The Mobile Privacy-Security Knowledge Gap Model: Understanding Behaviors

Increasing collection of individuals’ information has led to several security and privacy issues, such as identity theft and targeted marketing. These risks are further heightened in the mobile realm as data collection can occur continuously and ubiquitously. Most existing research considers threats to privacy and security as separate concerns, resulting in separate research streams. However, focusing on information privacy alone results in a lack of understanding of the security ramifications of individual information disclosure. Using the Information Motivation Behavioral (IMB) Skills Model as a theoretical foundation, we develop the Knowledge Gap Model of Security and Privacy Behavior. In the model, we propose that two knowledge gaps exist that affect how individuals enact security and privacy behaviors: the security-privacy knowledge gap, and the knowledge-belief gap. We use the model to develop a research agenda for future research

The Compromise of One’s Personal Information: Trait Affect as an Antecedent in Explaining the Behavior of Individuals

This research examined the role trait affect, a lifelong and generally stable type of affect, has on the information security behavior of individuals. We examined this in the context of how one responds to the threat of one’s personal information becoming compromised. This was done by extending Protection Motivation Theory (PMT) by incorporating the two higher order dimensions of affect, positive affect and negative affect, as antecedents to self-efficacy, perceived threat severity, and perceived threat vulnerability. A survey was used to explore this further. Seven of the 11 hypotheses were supported, including three of the six related to affect. This research makes two primary contributions. First, trait affect may play an indirect role in understanding how individuals evaluate, respond to, and cope with a threat. Second, this research extended the application of PMT, which has been the primary theory used to understand the information security behavior of individuals

IP Bouncer: An End-User Network Privacy Enhancing Tool

IP Bouncer is a novel IT artifact that exposes unexpected and unwanted network communication initiated by trusted “insider” applications. It closely follows design science guidelines illustrated in the five design principles of the artifact. One of the novel aspects of the design is the key-pair approach used for assessing appropriate or inappropriate network communications. By coupling the context-awareness of the user with online aggregators of blacklists, IP Bouncer offers greater individual and organizational security protection and earlier detection of network anomalies

Robbing Peter to Pay Paul: Surrendering Privacy for Security’s Sake in an Identity Ecosystem

Despite individuals’ and organizations’ best efforts, many significant information security threats exist. To alleviate these threats, researchers and policy makers have proposed new digital environments called identity ecosystems. These ecosystems would provide protection against attackers in that a third party intermediary would need to authenticate users of the ecosystem. While the additional security may help alleviate security threats, significant concern exists regarding ecosystem users’ privacy. For example, the possibility of targeted attacks against the centralized identity repository, potential mismanagement of the verified credentials of millions of users, and the threat of activity monitoring and surveillance become serious privacy considerations. Thus, individuals must be willing to surrender personal privacy to a known intermediary to obtain the additional levels of protection that the proposed ecosystems suggest. We investigate the reasons why individuals would use a future identity ecosystem that exhibits such a privacy-security tradeoff. Specifically, we adopted a mixed-methods approach to elicit and assess the major factors associated with such decisions. We show that 1) intrapersonal characteristics, 2) perceptions of the controlling agent, and 3) perceptions of the system are key categories for driving intentions to use ecosystems. We found that trustworthiness of the controlling agent, perceived inconvenience, system efficacy, behavioral-based inertia, censorship attitude, and previous similar experience significantly explained variance in intentions. Interestingly, general privacy concerns failed to exhibit significant relationships with intentions in any of our use contexts. We discuss what these findings mean for research and practice and provide guidance for future research that investigates identity ecosystems and the AIS Bright ICT Initiative

Does Privacy Really Matter? An Extended Perspective on Individual Information System Continuance Use

Recent privacy breaches through Facebook demonstrate that these breaches do not always reduce the use of a social media website after a very public breach, in fact, some people use the social media website more. This behavior leads to the question of whether privacy violations influence people’s continued use of Facebook. In this paper, we propose that people have privacy expectations when they use social media websites and when those privacy expectations are not disconfirmed they will be satisfied with the experience and continue using the website. Combining privacy expectations with the expectation disconfirmation theory, we provide a conceptual model to examine privacy-related factors that influence Facebook continuance use

Rhetorical appeals and legitimacy perceptions: How to induce information security policy compliance

This paper intends to extend Protection Motivation Theory (one of the leading theories in Information Security research) based on innovation diffusion and institutional legitimacy theories. We postulate that legitimacy, in which fear is only a partial representation, is a more comprehensive antecedent to intention to comply with security policies. We argue the use of ethos, pathos, and logos appeals to complement the fear rhetoric traditionally present in information security research to elicit legitimacy judgments and indirectly intention to comply. We propose an experiment in which by manipulating the rhetorical elements of the communication, we can study its impact on legitimacy and ultimately intention to abide by the security policy

Fitness Technology and Exercise Engagement: How Technology Affordances Facilitate Fitness Goal Attainment

To realize desired health returns, fitness technology providers, users, and corporate wellness program managers need to understand how individuals’ different uses of fitness technologies influence their fitness experience and fitness goal achievements. Thus, this study draws on the theory of affordances and the concept of engagement to develop and empirically test a model of fitness technology use as goal-directed behavior. Doing so highlights the relationship between trying to use fitness technologies and trying to perform fitness activities with fitness goal attainment. Our results show that while actualized self-appraisal affordance amplifies users’ cognitive exercise engagement, cognitive exercise engagement does not significantly influence fitness goal attainment. Furthermore, actualized self-appraisal and social appraisal affordances enhance users’ emotional exercise engagement, positively influencing fitness goal attainment. Thus, facilitating the actualization of self-appraisal and social appraisal affordances that increase individuals’ emotional exercise engagement is essential to the effective use of fitness technologies

A Review on Consumer Health Information Technology Research in IS

While there is a rapid growth in the application of consumer health information technology (CHIT), its growth as an area of interest in IS research is still relatively slow. While there is great potential for research in this area, knowledge barriers to conducting CHIT research do exist. These include a lack of a clear definition of CHIT and lack of knowledge on the current state of CHIT research in IS. To overcome these barriers, we offer a definition of CHIT and then use that definition, together with the IT artifact perspective, to conduct a thematic analysis of CHIT research in the IS domain. We find that CHIT research spans all five IT views but to different degrees: nominal, proxy, and tool views are the most widely used perspectives. Based on our analysis, we suggest future research directions to enrich understanding of CHIT