Organizational Information Technology Norms and IT Quality

Belief systems, long recognized as a key component of managerial control, play an important role in IT success. Organizational beliefs (norms) favoring commitment to improvement and a risk/control perspective have been intentionally embedded in IT governance tools such as COBIT and ITIL. This study explores the connection between these norms and IT quality, developing and testing survey items to assess norm adoption. Both Regression and structured equation modeling results show statistically significant relationships between norm adoption, participation in normal driven activities, and organizational IT quality. Assessing norm adoption may especially help small organizations better assess, manage, and govern information syste

A Normative Model for Assessing SME IT Effectiveness

Information technology (IT) is a key enabler of modern small businesses, yet fostering reliably effective IT systems remains a significant challenge. This paper presents a light weight IT effectiveness model for small businesses to assess their IT and formulate strategies for improvement. Employing an action research approach we investigate a mixed method analysis of 120 survey responses from small family businesses and user participation in 10 semi-structured interviews. We then conduct critical reflection to identify refinements which are validated using 72 survey responses from university students. The results present compelling evidence that employees’ normative patterns (norms) are a significant driver of IT effectiveness in a second order PLS predictive model able to explain 26% of observed variance. A norms-based approach to IT effectiveness helps fill a significant research and managerial gap for organizations unable or unwilling to adopt IT best practice frameworks used by large organizations. Our findings imply that comparing norms to IT best practices may offer a less technical approach to assessing IT operations, which may be well suited to small businesses. Although further investigation cycles are needed to systematically test this model, we encourage small business managers to: 1) anticipate IT risks and mitigate them; 2) identify measures of IT performance, and monitor them, and 3) review/synchronize business and IT goals

Do measures of security compliance intent equal non-compliance scenario agreement?

To better protect organizations from the threat of insiders, IS security (ISS) research frequently emphasizes IS Security Policy (ISP) behavior. The effectiveness of an assessment model is typically analyzed either using short survey statements (behavior survey) or by using scenario agreement (prospective scenario) to measure current and prospective compliance (or non-compliance) behavior. However, a significant gap is the lack of statistical evidence to demonstrate that these two measures or dependent variables (DV) sufficiently agree with one another. We report on an effort to compare and contrast two assessment models which employed alternate styles of DVs and demonstrate that the primary construct from two different ISS behavioral theories had approximately the same effect size on either of the DVs. Our findings add support for substantial (but not overly correlated) synchronization between the two DV values, since we also observe that the prospective scenario non-compliance measure resulted in lower model fit while the behavior survey compliance measures fit both models with higher accuracy. We discuss our findings and recommend that for many studies there can be value in employing both DVs

FEAR APPEALS VERSUS PRIMING IN RANSOMWARE TRAINING

Employee non-compliance is at the heart of many of today’s security incidents. Training programs often employ fear appeals to motivate individuals to follow policy and take action to reduce security risks. While the literature shows that fear appeals drive intent to comply, there is much less evidence of their impact after intention is formed. Building on IPAM – a process nuanced model for compliance training and assessment – this study contrasts the impact of fear appeals vs. self-efficacy priming on ransomware training. In our proposed study, a pool of students will participate in a three-step series of training events. Some participants will encounter enhanced fear appeals at each step while others will be presented with materials that include priming signals intended to foster development of increased self-efficacy. Previously identified drivers of behavior (intent, processed-nuanced forms of self-efficacy, and outcome expectations) are measured so that the effect of the treatments can be contrasted. A scenario agreement methodology is used to indicate behavior as a dependent variable. We expect to show that while fear appeals are useful and help build intent to comply at the motivational stage, process-nuanced self-efficacy treatments are expected have a stronger effect on behavior post-intentional

Personal Motivation Measures for Personal IT Security Behavior

While IT security research has explored explanatory models using risk/fear/efficacy drivers, this effort emphasizes assessments of personal security optimism/pessimism as drivers of personal security behavior. Technical solutions can help but many organizational vulnerabilities are exacerbated by non-compliance. Individuals neglect to or choose not to comply with security practices, placing organizations at risk. In this study, we explore a model that identifies likely non-compliers. We assess constructs over time, assess perceptions of the pros and cons of compliance, and deliver small training/motivational content. In our results measuring over time and including pro/con perception increased explanatory power for compliance behavior and prediction algorithms were able to identify non-compliers with a high degree of accuracy. We assert that this approach, which integrates training and assessment over time and uses measures that may be more palatable for real-world settings, is promising for organizations who seek to both understand and improve security behavior

Will SOC telemetry data improve predictive models of user riskiness? A work in progress

Security Operation Centers (SOC) play a key role in protecting organizations from many cybersecurity threats, such as system intrusion or information breaches. A major challenge in improving SOC operations is the adequacy of the data used to identify such threats. Detection tools employed by SOCs are largely based on observable telemetry indicators (e.g., network traffic patterns or system logs and activities collected from user devices). However, the use of such telemetry data without understanding human behaviors in-depth can lead to increasing false-positive alerts. Prior work shows that it can even be a more significant problem when analysts largely ignore alerts if they are overwhelmingly false-positive. These false positive alerts raise SOC analysts’ cognitive workload, diminish conscious cognitive processing, and decrease their trust in future alerts

A normative model for assessing SME IT

Information technology (IT) is a key enabler of modern small businesses, yet fostering reliably effective IT systems remains a significant challenge. This paper presents a light weight IT effectiveness model for small businesses to assess their IT and formulate strategies for improvement. Employing an action research approach we investigate a mixed method analysis of 120 survey responses from small family businesses and user participation in 10 semi-structured interviews. We then conduct critical reflection to identify refinements which are validated using 72 survey responses from university students. The results present compelling evidence that employees’ normative patterns (norms) are a significant driver of IT effectiveness in a second order PLS predictive model able to explain 26% of observed variance. A norms-based approach to IT effectiveness helps fill a significant research and managerial gap for organizations unable or unwilling to adopt IT best practice frameworks used by large organizations. Our findings imply that comparing norms to IT best practices may offer a less technical approach to assessing IT operations, which may be well suited to small businesses. Although further investigation cycles are needed to systematically test this model, we encourage small business managers to: 1) anticipate IT risks and mitigate them; 2) identify measures of IT performance, and monitor them, and 3) review/synchronize business and IT goals

Water Uptake Threshold of Rabbiteye (\u3ci\u3eVaccinium ashei\u3c/i\u3e) Blueberries and Its Influence on Fruit Splitting

Split-resistant and split-susceptible rabbiteye blueberry fruit were evaluated at all stages of development to determine \u27\u27water uptake thresholds\u27\u27 by soaking in distilled water. Weight increase after soaking was measured, and percent weight gain was calculated to take into consideration the weight increase of the fruit from development. The ratio of percent increase in volume to weight increase resulting from water uptake was calculated. Ratios of percent water uptake to weight increase between splitsusceptible \u27Tifblue\u27 and split-resistant \u27Premier\u27 blueberries were found to be similar. The split-susceptible \u27Tifblue\u27 had a 1.6 g/50 fruit increase with a 1.7% water uptake and a ratio of 1.08. \u27Premier\u27 had a higher weight increase with 3.3 g/50 fruit and also a higher percentage of water uptake at 3.6% providing a ratio of 1.09. Although both absorbed water at a constant rate shown by a linear increase of weight increase over time, \u27Premier\u27 absorbed a significantly greater amount of water than did \u27Tifblue\u27 yet remained intact and did not split

Laboratory Method to Estimate Rain-Induced Splitting in Cultivated Blueberries

Preharvest rainfall that occurs when fruit are fully ripe or approaching full ripeness can result in detrimental fruit splitting in rabbiteye and southern highbush blueberries. This study was initiated to develop a laboratory method to model rain-related incidence of splitting in cultivated blueberries with the goal of predicting the incidence of splitting in blueberry cultivars and selections. Multiyear field surveys of rabbiteye and southern highbush cultivars show that the incidence of rain-related splitting is strongly cultivar-dependent. Laboratory values for forced splitting and naturally occurring rain-related field splitting data show a strong correlation indicating that the incidence of fruit splitting can be accurately estimated by this laboratory method. Soaking the berries in distilled water 14 h at room temperature gives a confident determination of splitting tendencies. Blueberry breeders and geneticists can use this method to evaluate new potential blueberry cultivars for splitting tendencies as part of routine screening. This would lead to a long-term goal of reducing splitting susceptible blueberry cultivars in commercial plantings

Diversity and Inclusion Practices in Nonprofit Associations

40 pagesThe aim of this mixed methods study is to explore and contribute to the literature by describing how associations develop and support diversity and inclusion (D&I) practices. The study was conducted using an online survey, focus groups, and interviews with practitioners. The report is designed to assist organizations in developing practices and hopefully improve the inequalities facing the nation. This report does so by examining individual association’s leadership and their attempts, challenges, and successes, implementing D&I practices. Readers will probably identify the location of their organization and their professional field or trade along the path towards successful implementation. Understanding their own location compared with other associations, may uncover key waypoints to assist their movement towards successful D&I implementation.The Center for Association Leadershi