“Information Security Is Not Really My Job”: Exploring Information Security Role Identity in End-Users

Given the significant role individuals play on the welfare of organizations’ security, end users are encouraged to see themselves as part of the information security solution and are expected to perform certain end-user security roles. However, there is often a divide between the organization’s expectations of the end-user’s information security role and the end-user’s functional role. We explore the concept of role identity in order to understand the factors that increase the importance ascribed to the information security end user role, which in turn affects performance and actions towards security behaviors. We develop a model that focuses on two issues: (1) factors that increase information security role identity (ISRI) and (2) consequents of ISRI, specific to security behaviors. A survey was used to explore the relationships in the model. Theoretical and practical implications of this research are presented

The Role of Trust and Familiarity in Click-through Intention: A Perception Transfer Theory in a Cybersecurity Context

Despite constant reminders, warnings on avoidance techniques, information security policies, and anti-virus software reminders, individuals still fall prey to malware attacks. This paper looks at the role that familiarity and trust play on the individual’s intention to click-through web based malware. Hypotheses are developed to suggest that click-through intention is influenced by trust and familiarity. Two scenarios to test the hypotheses are described. Expected contributions and limitations are noted

Beyond Security and Privacy Perception: An Approach to Biometric Authentication Perception Change

The aim of the paper is to shed light on the factors affecting perception shifts in biometrics authentication. This study explores trust relationships in the adoption of biometrics using the valence framework to understand and explain the individual’s evaluation of risk concerning biometrics. Hypotheses are developed to suggest that individuals’ intention to use biometrics is influenced by trust in the vendor. An experiment to test the hypotheses is described. Expected contributions, limitations, and possibilities for future research are noted

Burnout in cybersecurity professionals

The cybersecurity profession is critically understaffed. Coupled with the increase in cyber threats, cybersecurity professionals are experiencing burnout. Burnout among cybersecurity professionals can have a negative effect on an organization’s ability to ward off aggressive breach attempts from cyber-adversaries. The Maslach Burnout Inventory (MBI) scale has been used to measure burnout in information systems (IS) and other professions. This study extends the MBI literature. In particular, we suggest that the cybersecurity profession has unique characteristics that warrant further investigation into how the scale relates. This research-in-progress examines burnout in the cybersecurity profession by identifying context-specific job characteristics related to the role. A conceptual model and propositions are provided, including a proposed methodology and expected results

Going Through the “Emotions”: Identity Protective Responses

This study examines identity theft, specifically, the mechanisms through which individuals protect themselves using credit monitoring information. As an adaptive protective response against identity theft, we conceptualize credit monitoring information as an information product. By integrating protection motivation theory with the extended parallel process model, we seek to understand how individuals either take adaptive recommended actions or maladaptive ones. A research model, hypotheses, and an experiment are described

Breaching News: Does Media Coverage Increase the Effects of Data Breach Event Disclosures on Firm Market Value?

Characterized as negative events, data breaches can disrupt an organization’s operations and lead to financial losses. Media coverage is often seen as exacerbating negative events such as data breach disclosures, and have also been found to influence financial markets. This research in progress presents a theoretical framework and methodology to empirically test the moderating and mediating influences of media coverage on the impact of data breach events on firms. We articulate the research gap, present hypotheses, and discuss the implications of this research for theory and practice

Confirmatory Influence of Trust in E-commerce: A Data Collection Bias and Suggestion

In most trust studies, its dimensions and antecedents have been studied with an overwhelming evidence showing trust as a critical determinant of behavioral intention to purchase. The focus has been on confirming the investigation of trust as a determinant on successful only purchases. This paper explores the importance of investigating the impact of trust on intention to purchase from both successful and unsuccessful purchase cases in order to provide a more balanced view of the critical role of trust in e-commerce transaction decisions. It also aims to contribute to the rigor of information systems (IS) research practices related to data collection methods. Our findings provide important insights into the varying effect of trust on intention, which becomes apparent when data collection methods allow for the testing of cases of successful and non-successful purchase

Network analysis of a darknet marketplace: Identifying themes and key users of illicit networks

The global cost of cybercrime is estimated to reach $10 trillion by 2025. To perpetuate cybercrime, cybercriminals often use darknet markets, which are online platforms where cybercriminals sell, purchase, and trade stolen products and hacking tools. This study is a research in progress that focuses on analyzing darknet markets to identify key actors and understand their networks, interactions, and emergent themes. The study hopes to increase our understanding of the nature of criminal activities, add to the literature, and provide insights that may help stakeholders build tools for disrupting or preventing activities on the darknet

Top Manager’s Perspectives on Cyberinsurance Risk Management for Reducing Cybersecurity Risks

The vulnerability of organizations to security breaches and the severity of these breaches have become key issues in organizations. The cost incurred from the breaches can be damaging and difficult to recover from. Cyberinsurance has been portrayed as a risk management strategy that aims to protect organizations from the crippling cost of security breaches. Thus, this study is interested in understanding the factors affecting the intent to purchase cyberinsurance from the perspective of top managers. Not only do we want to understand the factors affecting top manager’s intent to purchase cyberinsurance as a protective approach, of interest also, is the examination of its effect on the organization’s security posture. We seek to empirical test this observed but largely untested phenomenon using the protection motivation theory which has successfully been used to study the effect of threat and coping appraisals on protective behaviors

Sharenting, Parenting, and Identifying: Can Privacy Prevail?

Technology and privacy are intertwined and often in conflict with each other. Nowhere is this more evident than in sharenting, the transmission of private details about children (e.g., pictures) via digital channels (e.g., social media) by an adult in charge of their well-being (i.e., parent or guardian). Sharenting can offer comfort to a parent, a sense of belonging to a community, and can give children a sense of pride from likes from family and friends. However, there are privacy and developmental risks for children from sharenting. We explore the relative roles of parent identity verification and the calculus of behavior in affecting sharenting decisions. Using data collected from 309 parents, we find that only perceived risk of sharenting affects the frequency of deleting posts while benefits and parental identity lead to a positive affect towards sharenting. Positive affect, however, is not linked to changes in frequency of deleting posts