Search results

Internet monitoring in organizations can be used to monitor risks associated with Internet usage and information systems in organizations, such as employees' cyberloafing behavior and information security incidents. Extant research has mainly discussed the effect of Internet monitoring in achieving the targeted goals (e.g. mitigating cyberloafing behavior and information security incidents), but little attention has been paid to the possible side effects of Internet monitoring. Drawing on affective events theory, the authors attempt to reveal that Internet monitoring may cause side effects on employees' Internet usage policy satisfaction, intrinsic work motivation and affective organizational commitment.

The authors conducted a field experiment in a software development company. In total, 70 employees participated in the study. Mann–Whitney U test was employed to analyze the data.

The results suggest that Internet monitoring decreased employees' satisfaction with the Internet usage policy, intrinsic work motivation, as well as affective organizational commitment.

This study contributes to the literature by examining the side effects of Internet monitoring on employees. It also has implications for organizations to make appropriate decisions regarding whether to implement Internet monitoring.

The purpose of this study is to explore the antecedents of consumers’ online review intention in e-commerce platforms from a unique perspective of consumer commitment and platform design. Meanwhile, for the dual-platform strategy, i.e. providing both the web and mobile platforms simultaneously, which is widely adopted in the industry but lacks theoretical concerns, this study aims to examine the differences that platform design influences consumer commitment, consequently contributing to online review intention, between the web and mobile contexts.

A cross-sectional online survey is employed, and a structural equation model-based approach is utilized to analyze the data collected from both the website-preferred consumers (N = 167) and the mobile app-preferred consumers (N = 247).

The results indicate that instrumental support design factors and socio-emotional support factors positively influence consumer commitment, which further affect online review intention positively. Furthermore, design factors in different use contexts generate different impacts, and consumer commitment generates a greater effect on online review intention in the mobile than in the web context. Empathy is found to be an important motivator of consumer commitment in both contexts.

To the best of the authors’ knowledge, as one of the first attempts to capture the differences in the relationship between platform design on consumer commitment and online review intention in different use contexts within the dual-platform e-commerce, this study provides insights for e-commerce platform managers and designers to promote consumer commitment and online review engagement by prioritizing the platform design.

Unauthorised file sharing (UFS) in online communities (OCs) is a major intellectual property concern. Researchers have traditionally viewed UFS as digital piracy and have suggested that deterrents, such as legal actions, should be in place. However, previous research has not considered the OC context and cannot explain why OC members share unauthorised files even when there is legislation against this in place. In OCs, UFS exhibits features of public goods contribution. Therefore, the authors claim that public goods contribution motivations can provide a compelling explanation for UFS in OCs.

The authors propose a theoretical model in which two egoistic public goods contribution motivations (namely, warm-glow giving and demand for resources) are tested alongside motivations informed by the sanctions described by deterrence theory, a theory widely used within the digital piracy perspective.

The authors find that warm glow and demand for resources are positively related to UFS in OCs; the effect of warm glow is moderated by users' attachment to OCs. Importantly, the results suggest that although sanctions significantly predict UFS, the effect of sanctions on UFS becomes insignificant in the presence of warm glow, demand for resources and attachment.

The study offers new insights into why users engage in UFS and highlights that public goods contribution should be taken into account in developing anti-piracy policies and practices.

Traditionally, information security management standards listing generic means of protection have received a lot of attention in the field of information security management. In the background a few information security management‐oriented maturity criteria have been laid down. These criteria can be regarded as the latest promising innovations on the information security checklist‐standard family tree. Whereas information security maturity criteria have so far received inadequate attention in information security circles, software maturity endeavours have been the focus of constructive debate in software engineering circles. Aims to analyze what the alternative maturity criteria for developing secure information systems (IS) and software can learn from these debates on software engineering maturity criteria. First, advances a framework synthesized from the information systems (IS) and software engineering literatures, including six lessons that information security maturity criteria can learn from. Second, pores over the existing information security maturity criteria in the light of this framework. Third, presents, on the basis of results of this analysis, implications for practice and research.

Even though the human component has been recognized to have a crucial role in information systems (IS) security, the human issues have not received much attention. Recently a few approaches aimed at minimizing human‐related faults in the area of IS security have been put forward. This paper analyses different approaches aimed at minimizing user‐related faults. The existing approaches will be analysed from the viewpoint of their theoretical background, the research approaches employed, the research objectives and the organizational role of IS security. As a result, a new taxonomy, a comparison and critical analyses of the strengths and weaknesses of state‐of‐the‐art approaches shall be presented. Moreover, several issues that future research should explore and practitioners should consider when applying the results of the existing research are suggested.

There is an increasing movement towards emergent organizations and an adaptation of Web‐based information systems (IS). Such trends raise new requirements for security policy development. One such requirement is that information security policy formulation must become federated and emergent. However, existing security policy approaches do not pay much attention to policy formulation at all – much less IS policy formulation for emergent organizations. To improve the situation, an information security meta‐policy is put forth. The meta‐policy establishes how policies are created, implemented and enforced in order to assure that all policies in the organization have features to ensure swift implementation and timely, ongoing validation.

The current approaches in terms of information security awareness and education are descriptive (i.e. they are not accomplishment‐oriented nor do they recognize the factual/normative dualism); and current research has not explored the possibilities offered by motivation/behavioural theories. The first situation, level of descriptiveness, is deemed to be questionable because it may prove eventually that end‐users fail to internalize target goals and do not follow security guidelines, for example – which is inadequate. Moreover, the role of motivation in the area of information security is not considered seriously enough, even though its role has been widely recognised. To tackle such weaknesses, this paper constructs a conceptual foundation for information systems/organizational security awareness. The normative and prescriptive nature of end‐user guidelines will be considered. In order to understand human behaviour, the behavioural science framework, consisting in intrinsic motivation, a theory of planned behaviour and a technology acceptance model, will be depicted and applied. Current approaches (such as the campaign) in the area of information security awareness and education will be analysed from the viewpoint of the theoretical framework, resulting in information on their strengths and weaknesses. Finally, a novel persuasion strategy aimed at increasing users’ commitment to security guidelines is presented.

Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.

The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.

The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.

The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.

The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research.

The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey.

The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks.

The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation.

The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.