Modular and Collaborative Theorizing: A Move Away from Theoretical Superstars

Theorizing is often described as a rigorous, nebulous, and time-consuming process. In the end, theories are traditionally attributed to one individual or to a small group of individuals. Consider for example Einstein’s Theory of Relativity, Aker’s Social Learning Theory, Davis’ Technology Adoption Model, and Fishbein and Ajzen\u27s Theory of Reasoned Action. Further, expectations of IS theories are quite high and accepted in fewer publication outlets as compared to routine theory testing endeavors, creating extra risk in commencing the theorizing process. The “average” researcher’s involvement in theorizing is often limited to theory testing and incremental theory extension through these testing efforts. This critical polemic proposes that such arrangements are not necessary and may be damaging to the collective creativity of the IS discipline. In this polemic, we identify different configurations for work products and working relationships between researchers to collaboratively develop novel IS theories in a modular and incremental fashion

Learning Computing Topics in Undergraduate Information Systems Courses: Managing Perceived Difficulty

Learning technical computing skills is increasingly important in our technology driven society. However, learning technical skills in information systems (IS) courses can be difficult. More than 20 percent of students in some technical courses may dropout or fail. Unfortunately, little is known about students’ perceptions of the difficulty of technical IS courses and how students cope with the perceived difficulty of technical content in IS courses. This paper explores how students perceive the difficulty of technical IS courses and how difficulty perceptions influence learning outcomes and perceptions. Learning technical topics may be particularly difficult for students from non-IS majors, yet this is only speculative. The extent to which non-IS majors are disadvantaged in technical IS courses is also explored. To explore these issues, this paper adopts a mixed-method approach. First, a grounded theory is developed from secondary data to explain difficulty perceptions and the successful management of those perceptions. Second, a quantitative test is conducted to validate the grounded theory. Finally, the grades of IS and non-IS majors are compared

Control-Related Motivations and Information Security Policy Compliance: The Effect of Reflective and Reactive Autonomy

Employees’ failures to follow information security policy can be costly to organizations. Organizations implement security controls in order to motivate employees. Many control-related motivations have been explored in information security research (e.g., self-efficacy and behavioral control); however, self-determination has yet to receive attention. Self-determination theory is widely used in other fields to explain intrinsically driven performance. This paper examines the effect self-determination—conceptualized as reflective autonomy, and psychological reactance—conceptualized as reactive autonomy have on employees’ intentions to comply with security policy. Reflective and reactive autonomy offer complementary yet opposite conceptualizations of autonomy, offering a more holistic view of control-related motivation. We find that both reflective and reactive autonomy affect information security policy compliance intentions. Reflective autonomy increases and reactive autonomy decreases compliance intentions. Managers should become aware of the way employees view security controls in order to develop controls that maximize reflective autonomy and minimize reactive autonomy in employees

Assessing the Performance of the Haplotype Block Model of Linkage Disequilibrium

Several recent studies have suggested that linkage disequilibrium (LD) in the human genome has a fundamentally “blocklike” structure. However, thus far there has been little formal assessment of how well the haplotype block model captures the underlying structure of LD. Here we propose quantitative criteria for assessing how blocklike LD is and apply these criteria to both real and simulated data. Analyses of several large data sets indicate that real data show a partial fit to the haplotype block model; some regions conform quite well, whereas others do not. Some improvement could be obtained by genotyping higher marker densities but not by increasing the number of samples. Nonetheless, although the real data are only moderately blocklike, our simulations indicate that, under a model of uniform recombination, the structure of LD would actually fit the block model much less well. Simulations of a model in which much of the recombination occurs in narrow hotspots provide a much better fit to the observed patterns of LD, suggesting that there is extensive fine-scale variation in recombination rates across the human genome

Inconsistencies in Neanderthal Genomic DNA Sequences

Two recently published papers describe nuclear DNA sequences that were obtained from the same Neanderthal fossil. Our reanalyses of the data from these studies show that they are not consistent with each other and point to serious problems with the data quality in one of the studies, possibly due to modern human DNA contaminants and/or a high rate of sequencing errors

To Fear or Not to Fear? A Critical Review and Analysis of Fear Appeals in the Information Security Context

Controlling organizational insiders’ security behaviors is an important management concern. Research presents fear appeals as a viable security control to promote protective security behaviors. To date, research has proven security-related fear appeals have to effectively control insiders’ security behaviors. However, from critically examining fear appeals, we find a different story. Specifically, we critically analyze security-related fear appeal research from two ontological positions: critical realism and critical constructivism. The critical realist analysis identifies several issues with existing fear appeal research, which particular research traditions may cause. We explicate these traditions and issues in the paper. The critical constructivist analysis draws on critical management studies of control and Foucault’s work to identify the identities, beliefs, and values that fear appeals promote and the ways in which fear appeals create discursive closures that limit the consideration and discussion of other positions. Based on the two analyses, we provide important directions for future fear appeal research

The Influence of Outcome-Oriented Security Policy on Security Perceptions and Intentions

With security breaches occurring regularly, organizations must employ strong security countermeasures to protect private, valuable information. Organizational insiders pose a major threat to the security of organizations by direct and intentional misuse of information assets and by the careless and negligent use of information. Developing strong information security policy (ISP) is important to thwarting insider security threats. To date, behavioral information security research has primarily examined ISP from a procedural viewpoint. Outcome-oriented security policy is understudied. This research-in-progress proposes a study of security policy to determine how the inclusion of outcome-oriented security policy influences insiders’ attitudes toward and intentions to follow procedural security policy. An experiment is proposed to test the hypotheses

Are Conceptualizations of Employee Compliance and Noncompliance in Information Security Research Adequate? Developing Taxonomies of Compliance and Noncompliance

This paper offers a grounded theory approach to a review of behavioral information security research. Behavioral information security research is in a nascent state, yet it is growing rapidly due to the importance of information security in organizations. This review examines a particular problem in security research, namely the lack of clear conceptualizations of employee compliance and noncompliance with security policies and norms. This review finds that definitions of compliance and noncompliance are taken-for-granted, which may indicate danger in examining results across studies. Based on existing research of compliance in the information systems field and other fields, this paper identifies four types of compliance and five types of noncompliance along with dimensions of compliance and noncompliance using a grounded theory approach

Why do Healthcare Organizations Choose to Violate Information Technology Privacy Regulations? Proposing the Selective Information Privacy Violations in Healthcare Organizations Model (SIPVHOM)

Privacy concerns about protected healthcare information (PHI) are rampant because of the ease of access to PHI from the advent of Healthcare IT (HIT) and its exploding use. Continual negative cases in the popular attest to the fact that current privacy regulations are failing to keep PHI sufficiently secure in the climate of increate HIT use. To address these issues, this paper proposes a theoretical model with testable hypotheses to explain and predict organizational IT privacy violations in the healthcare industry. Our model, the Selective Information Privacy Violations in Healthcare Organizations Model (SIPVHOM), explains how organizational structures and processes and characteristics of regulatory environments alter perceptions of risk and thereby the likelihood of rule violations. Finally, based on SIPVHOM, we offer recommendations for the structuring of regulatory environments and organizational structures to decrease abuse of PHI