Can Trust be Trusted in Cybersecurity?

Human compliance in cybersecurity continues to be a persistent problem for organizations. This research-in-progress advances theoretical understanding of the negative effects of trust formed between individuals and the cybersecurity function (i.e., those responsible for protection), cybersecurity system (i.e., the protective technologies), and organization (i.e., those verifying the cybersecurity department) that leads to suboptimal compliance behaviors. In contrast to the current information security literature that focuses on how organizations can induce compliance, this study begins to provide understanding into the degradation of compliance by organizations and how to combat it. An integrated model is conceptualized using the theories of trust and attention. This model provides the theoretical foundation to study the role of dark side trust in the context of cybersecurity and provides initial mechanisms to reduce it. Additionally, by developing this conceptualization of dark side trust and model, this study contributes to the general study of trust in information systems research outside of the domain of cybersecurity

The Effects of Recruitment Message Specificity on Applicant Attraction to Organizations

We used the elaboration likelihood model from marketing research to explain and examine how recruitment message specificity influences job seeker attraction to organizations. Using an experimental design and data from 171 college-level job seekers, the results showed that detailed recruitment messages led to enhanced perceptions of organization attributes and person-organization fit. Perceptions of fit were found to mediate the relationship between message specificity and intention to apply to the organization. In addition, perceptions of organization attributes and person-organization fit were found to influence intentions to apply under circumstances of explicit recruitment information while attractiveness and fit perceptions were shown to influence application intentions under conditions of implicit recruitment information. The theoretical and practical implications of these findings are discussed

The best of both worlds: highlighting the synergies of combining manual and automatic knowledge organization methods to improve information search and discovery.

Research suggests organizations across all sectors waste a significant amount of time looking for information and often fail to leverage the information they have. In response, many organizations have deployed some form of enterprise search to improve the 'findability' of information. Debates persist as to whether thesauri and manual indexing or automated machine learning techniques should be used to enhance discovery of information. In addition, the extent to which a knowledge organization system (KOS) enhances discoveries or indeed blinds us to new ones remains a moot point. The oil and gas industry was used as a case study using a representative organization. Drawing on prior research, a theoretical model is presented which aims to overcome the shortcomings of each approach. This synergistic model could help to re-conceptualize the 'manual' versus 'automatic' debate in many enterprises, accommodating a broader range of information needs. This may enable enterprises to develop more effective information and knowledge management strategies and ease the tension between what arc often perceived as mutually exclusive competing approaches. Certain aspects of the theoretical model may be transferable to other industries, which is an area for further research

Organizational Violations of Externally Governed Privacy and Security Rules: Explaining and Predicting Selective Violations under Conditions of Strain and Excess

Privacy and security concerns are pervasive because of the ease of access to information. Recurrent negative cases in the popular press attest to the failure of current privacy regulations to keep consumer and protected health information sufficiently secure in today’s climate of increased IT use. One reason for such failure is that organizations violate these regulations for multiple reasons. To address this issue, we propose a theoretical model to explain the likelihood that organizations will select an externally governed privacy or security rule for violation in response to organizational strain or slack resources. Our proposed theoretical model, the selective organizational information privacy and security violations model (SOIPSVM), explains how organizational structures and processes, along with characteristics of regulatory rules, alter perceptions of risk when an organization’s performance does not match its aspiration levels and, thereby, affects the likelihood of rule violations. Importantly, we contextualize SOIPSVM to organizational privacy and security violations. SOIPSVM builds on and extends the selective organizational rule violations model (SORVM), which posits that organizational rule violations are selective. SOIPSVM provides at least four contributions to the privacy and security literature that can further guide empirical research and practice. First, SOIPSVM introduces the concept of selectivity in rule violations to privacy and security research. This concept can improve privacy and security research by showing that organizational violations of privacy and security rules are dynamic and selective yet influenced by external forces. Second, SOIPSVM extends the boundaries of SORVM, which is limited to explaining the behavior of organizations under strain, such as economic hardship. We contribute to the theory of selective deviance by proposing that selectivity extends to organizations with slack resources. Third, we address ideas of non-economic risk and strain in addition to economic risk and strain. Thus, SOIPSVM explains organizational rule-violating behavior as an attempt to protect core organizational values from external entities that pressure organizations to change their values to comply with rules. Fourth, we broaden the theoretical scope of two important constructs (namely, structural secrecy and procedural emphasis) to improve the model’s explanatory power. Fifth, we identify important elements of rule enforcement by drawing from the tenets of general deterrence theory. We also discuss how one can study constructs from general deterrence theory at the organizational level. To conclude, we offer recommendations for the structuring of organizations and external regulations to decrease organizational rule violations, which often lead to the abuse of consumer information

The Effects of Identifiability, Trust, and Deception on Information Sharing Behaviors in an Anonymous System

Sharing sensitive information can help organizations better understand risks in the environment in which they operate. However, the lack of a trusted, anonymous method for collecting and distributing sensitive information, together with substantial risks associated with disclosing such information, has limited the extent of information sharing among organizations. This research examines the potential of Trusted Query Network (TQN), a methodology for anonymously distributing information among trusted parties. Specifically, this research examines users\u27 perceptions of trust towards the anonymity of the TQN system and the effect of identifiability on users\u27 tendency to be deceptive. A free simulation experiment is proposed to test a theoretical model that explains how trust, identifiability, and deception affect users\u27 information sharing behaviors in an anonymous system

A Mediated Impacts Model of Demand Volatility on Inventory Flow Integration in Supply Chains

We develop a theoretical model about how organizations cope with the bullwhip effect created by consumer demand uncertainty through product modularity and information sharing across the supply chain. Unpredictability of consumer demand is likely to accentuate inventory flows in the supply chain. Information sharing and product modularity can be used by organizations to mediate the impact of uncertain product demand on inventory flow integration. An organization’s success in coping with the bullwhip effect is reflected in the degree to which inventory flows are integrated across the supply chain. Our results suggest that (1) information sharing is essential for achieving integration of inventory flows irrespective of the demand environment, and (2) the strategy of modular product design can help organizations enhance inventory flows under conditions of consumer demand uncertainty

An Empirical Study of Electronic Commerce Intrapreneurship Within the IT Units of Large Organizations

The rapid growth of the electronic commerce (EC) sector saw the traditional business models of many large organizations being challenged by internet technology-based dot.com start-ups. One reason that can be identified for this is the inability of the information technology (IT) units of these large organizations to respond in a timely manner to the technological innovation and entrepreneurial challenge of electronic commerce. There is therefore a need for chief information officers (CIOs) and information systems managers in large organizations to pay greater attention to nurturing electronic commerce ìintrapreneurshipî (also known as corporate entrepreneurship) within their IT units. This study develops and empirically validates a theoretical model for electronic commerce intrapreneurship within the IT units of large organizations through an empirical survey of chief information officers. The survey focuses on measuring the level of EC intrapreneurship within the IT unit as represented by its four theoretical components: new business venturing, innovativeness, self- renewal and proactiveness. The study also investigates other constructs representing the environmental and organizational antecedents of IT unit intrapreneurship, as well as its effects on both electronic commerce assimilation and organizational performance. The results clarify the role that the IT units of large corporations have played in the organizational response to the business and technical innovation challenge of electronic commerce

Information Security Policy Compliance: An Empirical Study of Ethical Ideology

Information security policy compliance (ISP) is one of the key concerns that face organizations today. Although technical and procedural measures help improve information security, there is an increased need to accommodate human, social and organizational factors. Despite the plethora of studies that attempt to identify the factors that motivate compliance behavior or discourage abuse and misuse behaviors, there is a lack of studies that investigate the role of ethical ideology per se in explaining compliance behavior. The purpose of this research is to investigate the role of ethics in explaining Information Security Policy (ISP) compliance. In that regard, a model that integrates behavioral and ethical theoretical perspectives is developed and tested. Overall, analyses indicate strong support for the validation of the proposed theoretical model

Security policy compliance: User acceptance perspective

Information security policy compliance is one of the key concerns that face organizations today. Although, technical and procedural security measures help improve information security, there is an increased need to accommodate human, social and organizational factors. While employees are considered the weakest link in information security domain, they also are assets that organizations need to leverage effectively. Employees\u27 compliance with Information Security Policies (ISPs) is critical to the success of an information security program. The purpose of this research is to develop a measurement tool that provides better measures for predicting and explaining employees\u27 compliance with ISPs by examining the role of information security awareness in enhancing employees\u27 compliance with ISPs. The study is the first to address compliance intention from a users\u27 perspective. Overall, analysis results indicate strong support for the proposed instrument and represent an early confirmation for the validation of the underlying theoretical model

IT-enabled Interorganizational Information Sharing Under Co-opetition in Disasters: A Game-Theoretic Framework

Increasing uncertainty in the business world requires organizations to establish temporary, IT-enabled interorganizational information exchanges on short notice. Information sharing among disaster relief organizations represents an extreme case of these ad hoc interorganizational information exchanges, and therefore provides a good reference point for analyzing firms’ strategic competitive and cooperative considerations (co-opetition). While ad hoc IT-enabled interorganizational information sharing is particularly crucial in facilitating efficient disaster response, little research has outlined the main barriers and benefits of participation in these ad hoc information relationships, with the existing literature often overlooking the competitive aspects. We demonstrate that the ad hoc humanitarian context of natural disasters provides additional insights to existing understandings of information sharing costs and benefits under co-opetition. An elaborated game-theoretic model is developed that provides a theoretical foundation for empirical and modeling research on IT-enabled interorganizational information sharing, under co-opetition in disaster relief, as well as in other business contexts