support the assertions and portray a unique theoretical account of the processes that underline people's motivation to protect their data when discarding e-waste. As such, this study explains a relatively understudied information security risk behavior in the e-waste context, points to the role of optimism bias in such decisions and highlights potential interventions that can help to alleviate this information security risk behavior.
Details
Keywords
Jeffrey D. Wall and Prashant Palvia
The authors seek to understand the formation of control- and security-related identities among organizational employees through and interpretive narrative analysis. The authors…
Abstract
Purpose
The authors seek to understand the formation of control- and security-related identities among organizational employees through and interpretive narrative analysis. The authors also seek to identify how the identities form over time and across contexts. Several identities are identified as well as the changes that may occur in the identities.
Design/methodology/approach
Few interpretive or critical studies exist in behavioral information security research to represent employee perspectives of power and control. Using qualitative interviews and narrative analysis of the interview transcripts, this paper analyzes the security- and control-related identities and values that employees adopt in organizational settings.
Findings
Two major categories of behavioral security compliance identities were identified: compliant and noncompliant. Specific identities within the compliant category included: faithful follower vs the reasoned follower, and other-preserving versus the self-preserving identities. The noncompliant category included: anti-authority identity, utilitarian identity, trusting identity and unaware identity. Furthermore, three patterns of identity changes were observed.
Research limitations/implications
The authors’ narrative stories suggest that employee identities are complex and multi-faceted, and that they may be fluid and adaptive to situational factors. Future research should avoid assumptions that all employees are the same or that employee beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Thus, security control is far broader than is studied in behavioral studies. The authors find that history matters and should be examined carefully.
Practical implications
The authors’ study provides insights that managers can use to enhance security initiatives. It is clear that different employees build different control-related identities. Managers must understand that their employees are unique and will not all respond to policies, punishments, and other forms of control in the same way. The narratives also suggest that many organizations lack appropriate programs to enhance employees' awareness of security issues.
Originality/value
The authors’ narrative analysis suggests that employee security identities are complex and multi-faceted, and that they are fluid and adaptive to situational factors. Research should avoid assumptions that all employees are the same or that their beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Their history matters and should be examined carefully.
Details
Keywords
The purpose of this study is to comprehensively explore the password manager adoption landscape, delving into crucial factors such as performance, trust, social influence…
Abstract
Purpose
The purpose of this study is to comprehensively explore the password manager adoption landscape, delving into crucial factors such as performance, trust, social influence, self-efficacy, risk perception, security concerns, enjoyment and facilitating conditions. It also aims to contribute meaningful insights to security product research and practice.
Design/methodology/approach
A survey was used to investigate the characteristics of adoption intention for password managers. In total, 156 participants from a public university located in the Midwest region of the USA voluntarily completed the survey. Partial least squares structural equation modeling was used to estimate and validate causal relationships and the proposed research model.
Findings
Through empirical validation, this study demonstrates that constructs such as social influence, web-specific self-efficacy and perceived risk directly impact trust in password managers. Facilitating conditions and perceived security controls are identified as direct influencers on performance expectancy, deviating from the pathways of the traditional framework. Moreover, the model introduces novel elements crucial for comprehending password manager adoption, including “web-specific self-efficacy” and “perceived security control.”
Originality/value
The paper systematically reviews existing research on password managers, shedding light on crucial factors significantly influencing adoption behavior. By introducing deviations from conventional frameworks and theories, the study emphasizes the innovative nature of its model. It also formulates strategies to catalyze wider adoption and promote effective design of password managers, increasing user engagement rates.
Details
Keywords
Israa Abuelezz, Mahmoud Barhamgi, Armstrong Nhlabatsi, Khaled Md. Khan and Raian Ali
The aim of this study is to investigate how the demographics and appearance cues of potential social engineers influence the likelihood that targets will trust them and accept…
Abstract
Purpose
The aim of this study is to investigate how the demographics and appearance cues of potential social engineers influence the likelihood that targets will trust them and accept security risk.
Design/methodology/approach
Data were collected through an online survey of 635 participants, including 322 participants from Arab countries and 313 participants from the UK. The survey presented scenarios with 16 personas who offered participants the use of their mobile internet hotspot. These personas were characterized by combinations of age (young vs aged), gender (male vs female), ethnicity (Arab vs UK) and look formality (casual vs formal). The study measured both participants’ offer acceptance and trust in the persona.
Findings
Results indicated a higher likelihood of offer acceptance from female and aged personas, as well as a greater trust in these groups. Arab participants showed a preference for personas with Arabian ethnic features. In both samples, trust and acceptance were influenced by the persona’s appearance, which was found to be gender-dependent; with female personas in casual attire and male personas in formal attire being trusted more in comparison to female with formal attire and male with informal, respectively.
Practical implications
Findings highlight the importance of incorporating awareness of appearance-based biases in cybersecurity training, suggesting the need for culturally sensitive training programs to enhance defense against social engineering.
Originality/value
This study distinguishes itself by elucidating the influence of social engineers’ demographic and appearance cues on the likelihood of individuals to take security risks, thus addressing a significant gap in the literature which has traditionally emphasized the profiles of targets.
Details
Keywords
Naurin Farooq Khan, Hajra Murtaza, Komal Malik, Muzammil Mahmood and Muhammad Aslam Asadi
This research aims to understand the smartphone security behavior using protection motivation theory (PMT) and tests the current PMT model employing statistical and predictive…
Abstract
Purpose
This research aims to understand the smartphone security behavior using protection motivation theory (PMT) and tests the current PMT model employing statistical and predictive analysis using machine learning (ML) algorithms.
Design/methodology/approach
This study employs a total of 241 questionnaire-based responses in a nonmandated security setting and uses multimethod approach. The research model includes both security intention and behavior making use of a valid smartphone security behavior scale. Structural equation modeling (SEM) – explanatory analysis was used in understanding the relationships. ML algorithms were employed to predict the accuracy of the PMT model in an experimental evaluation.
Findings
The results revealed that the threat-appraisal element of the PMT did not have any influence on the intention to secure smartphone while the response efficacy had a role in explaining the smartphone security intention and behavior. The ML predictive analysis showed that the protection motivation elements were able to predict smartphone security intention and behavior with an accuracy of 73%.
Research limitations/implications
The findings imply that the response efficacy of the individuals be improved by cybersecurity training programs in order to enhance the protection motivation. Researchers can test other PMT models, including fear appeals to improve the predictive accuracy.
Originality/value
This study is the first study that makes use of theory-driven SEM analysis and data-driven ML analysis to bridge the gap between smartphone security’s theory and practice.
Details
Keywords
Hassan Jamil, Tanveer Zia, Tahmid Nayeem, Monica T. Whitty and Steven D'Alessandro
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However…
Abstract
Purpose
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.
Design/methodology/approach
The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.
Findings
The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.
Originality/value
The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.