Security Warning Messages Research: Past and Future

Research on the effects of IT security warning messages has increased in the last several years. Most studies empirically examining such warning messages chiefly focus on warning content and/or aesthetics and their effects on attention and/or behavior. Many of these studies cite the Communication-Human Information Processing (C-HIP) model as a foundation, yet this model includes other important and under-researched constructs, including perceptions of the source of a message, comprehension of a message, attitudes and beliefs, and fear. In this study, we performed a comprehensive literature review of empirically published studies on IT security warning messages. We propose a comprehensive theoretical model that entails both C-HIP and Protection Motivation Theory. We then categorize our catalog of IT security warning message research papers according to which propositions in our model have been previously studied. We focus specifically in this paper on those under-researched areas that provide opportunities for future research

Perceptions of Risk and Security Concerns with Mobile Devices using Biometric vs Traditional Authentication Methods

Authentication methods on mobile devices provide an important layer of security. Many types of authentication methods exist, some traditional and some biometric-based. In this study, we use a survey method to examine whether the presence and type of an authentication method affect perceptions of risk and security concerns around three specific types of mobile device actions: banking, health, and activities with personally identifiable information (PII). We also survey users’ general perceptions of trust, usefulness, convenience, and ease of use toward authentication methods, both traditional and biometric. We find that users’ perceptions of risk and security concerns change when users consider the type of authentication method present on a device. While traditional methods are still more familiar to most users, we also find that perceptions of biometric-based methods are more similar to perceptions of traditional methods than in the past

‘Collective intelligence’ is not necessarily present in virtual groups

When we communicate online, we miss an important element of group intelligence: social sensitivity, write Jordan B. Barlow and Alan R. Denni

We’re In This Together: The Role of Team Characteristics in Enterprise Process Execution and Performance

Organizations face challenges after a new enterprise system (ES) implementation, including employee resistance and negative impacts on organizational outcomes. ESs are used by employees in coordination with their team members for executing business processes. Consequently, team characteristics are likely to play a critical role in influencing perceptions about effective process execution and performance when using ESs. Yet research has not investigated the influence of team characteristics, such as team coordination, shared mental models, and mutual trust, in overcoming challenges associated with process execution following a new ES implementation. We conducted a lab simulation to investigate the role of team characteristics to moderate the influence of process characteristics on team and process performance. We posit that even if teams initially perceive processes as complex, rigid, and radical, team characteristics can mitigate these perceptions and reduce their influence on performance outcomes

Evaluating the Role of Trust in Adoption: A Conceptual Replication in the Context of Open Source Systems

This study is a conceptual replication of the Chandra, Srivastava, & Theng (2010) study on the role of trust in adopting a unique type of technology. Whereas Chandra et al. focused on mobile payment systems, we apply their theoretical model to the context of adopting open source software (OSS). Results are largely consistent and comparable with those of the original model; we also found that user trust plays a vital role in OSS adoption intention. However, two of the hypotheses had significantly different results in our model when compared to the original—specifically, perceived reputation did not have a significant impact on trust in the technology, and trust had a more powerful effect on the perceived usefulness of the technology. We argue that users’ expectations regarding trust are different depending on the type of technology that a user intends to adopt

Don’t Even Think About It! The Effects of Antineutralization, Informational, and Normative Communication on Information Security Compliance

Organizations use security education, training, and awareness (SETA) programs to counter internal security threats and promote compliance with information security policies. Yet, employees often use neutralization techniques to rationalize noncompliant behavior. We investigated three theory-based communication approaches that can be incorporated into SETA programs to help increase compliance behavior: (1) informational communication designed to explain why policies are important; (2) normative communication designed to explain that other employees would not violate policies; and (3) antineutralization communication designed to inhibit rationalization. We conducted a repeated measures factorial design survey using a survey panel of full-time working adults provided by Qualtrics. Participants received a SETA communication with a combination of one to three persuasion statements (informational influence, normative influence statement, and/or an antineutralization), followed by a scenario description that asked for their intentions to comply with the security policy. We found that both informational (weakly) and antineutralization communication (strongly) decreased violation intentions, but that normative communication had no effect. In scenarios where neutralizations were explicitly suggested to participants, antineutralization communication was the only approach that worked. Our findings suggest that we need more research on SETA techniques that include antineutralization communication to understand how it influences behavior beyond informational and normative communication

Organizational Violations of Externally Governed Privacy and Security Rules: Explaining and Predicting Selective Violations under Conditions of Strain and Excess

Privacy and security concerns are pervasive because of the ease of access to information. Recurrent negative cases in the popular press attest to the failure of current privacy regulations to keep consumer and protected health information sufficiently secure in today’s climate of increased IT use. One reason for such failure is that organizations violate these regulations for multiple reasons. To address this issue, we propose a theoretical model to explain the likelihood that organizations will select an externally governed privacy or security rule for violation in response to organizational strain or slack resources. Our proposed theoretical model, the selective organizational information privacy and security violations model (SOIPSVM), explains how organizational structures and processes, along with characteristics of regulatory rules, alter perceptions of risk when an organization’s performance does not match its aspiration levels and, thereby, affects the likelihood of rule violations. Importantly, we contextualize SOIPSVM to organizational privacy and security violations. SOIPSVM builds on and extends the selective organizational rule violations model (SORVM), which posits that organizational rule violations are selective. SOIPSVM provides at least four contributions to the privacy and security literature that can further guide empirical research and practice. First, SOIPSVM introduces the concept of selectivity in rule violations to privacy and security research. This concept can improve privacy and security research by showing that organizational violations of privacy and security rules are dynamic and selective yet influenced by external forces. Second, SOIPSVM extends the boundaries of SORVM, which is limited to explaining the behavior of organizations under strain, such as economic hardship. We contribute to the theory of selective deviance by proposing that selectivity extends to organizations with slack resources. Third, we address ideas of non-economic risk and strain in addition to economic risk and strain. Thus, SOIPSVM explains organizational rule-violating behavior as an attempt to protect core organizational values from external entities that pressure organizations to change their values to comply with rules. Fourth, we broaden the theoretical scope of two important constructs (namely, structural secrecy and procedural emphasis) to improve the model’s explanatory power. Fifth, we identify important elements of rule enforcement by drawing from the tenets of general deterrence theory. We also discuss how one can study constructs from general deterrence theory at the organizational level. To conclude, we offer recommendations for the structuring of organizations and external regulations to decrease organizational rule violations, which often lead to the abuse of consumer information

Maser Source Finding Methods in HOPS

The {\bf H}$_2${\bf O} Southern Galactic {\bf P}lane {\bf S}urvey (HOPS) has observed 100 square degrees of the Galactic plane, using the Mopra radio telescope to search for emission from multiple spectral lines in the 12\,mm band (19.5\,--\,27.5\,GHz). Perhaps the most important of these spectral lines is the 22.2\,GHz water maser transition. We describe the methods used to identify water maser candidates and subsequent confirmation of the sources. Our methods involve a simple determination of likely candidates by searching peak emission maps, utilising the intrinsic nature of water maser emission - spatially unresolved and spectrally narrow-lined. We estimate completeness limits and compare our method with results from the {\sc Duchamp} source finder. We find that the two methods perform similarly. We conclude that the similarity in performance is due to the intrinsic limitation of the noise characteristics of the data. The advantages of our method are that it is slightly more efficient in eliminating spurious detections and is simple to implement. The disadvantage is that it is a manual method of finding sources and so is not practical on datasets much larger than HOPS, or for datasets with extended emission that needs to be characterised. We outline a two-stage method for the most efficient means of finding masers, using {\sc Duchamp}.Comment: 8 pages, 1 table, 4 figures. Accepted for publication in PASA special issue on Source Finding & Visualisatio

Quaternary sea level changes in Scotland

This paper summarises developments in understanding sea level change during the Quaternary in Scotland since the publication of the Quaternary of Scotland Geological Conservation Review volume Quaternary of Scotland in 1993. We present a review of progress in methodology, particularly in the study of sediments in isolation basins and estuaries as well as in techniques in the field and laboratory, which have together disclosed greater detail in the record of relative sea level (RSL) change than was available in 1993. However, progress in determining the record of RSL change varies in different areas. Studies of sediments and stratigraphy offshore on the continental shelf have increased greatly, but the record of RSL change there remains patchy. Studies onshore have resulted in improvements in the knowledge of rock shorelines, including the processes by which they are formed, but much remains to be understood. Studies of Late Devensian and Holocene RSLs around present coasts have improved knowledge of both the extent and age range of the evidence. The record of RSL change on the W and NW coasts has disclosed a much longer dated RSL record than was available before 1993, possibly with evidence of Meltwater Pulse 1A, while studies in estuaries on the E and SW coasts have disclosed widespread and consistent fluctuations in Holocene RSLs. Evidence for the meltwater pulse associated with the Early Holocene discharge of Lakes Agassiz-Ojibway in N America has been found on both E and W coasts. The effects of the impact of storminess, in particular in cliff-top storm deposits, have been widely identified. Further information on the Holocene Storegga Slide tsunami has enabled a better understanding of the event but evidence for other tsunami events on Scottish coasts remains uncertain. Methodological developments have led to new reconstructions of RSL change for the last 2000 years, utilising state-of-the-art GIA models and alongside coastal biostratigraphy to determine trends to compare with modern tide gauge and documentary evidence. Developments in GIA modelling have provided valuable information on patterns of land uplift during and following deglaciation. The studies undertaken raise a number of research questions which will require addressing in future work

Discrepancies in East Asians' perceived actual and ideal phenotypic facial features

The present study tested for the existence of a phenotypic actual-ideal discrepancy in East Asians’ appraisals of their own faces, in the direction of idealizing a phenotypically “Whiter” face than they perceived themselves to have. The study was conducted in two phases. In the first phase, East Asian participants residing in the U.S. (N = 104; Mage = 18.73) came into the lab to have their photograph taken. They were sent a link to complete the second phase online. Participants were required to recall either their previous day, an experience of racial discrimination, or an experience of racial acceptance. They then selected their actual and ideal face from an array of faces comprising their actual face and eight variants of their face that had been transformed to look phenotypically more “White” or more “East Asian”. A robust actual-ideal discrepancy emerged: participants both idealized a phenotypically “Whiter” face and perceived themselves as having a more phenotypically “East Asian” face than they objectively did. This discrepancy arose irrespective of whether participants were reminded of an incident of racial discrimination or acceptance