Advanced search
Publication Cover
European Journal of Information Systems Volume 26, 2017 - Issue 6: Security and Privacy in 21st Century Organisations
Submit an article Journal homepage
3,134
Views
103
CrossRef citations to date
0
Altmetric
Guest Editorial

Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda

Paul Benjamin LowryInnovation and Information Management, Faculty of Business and Economics, College of BusinessThe University of Hong Kong Room 804, 8/F, K.K. Leung Building PokfulamHong KongCorrespondence[email protected]
View further author information
,
Tamara DinevDepartment of Information Technology and Operations ManagementFlorida Atlantic University 777 Glades Rd 33431Boca RatonFLUSACorrespondence[email protected]
View further author information
&
Robert WillisonNewcastle Business SchoolNewcastle University 5 Barrack Road NE1 4SENewcastle upon TyneUKCorrespondence[email protected]
View further author information
Pages 546-563 | Published online: 15 Feb 2018

References

  • AcquistiAJohnLKLoewensteinGThe impact of relative standards on the propensity to discloseJournal of Marketing Research201249216017410.1509/jmr.09.0215
  • Algarni A, Xu Y and Chan T (2017) An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook. European Journal of Information Systems. https://doi.org/10.1057/s41303-017-0057-y.
  • AlvessonMSandbergJGenerating research questions through problematizationAcademy of Management Review2011362247271
  • AndenaesJGeneral prevention. Illusion or reality?Journal of Criminal Law, Criminology, and Police Science195243219719810.2307/1139261
  • AndersonBBVanceAKirwanCBEargleDJenkinsJLHow users perceive and respond to security messages: a NeuroIS research agenda and empirical studyEuropean Journal of Information Systems201625436439010.1057/ejis.2015.21
  • AngstCAgarwalRAdoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasionMIS Quarterly200933233937010.2307/20650295
  • Angst CM, Block ES, D’arcy J and Kelley K (2017) When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly41(3), (in press).
  • ArmstrongMCompetition in two-sided marketsRAND Journal of Economics200637366869110.1111/j.1756-2171.2006.tb00037.x
  • AugustTTuncaTILet the pirates patch? An economic analysis of network software security patch restrictionsInformation Systems Research2008191487010.1287/isre.1070.0142
  • BagozziRPYiYPhillipsLWAssessing construct validity in organizational researchAdministrative Science Quarterly199136342145810.2307/2393203
  • BakosYKatsamakasEDesign and ownership of two-sided networks: implications for Internet platformsJournal of Management Information Systems200825217120210.2753/MIS0742-1222250208
  • BansalGGefenDThe role of privacy assurance mechanisms in building trust and the moderating role of privacy concernEuropean Journal of Information Systems201524662464410.1057/ejis.2014.41
  • Baskerville R, Rowe F and Wolff F-C (2017) Integration of information systems and cybersecurity countermeasures: an exposure to risk perspective. Data Base for Advances in Information Systems (In press(December)).
  • BauerJFrankeNTuertscherPIntellectual property norms in online communities: how user-organized intellectual property regulation supports innovationInformation Systems Research201627472475010.1287/isre.2016.0649
  • BeccariaCOn Crimes and Punishments and Other Writings2009TorontoUniversity of Toronto Press
  • BeckerGCrime and punishment: an economic approachJournal of Political Economy196876216921710.1086/259394
  • BeegleLERootkits and their effects on information securityInformation Systems Security200716316417610.1080/10658980701402049
  • BélangerFCrosslerRPrivacy in the digital age: a review of information privacy research in information systemsMIS Quarterly20113541017104110.2307/41409971
  • BenbasatIBarkiHQuo vadis TAM?Journal of the Association for Information Systems2007847
  • BenbasatIZmudRWThe identity crisis within the IS discipline: defining and communicating the discipline’s core propertiesMIS Quarterly200327218319410.2307/30036527
  • BenthamJThe Principles of Morals and Legislation1988Amherst, NYPrometheus Books
  • BerinatoSWith big data comes big responsibilityHarvard Business Review20149211100104
  • BlumsteinACohenJFarringtonDCriminal career research: its value for criminologyCriminology198826113510.1111/j.1745-9125.1988.tb00829.x
  • BossSRGallettaDFLowryPBMoodyGDPolakPWhat do users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviorsMIS Quarterly201539483786410.25300/MISQ/2015/39.4.5
  • BrantinghamPBrantinghamPEnvironmental Criminology19912Prospect Heights, ILWaveland Press
  • BREWERMREISHJUDDCResearch design and issues of validityHandbook of Research Methods in Social and Personality Psychology2000Cambridge, UKCambridge University Press
  • BulgurcuBCavusogluHBenbasatIInformation security policy compliance: an empirical study of rationality-based beliefs and information security awarenessMIS Quarterly201034352354810.2307/25750690
  • BurnsAJJohnsonMEHoneymanPA brief chronology of medical device securityCommunications of the ACM20165910667210.1145/2890488
  • BurnsAJPoseyCCourtneyJFRobertsTLNanayakkaraPOrganizational information security as a complex adaptive system: insights from three agent-based modelsInformation Systems Frontiers201719350952410.1007/s10796-015-9608-8
  • BurnsAJRobertsTLPoseyCLowryPBExamining the influence of organisational insiders’ psychological capital on information security threat and coping appraisalsComputers in Human Behavior201768March19020910.1016/j.chb.2016.11.018
  • CaliendoMClementMPapiesDScheel-KopeinigSResearch note—the cost impact of spam filters: measuring the effect of information system technologies in organizationsInformation Systems Research201223(3-part-2)1068108010.1287/isre.1110.0396
  • CavusogluHRaghunathanSCavusogluHConfiguration of and interaction between information security technologies: the case of firewalls and intrusion detection systemsInformation Systems Research200920219821710.1287/isre.1080.0180
  • ChatterjeeSSarkerSInfusing ethical considerations in knowledge management scholarship: toward a research agendaJournal of the Association for Information Systems2013148452481
  • ChatterjeeSSarkerSValacichJSThe behavioral roots of information systems security: exploring key factors related to unethical IT useJournal of Management Information Systems2015314498710.1080/07421222.2014.1001257
  • ChenHChiangRHStoreyVCBusiness intelligence and analytics: from big data to big impactMIS Quarterly201236411651188
  • ChenMJacobVSRadhakrishnanSRyuYUCan payment-per-click induce improvements in click fraud identification technologies?Information Systems Research201526475477210.1287/isre.2015.0598
  • CHENP-YKATARIAGKRISHNANRCorrelated failures, diversification, and information security risk managementMIS Quarterly201135239742210.2307/23044049
  • ChenYRamamurthyKWENK-WOrganizations’ information security policy compliance: stick or carrot approach?Journal of Management Information Systems201329315718810.2753/MIS0742-1222290305
  • ChoiBCFJiangZJXiaoBKimSSEmbarrassing exposures in online social networks: an integrated perspective of privacy invasion and relationship bondingInformation Systems Research201526467569410.1287/isre.2015.0602
  • ClarkeRCornishDTONRYMMORRISNModelling offender’s decisions: a framework for policy and researchCrime and Justice: An Annual Review of Research1985Chicago, ILUniversity of Chicago Press147185
  • CramWAProudfootJGD’arcyJOrganizational information security policies: a review and research frameworkEuropean Journal of Information Systems2017
  • CrosslerREJohnstonACLowryPBHuQWarkentinMBaskervilleRFuture directions for behavioral information security researchComputers & Security201332February9010110.1016/j.cose.2012.09.010
  • CrosslerRELongJHLoraasTMTrinkleBSUnderstanding compliance with bring your own device policies utilizing protection motivation theory: bridging the intention-behavior gapJournal of Information Systems201428120922610.2308/isys-50704
  • CrosslerREPoseyCRobbing Peter to pay Paul: surrendering privacy for security’s sake in an identity ecosystemJournal of the Association for Information Systems2017187487515
  • CulnanMJWilliamsCCHow ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breachesMIS Quarterly200933467368710.2307/20650322
  • CurrieWContextualising the IT artifact: towards a wider research agenda for IS using institutional theoryInformation Technology & People2009221637710.1108/09593840910937508
  • D’ArcyJHerathTA review and analysis of deterrence theory in the IS security literature: making sense of the disparate findingsEuropean Journal of Information Systems201120664365810.1057/ejis.2011.23
  • D’ArcyJHovavAGallettaDUser awareness of security countermeasures and its impact on information systems misuse: a deterrence approachInformation Systems Research2009201799810.1287/isre.1070.0160
  • D’AubeterreFSinghRIyerLSecure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processesEuropean Journal of Information Systems200817552854210.1057/ejis.2008.42
  • D’ArcyJHerathTSHOSSMUnderstanding employee responses to stressful information security requirements: a coping perspectiveJournal of Management Information Systems2014312291325
  • DavenportTHHarrisJGJonesGLLemonKNNortonDMcCallisterMBThe dark side of customer analyticsHarvard Business Review20078553748
  • DavisFDBagozziRPWarshawPRUser acceptance of computer technology: a comparison of two theoretical modelsManagement Science1989358982100310.1287/mnsc.35.8.982
  • MontjoyeY-ARADAELLILSINGHVKUnique in the shopping mall: on the reidentifiability of credit card metadataScience2015347622153653910.1126/science.1256297
  • DeyDLahiriAZhangGHacker behavior, network effects, and the security software marketJournal of Management Information Systems20122927710810.2753/MIS0742-1222290204
  • DinevTGooJHuQNamKUser behavior towards protective information technologies: the role of cultural differences between the United States and South KoreaInformation Systems Journal20091939141210.1111/j.1365-2575.2007.00289.x
  • DinevTHuQYaylaAIs there an online advertisers’ dilemma? A study of click fraud in the pay-per-click modelInternational Journal of Electronic Commerce2008132295910.2753/JEC1086-4415130202
  • DinevTMcConnellARSmithHJInforming privacy research through information systems, psychology, and behavioral economics: thinking outside the “Apco” boxInformation Systems Research201526463965510.1287/isre.2015.0600
  • DinevTXuHSmithHJHartPInformation privacy and correlates: an empirical attempt to bridge and distinguish privacy-related conceptsEuropean Journal of Information Systems201322329531610.1057/ejis.2012.23
  • FelsonMCrime and Everyday Life: Insight and Implications for Society1994Thousand Oaks, CAPine Forge Press
  • FrenchAMGuoCShimJPCurrent status, issues, and future of bring your own device (BYOD)Communications of the Association for Information Systems20143510
  • GarbaABArmaregoJMurrayDKenworthyWReview of the information security and privacy challenges in Bring Your Own Device (BYOD) environmentsJournal of Information Privacy and Security2015111385410.1080/15536548.2015.1010985
  • GefenDPavlouPThe boundaries of trust and risk: the quadratic moderating role of institutional structuresInformation Systems Research201223394095910.1287/isre.1110.0395
  • GerlachJWidjajaTBuxmannPHandle with care: how online social network providers’ privacy policies impact users’ information sharing behaviorJournal of Strategic Information Systems2015241334310.1016/j.jsis.2014.09.001
  • GibbsJPCrime, Punishment, and Deterrence1975New York, NYElsevier
  • GoelSWilliamsKDincelliEGot phished? Internet security and human vulnerabilityJournal of the Association for Information Systems20171812244
  • GoesPInformation systems research and behavioral economicsMIS Quarterly2013373iiiviii
  • GoodeSHoehleHVenkateshVBrownSAUser compensation as a data breach recovery action: an investigation of the Sony PlayStation network breachMIS Quarterly201741370372710.25300/MISQ/2017/41.3.03
  • GreenawayKEChanYECrosslerRECompany information privacy orientation: a conceptual frameworkInformation Systems Journal201525657960610.1111/isj.12080
  • Haataja K and Toivanen P (2010) Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures. IEEE Transactions on Wireless Communications9(1).
  • HaganJDefiance and despair: subcultural and structural linkages between delinquency and despair in the life courseSocial Forces199776111913410.1093/sf/76.1.119
  • Hager CT and Midkiff SF (2003) An analysis of Bluetooth security vulnerabilities. In Wireless Communications and Networking, 2003 (WCNC 2003), pp 1825–1831, IEEE.
  • HarringtonSJThe effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentionsMIS Quarterly199620325727810.2307/249656
  • Hassan NR and Lowry PB (2015) Seeking middle-range theories in information systems research. In International Conference on Information Systems (ICIS 2015), AIS, Fort Worth, TX.
  • Heikkila FM (2007) Encryption: security considerations for portable media devices. IEEE Security & Privacy5(4).
  • HerathTRaoHREncouraging information security behaviors in organizations: role of penalties, pressures and perceived effectivenessDecision Support Systems200947215416510.1016/j.dss.2009.02.005
  • HerathTRaoHRProtection motivation and deterrence: a framework for security policy compliance in organisationsEuropean Journal of Information Systems200918210612510.1057/ejis.2009.6
  • HSUJs-CSHIHS-PHUNGYWLOWRYPBThe role of extra-role behaviors and social controls in information security policy effectivenessInformation Systems Research201526228230010.1287/isre.2015.0569
  • HuQDinevTHartPCookeDTop management championship, organizational culture and individual behavior towards information securityDecision Sciences201243461565910.1111/j.1540-5915.2012.00361.x
  • HuQXuZCDinevTLingHDoes deterrence work in reducing information security policy abuse by employees?Communications of the ACM2011546344010.1145/1953122.1953142
  • HuiKLKimSHWangQHCybercrime deterrence and international legislation: evidence from distributed denial of service attacksMIS Quarterly201741249752310.25300/MISQ/2017/41.2.08
  • HuiKLTeoHHLeeSYTThe value of privacy assurance: an exploratory field experimentMIS Quarterly2007311193310.2307/25148779
  • HuthCLChadwickDWClaycombWRYouIGuest editorial: a brief overview of data leakage and insider threatsInformation Systems Frontiers20131511410.1007/s10796-013-9419-8
  • JohnstonACWarkentinMFear appeals and information security behaviors: an empirical studyMIS Quarterly201034354956610.2307/25750691
  • JohnstonACWarkentinMMcBrideMCarterLDispositional and situational factors: influences on information security policy violationsEuropean Journal of Information Systems201625323125110.1057/ejis.2015.15
  • JohnstonACWarkentinMSiponenMAn enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoricMIS Quarterly201539111313410.25300/MISQ/2015/39.1.06
  • Karame G (2016) On the security and scalability of Bitcoin’s blockchain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp 1861–1862, ACM.
  • KarjalainenMSiponenMToward a new meta-theory for designing information systems (IS) security training approachesJournal of the Association for Information Systems2011128518555
  • KarwatzkiSTrenzMTuunainenVKVeitDAdverse consequences of access to individuals’ information: an analysis of perceptions and the scope of organisational influenceEuropean Journal of Information Systems2017
  • KeithMJBabbJFurnerCPAbdullatALowryPBLimited information and quick decisions: consumer privacy calculus for mobile applicationsAIS Transactions on Human-Computer Interaction20168388130
  • KeithMJBabbJLowryPBFurnerCPAbdullatAThe role of mobile-computing self-efficacy in consumer information disclosureInformation Systems Journal201525463766710.1111/isj.12082
  • KeithMJThompsonSCHaleJLowryPBGreerCInformation disclosure on mobile devices: re-examining privacy calculus with actual user behaviorInternational Journal of Human-Computer Studies201371121163117310.1016/j.ijhcs.2013.08.016
  • KimCTaoWShinNKIMK-SAn empirical study of customers’ perceptions of security and trust in e-payment systemsElectronic Commerce Research and Applications201091849510.1016/j.elerap.2009.04.014
  • KimWJEONGO-RKIMCSOJThe dark side of the Internet: attacks, costs and responsesInformation Systems201136367570510.1016/j.is.2010.11.003
  • KokolakisSPrivacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenonComputers & Security201764January12213410.1016/j.cose.2015.07.002
  • KordzadehNWarrenJCommunicating personal health information in virtual health communities: an integration of privacy calculus model and affective commitmentJournal of the Association for Information Systems20171814581
  • KrishnanVGuptaSAppropriateness and impact of platform-based product developmentManagement Science2001471526810.1287/mnsc.47.1.52.10665
  • KwonJJohnsonMEProactive versus reactive security investments in the healthcare sectorMIS Quarterly201438245157210.25300/MISQ/2014/38.2.06
  • Lavin F (2017) Traditional retail might not be dead, but It Is In a coffin. Forbes, https://www.forbes.com/sites/franklavin/2017/04/17/traditional-retail-might-not-be-dead-but-it-is-in-a-coffin/#7096e0c549e8, accessed August 31, 2017.
  • LeeASRigor and relevance in MIS research: beyond the approach of positivism aloneMIS Quarterly1999231293310.2307/249407
  • LeeASThomasMBaskervilleRLGoing back to basics in design science: from the information technology artifact to the information systems artifactInformation Systems Journal201525152110.1111/isj.12054
  • LeeCHGengXRaghunathanSMandatory standards and organizational information securityInformation Systems Research2016271708610.1287/isre.2015.0607
  • LeeSMLeeSGYooSAn integrative model of computer abuse based on social control and general deterrence theoriesInformation & Management200441670771810.1016/j.im.2003.08.008
  • LeeYLarsenKRThreat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware softwareEuropean Journal of Information Systems200918217718710.1057/ejis.2009.11
  • LiHSarathyRZhangJLuoXExploring the effects of organizational justice, personal ethics and sanction on internet use policy complianceInformation Systems Journal201424647950210.1111/isj.12037
  • LIX-BQINJAnonymizing and sharing medical text recordsInformation Systems Research201728233235210.1287/isre.2016.0676
  • LiuCZGal-OrEKemererCFSmithMDCompatibility and proprietary standards: the impact of conversion technologies in IT markets with network effectsInformation Systems Research201122118820710.1287/isre.1090.0255
  • LowryPBCaoJEverardAPrivacy concerns versus desire for interpersonal awareness in driving the use of self-disclosure technologies: the case of instant messaging in two culturesJournal of Management Information Systems201127416320010.2753/MIS0742-1222270406
  • LowryPBD’ArcyJHammerBMoodyGD‘Cargo Cult’ science in traditional organization and information systems survey research: a case for using nontraditional methods of data collection, including Mechanical Turk and online panelsJournal of Strategic Information Systems201625323224010.1016/j.jsis.2016.06.002
  • LowryPBMoodyGDProposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organizational information security policiesInformation Systems Journal201525543346310.1111/isj.12043
  • Lowry PB, Moody GD and Chatterjee SS (2017a) Using IT design to prevent cyberbullying. Journal of Management Information Systems 34(3), 1–39. 10.1080/07421222.2017.1373012.
  • LowryPBMoodyGDVanceAJensenMLJenkinsJLWellsTUsing an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumersJournal of the Association for Information Science and Technology201263475577610.1002/asi.21705
  • LowryPBPoseyCBennettRJRobertsTLLeveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trustInformation Systems Journal201525319323010.1111/isj.12063
  • LowryPBPoseyCRobertsTLBennettRJIs your banker leaking your personal information? The roles of ethics and individual-level cultural characteristics in predicting organizational computer abuseJournal of Business Ethics2014121338540110.1007/s10551-013-1705-3
  • LowryPBZhangJWangCSiponenMWhy do adults engage in cyberbullying on social media? An integration of online disinhibition and deindividuation effects with the social structure and social learning (SSSL) modelInformation Systems Research201627496298610.1287/isre.2016.0671
  • LowryPBZhangJWuTNature or nurture? A meta-analysis of the factors that maximize the prediction of digital piracy by using social cognitive theory as a frameworkComputers in Human Behavior201768March10412010.1016/j.chb.2016.11.015
  • LuoXLiaoQAwareness education as the key to ransomware preventionInformation Systems Security200716419520210.1080/10658980701576412
  • MartinsonsMGMaDSub-cultural differences in information ethics across China: focus on Chinese management generation gapsJournal of the Association for Information Systems20091011816833
  • MenonSSarkarSPrivacy and big data: scalable approaches to sanitize large transactional databases for sharingMIS Quarterly201640496398110.25300/MISQ/2016/40.4.08
  • MerhoutJWHavelkaDInformation technology auditing: a value-added IT governance partnership between IT management and auditCommunications of the Association for Information Systems200823126
  • MiltgenCSmithHJExploring information privacy regulation, risks, trust, and behaviorInformation & Management201552674175910.1016/j.im.2015.06.006
  • MingersJWalshamGToward ethical information systems: the contribution of discourse ethicsMIS Quarterly201034483385410.2307/25750707
  • MoodyGDGallettaDFDunnBK Which phish get caught? An exploratory study of individuals’ susceptibility to phishingEuropean Journal of Information Systems2017
  • Moura J and Serrão C (2016) Security and privacy issues of big data. Working paperpreprint.
  • MyyryLSiponenMPahnilaSVartiainenTVanceAWhat levels of moral reasoning and values explain adherence to information security rules? An empirical studyEuropean Journal of Information Systems200918212613910.1057/ejis.2009.10
  • NiemimaaENiemimaaMInformation systems security policy implementation in practice: from best practices to situated practicesEuropean Journal of Information Systems201726112010.1057/s41303-016-0025-y
  • OetzelMCSpiekermannSA systematic methodology for privacy impact assessments: a design science approachEuropean Journal of Information Systems201423212615010.1057/ejis.2013.18
  • OrlikowskiWJIaconoCSResearch commentary: desperately seeking the “IT” in IT research—a call to theorizing the IT artifactInformation Systems Research200112212113410.1287/isre.12.2.121.9700
  • OzdemirZDSmithHJBenamatiJHAntecedents and outcomes of information privacy concerns in a peer context: an exploratory studyEuropean Journal of Information Systems2017
  • PaquetteSJaegerPTWilsonSCIdentifying the security risks associated with governmental use of cloud computingGovernment Information Quarterly201027324525310.1016/j.giq.2010.01.002
  • ParkerGAlstyneMVJiangXPlatform ecosystems: how developers invert the firmMIS Quarterly201741125526610.25300/MISQ/2017/41.1.13
  • ParksRXuHChuCHLowryPBExamining the intended and unintended consequences of organisational privacy safeguardsEuropean Journal of Information Systems2017261376510.1057/s41303-016-0001-6
  • PavlouPState of the information privacy literature: where are we now and where should we go?MIS Quarterly201135497798810.2307/41409969
  • PeaceAGGallettaDFThongJYLSoftware piracy in the workplace: a model and empirical testJournal of Management Information Systems200320115317710.1080/07421222.2003.11045759
  • PoseyCBennettRJRobertsTLLowryPBWhen computer monitoring backfires: invasion of privacy and organizational injustice as precursors to computer abuseJournal of Information System Security2011712447
  • PoseyCLowryPBRobertsTLEllisSProposing the online community self-disclosure model: the case of working professionals in France and the UK who use online communitiesEuropean Journal of Information Systems201019218119510.1057/ejis.2010.15
  • PoseyCRajaUCrosslerREBurnsAJTaking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USAEuropean Journal of Information Systems2017
  • PoseyCRobertsTLLowryPBThe impact of organizational commitment on insiders’ motivation to protect organizational information assetsJournal of Management Information Systems201532417921410.1080/07421222.2015.1138374
  • PoseyCRobertsTLLowryPBBennettRJCourtneyJInsiders’ protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviorsMIS Quarterly20133741189121010.25300/MISQ/2013/37.4.09
  • PoseyCRobertsTLLowryPBHightowerRBridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insidersInformation & Management201451555156710.1016/j.im.2014.03.009
  • Pries-HejeJBaskervilleRThe design theory nexusMIS Quarterly200832473175510.2307/25148870
  • RaiAAvoiding type III errors: formulating IS research problems that matterMIS Quarterly2017412iiivii
  • RansbothamSMitraSChoice and chance: a conceptual model of paths to information security compromiseInformation Systems Research200920112113910.1287/isre.1080.0174
  • RochetJCTiroleJTwo-sided markets: a progress reportRAND Journal of Economics200637364566710.1111/j.1756-2171.2006.tb00036.x
  • SampsonRLaubJA life-course view of the development of crimeThe Annals of the American Academy of Political and Social Science20056021124510.1177/0002716205280075
  • SimonHAThe Sciences of the Artificial1996Boston, MAMIT Press
  • SinghJPasquierTBaconJKoHEyersDTwenty cloud security considerations for supporting the Internet of ThingsIEEE Internet of Things Journal20153326928410.1109/JIOT.2015.2460333
  • Siponen M, Pahnila S and Mahmood A (2007) Employees’ adherence to information security policies: an empirical study. In New Approaches for Security, Privacy and Trust in Complex Environments, pp 133–144, Springer, Berlin.
  • SiponenMVanceANeutralization: new insights into the problem of employee information systems security policy violationsMIS Quarterly201034348750210.2307/25750688
  • SiponenMWillisonRInformation security management standards: problems and solutionsInformation & Management200946526727010.1016/j.im.2008.12.007
  • SmithHJDinevTXuHThe information privacy research: an interdisciplinary reviewMIS Quarterly2011354989101610.2307/41409970
  • SONJ-YOut of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policiesInformation & Management201148729630210.1016/j.im.2011.07.002
  • Song P, Xue L, Rai A and Zhang C (2017) The ecosystem of software platform: a study of asymmetric cross-side network effects and platform governance. MIS Quarterly (forthcoming).
  • SpearsJLBarkiHUser participation in information systems security risk managementMIS Quarterly201034350352210.2307/25750689
  • StraubDWEffective IS securityInformation Systems Research19901325527610.1287/isre.1.3.255
  • SubashiniSKavithaVA survey on security issues in service delivery models of cloud computingJournal of Network and Computer Applications201134111110.1016/j.jnca.2010.07.006
  • SumnerMInformation security threats: a comparative analysis of impact, probability, and preparednessInformation Systems Management200926121210.1080/10580530802384639
  • TangZHuYJSmithMDGaining trust through online privacy protection: self-regulation, mandatory standards, or caveat emptorJournal of Management Information Systems200824415317310.2753/MIS0742-1222240406
  • Te’EniDRoweFÅgerfalkPJLeeJSPublishing and getting published in EJIS: marshaling contributions for a diversity of genresEuropean Journal of Information Systems201524655956810.1057/ejis.2015.20
  • TsaiJEgelmanSCranorLAcquistiAThe effect of online privacy information on purchasing behavior: an experiment studyInformation Systems Research201122225426810.1287/isre.1090.0260
  • TsiakisTSthephanidesGThe concept of security and trust in electronic paymentsComputers & Security2005241101510.1016/j.cose.2004.11.001
  • TsohouAKarydaMKokolakisSKiountouzisEManaging the introduction of information security awareness programmes in organisationsEuropean Journal of Information Systems2015241385810.1057/ejis.2013.27
  • TurelOBartCBoard-level IT governance and organizational performanceEuropean Journal of Information Systems201423222323910.1057/ejis.2012.61
  • UnderwoodSBlockchain beyond bitcoinCommunications of the ACM20165911151710.1145/2994581
  • VenAHEngaged Scholarship: A Guide for Organizational and Social Research2007New YorkOxford University Press
  • Vance A, Lowry PB and Eggett D (2015) A new approach to the problem of access policy violations: Increasing perceptions of accountability through the user interface. MIS Quarterly39(2), 345–366.
  • VanceALowryPBWilsonDUsing trust and anonymity to expand the use of anonymizing systems that improve security across organizations and nationsSecurity Journal201730397999910.1057/sj.2015.22
  • VeigaADEloffJHAn information security governance frameworkInformation Systems Management200724436137210.1080/10580530701586136
  • WallJDLowryPBBarlowJOrganizational violations of externally governed privacy and security rules: explaining and predicting selective violations under conditions of strain and excessJournal of the Association for Information Systems20161713976
  • WangJGuptaMRaoHRInsider threats in a financial institution: analysis of attack-proneness of information systems applicationsMIS Quarterly20153919111210.25300/MISQ/2015/39.1.05
  • WangJLiYRaoHROverconfidence in phishing email detectionJournal of the Association for Information Systems20161711759783
  • WangJLiYRaoHRCoping responses in phishing detection: an investigation of antecedents and consequencesInformation Systems Research201728237839610.1287/isre.2016.0680
  • WangJXiaoNRaoHRAn exploration of risk characteristics of information security threats and related public information search behaviorInformation Systems Research201526361963310.1287/isre.2015.0581
  • WarkentinMJohnstonACWaldenEStraubDWNeural correlates of protection motivation for secure IT behaviors: an fMRI examinationJournal of the Association for Information Systems2016173194215
  • WarkentinMWillisonRBehavioral and policy issues in information systems security: the insider threatEuropean Journal of Information Systems200918210110510.1057/ejis.2009.12
  • WhettenDFelinTKingBThe practice of theory borrowing in organizational studies: current issues and future directionsJournal of Management200935353756310.1177/0149206308330556
  • WhinstonABGengXOperationalizing the essential role of the information technology artifact in information systems research: gray area, pitfalls, and the importance of strategic ambiguityMIS Quarterly200428214915910.2307/25148631
  • WillisonRWarkentinMBeyond deterrence: an expanded view of employee computer abuseMIS Quarterly201337112010.25300/MISQ/2013/37.1.01
  • Willison R, Warkentin M and Johnston AC (2016) Examining employee computer abuse intentions: Insights from justice, deterrence and neutralization perspectives. Information Systems Journal. https://doi.org/10.1111/isj.12129.
  • WorkmanMGaining access with social engineering: an empirical study of the threatInformation Systems Security200716631533110.1080/10658980701788165
  • WrightRTJensenMLThatcherJBDingerMMarettKResearch note—influence techniques in phishing attacks: an examination of vulnerability and resistanceInformation Systems Research201425238540010.1287/isre.2014.0522
  • XuHTeoHHTanBCYAgarwalRThe role of push-pull technology in privacy calculus: the case of location-based servicesJournal of Management Information Systems2010263137176
  • ZahediFMAbbasiAChenYFake-website detection tools: identifying elements that promote individuals’ use and enhance their performanceJournal of the Association for Information Systems2015166448484

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.