Improving Organizational Information Security Strategy via Meso-Level Application of Situational Crime Prevention to the Risk Management Process

Existing approaches to formulating IS security strategy rely primarily on the risk management process and the application of baseline security standards (e.g., ISO 27002, previously ISO 17799). The use of existing approaches generally leads to measures that emphasize target hardening and incident detection. While such measures are appropriate and necessary, they do not capitalize on other measures, including those that surface when situational crime prevention (SCP) is applied to specific crimes. In particular, existing approaches do not typically surface measures designed to reduce criminal perceptions of the net benefits of the crime, or justification and provocation to commit the crime. However, the methods prescribed to-date for implementing SCP are cumbersome, requiring micro-level, individual analysis of crimes. In the current article, we propose that concepts derived from SCP can be strategically applied at an intermediate (meso) level of aggregation. We show that such meso-level application of SCP, when combined with the traditional risk management process, can reduce residual information security risk by identifying new strategies for combating computer crime. Using three illustrative cases, we demonstrate that the application of the proposed strategic approach does surface meaningful countermeasures not identified by the traditional risk management process alone

Framing Information Security Budget Requests to Influence Investment Decisions

Researchers studying the economics of information security have traditionally focused on the use of rational choice decision models for evaluating investment alternatives. Security investment decisions involve risk, and several researchers have noted that risk-related decisions often violate the fundamental principles of rational choice decision models. This study tests the prevailing presumption in published research that information security investment decisions are made in an entirely rational manner. We empirically validated our hypothesis that information security investment decision makers in fact exhibit preference reversals when faced with competing budget alternatives involving risk. Specifically, we observed the framing effect under prospect theory, which suggests that individuals exhibit unique risk attitudes when evaluating gain-related and loss-related risk decisions. Accordingly, we argue that existing, widely accepted rational choice and economic models for information security investments need to be supplemented with risk perception measurement and account for individual level decision biases

An Empirical Examination of an Agile Contingent Project/Method Fit Model

While research has demonstrated positive productivity and quality gains from using agile software development methods (SDMs), some experts argue that no single SDM suits every project context. We lack empirical evidence about the project contextual factors that influence when one should use these methods. Research suggests several factors to explain agile method appropriateness; however, generalizable empirical evidence supporting these suggestions is weak. To address this need, we used contingency theory and the information processing model to develop the agile contingent project/method fit model. Subsequently, we used the model to analyze the influence of project contextual factors and agile practices on software development professionals’ perceptions regarding agile SDM appropriateness. We tested the model using survey data collected from 122 systems development professionals who provided information regarding: 1) contextual factors surrounding a recent agile development project, 2) agile practices applied during the course of that project, and 3) perceptions regarding the relative fit (appropriateness) of the agile method used. Linear regression identified several significant relationships between project contextual factors, agile practices, and respondents’ relative fit perceptions

The Impact of Power Imbalance on Cyberbullying: the Role of Bystanders Intervention

A particularly heinous behavior on social media is cyberbullying, which has shown an upward trend in recent years. This study examines the effect of power imbalance, bystanders and anonymity on cyberbullying intention. To this end a vignette-based experimental design has been utilized. 239 data was collected via MTurk. Our main findings show that individuals who lack control are likelier to engage in cyberbullying and the presence of assistant bystanders increase cyberbullying intention. In this study we developed a scale to measure the impact of bystanders reaction on cyberbullying. We have also extended control balance theory by investigating the moderating effect of anonymity on control imbalances