Managing Technology and Administration Innovations: Four Case Studies on Software Reuse

A software process innovation, such as software reuse, involves both technology and administration innovation. Following literature on organizational change, absorptive capacity, innovation assimilation stages, and software reuse, we develop a process model of the assimilation trajectory of an organization¡¯s innovation. The model postulates that actors at different organizational levels implement strategy, process, and culture changes in order for an organization to advance through the stages of innovation assimilation. The actions at these levels instill routines that establish the absorptive capacity for implementing future innovations. Case-study data collected from four software development sites ¨C two reporting failure in the reuse program, and two reporting success ¨C revealed that programs that implemented change at the strategy, process and culture levels scored higher on all paths in the model than non-successful programs. The right incentives help in the latter stages of innovation assimilation during which culture change by operational staff is important

The value relevance of an official press release of a security breach and complementarities between the content elements of the release

The importance of signaling to inform the public of a security incident occurrence at a firm through an official press release is discussed. The majority of prior research has discussed the impact of public knowledge of a security incident occurrence on the share prices of a firm. This study analyzes two competing models of the relationship between a firm’s reputation and the firm doing a press release, and the subsequent impact on the market valuation of the firm. Content of the press release that is specific to information security, overt CEO involvement and transparency in data affected, serves as an additional signal for the market. A switching regression model of 169 security incidents (with and without an official press release) versus a Heckman Sample Selection model of 111 security incidents (with an official press release) of publicly traded firms between 2014 and 2021 upholds the logic of the signaling characteristic of the decision to do an official press release with respect to the reputation of the firm. The roles of overt CEO involvement and transparency in data affected under this framework is statistically significant

Information Spillover and Semi-Collaborative Networks in Insurer Fraud Detection

Information spillovers are benefits that a party obtains from the IT efforts of another party. Because these benefits arise from data and information sharing, they are best studied at a process level. Medical claims fraud detection is a prototypical data- and information-intensive process in insurance companies. Fraud detection efforts of one insurer can create spillover benefits through data and information sharing that occur from socialization between analysts and labor mobility between insurers. This paper theorizes three semicollaborative networks formed between state-level subsidiaries of insurers (regulation-bound network), between subsidiaries of an insurer parent company (sibling network), and between insurers and hospitals (risk-sharing), and hypothesizes that these networks convey information spillovers. Because benefits realized by another party can lead to the reduction of IT investments by that party, the paper also examines the impact of semi-collaborative networks on future IT-related investments. The empirical analysis was conducted using 2011–2013 data. A generalized linear model with a Tweedie distribution is used to correct for the finite mass of zeros for the dependent variables. The results reveal that the sibling network conveyed most of the spillover benefit, and the risk-sharing network did not contribute to fraud detection. The sibling network is also found to depress future spending on fraud detection

Executives’ Commitment to Information Security : Interaction between the Preferred Subordinate Influence Approach (PSIA) and Proposal Characteristics

Two aspects of decision-making on information security spending, executives' varying preferences for how proposals should be presented and the framing of the proposals, are developed. The proposed model of executives' commitment to information security is an interaction model (in addition to the cost of a security solution, and the risk and the potential loss of a security threat) consisting of the interaction between an executive's preferred subordinate influence approach (PSIA), rational or inspirational, and the framing, positive or negative, of a security proposal. The interaction of these two constructs affects the executive's commitment to an information security proposal. The model is tested using a scenario-based experiment that elicited responses from business executives across 100+ organizations. Results show that the interaction of the negative framing of a proposal and the inspirational PSIA of an executive affects his or her commitment to information security. Further, negative framing of a proposal and the cost of the security solution interact to decrease the executive's commitment to information security. This study underscores that prescriptions for business executives from normative models in information security spending must be complemented with appropriately framed messages to account for the differences in executives' PSIA (rational and inspirational) and cognitive biases.peerReviewe

An Empirical Examination of the Economics of Mobile Application Security

The growth of mobile devices coupled with advances in mobile technologies has resulted in the development and widespread use of a variety of mobile applications (apps). Mobile apps have been developed for social networking, banking, receiving daily news, maintaining fitness, and job-related tasks. The security of apps is an important concern. However, in some cases, app developers may be less interested in investing in the security of apps, if users are unwilling to pay for the added security. In this paper, we empirically examine whether consumers are less willing to pay for security features than for usability features. In addition, we examine whether a third-party certification of security features makes customers more willing to pay for security. Furthermore, we investigate the impact of risk perceptions on the willingness to pay for security. To explore these issues, we conducted a scenario-based experiment on mobile app users. Results from our analyses show that consumers are indeed less likely to pay for security features than usability features. However, the likelihood of paying for security features can be significantly increased by third-party certification of the features. Based on our analysis, we offer insights to producers of mobile apps to monetize the enhanced security features of their apps