References
- AcquistiAJohnLKLoewensteinGThe impact of relative standards on the propensity to discloseJournal of Marketing Research201249216017410.1509/jmr.09.0215
- Algarni A, Xu Y and Chan T (2017) An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook. European Journal of Information Systems. https://doi.org/10.1057/s41303-017-0057-y.
- AlvessonMSandbergJGenerating research questions through problematizationAcademy of Management Review2011362247271
- AndenaesJGeneral prevention. Illusion or reality?Journal of Criminal Law, Criminology, and Police Science195243219719810.2307/1139261
- AndersonBBVanceAKirwanCBEargleDJenkinsJLHow users perceive and respond to security messages: a NeuroIS research agenda and empirical studyEuropean Journal of Information Systems201625436439010.1057/ejis.2015.21
- AngstCAgarwalRAdoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasionMIS Quarterly200933233937010.2307/20650295
- Angst CM, Block ES, D’arcy J and Kelley K (2017) When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly41(3), (in press).
- ArmstrongMCompetition in two-sided marketsRAND Journal of Economics200637366869110.1111/j.1756-2171.2006.tb00037.x
- AugustTTuncaTILet the pirates patch? An economic analysis of network software security patch restrictionsInformation Systems Research2008191487010.1287/isre.1070.0142
- BagozziRPYiYPhillipsLWAssessing construct validity in organizational researchAdministrative Science Quarterly199136342145810.2307/2393203
- BakosYKatsamakasEDesign and ownership of two-sided networks: implications for Internet platformsJournal of Management Information Systems200825217120210.2753/MIS0742-1222250208
- BansalGGefenDThe role of privacy assurance mechanisms in building trust and the moderating role of privacy concernEuropean Journal of Information Systems201524662464410.1057/ejis.2014.41
- Baskerville R, Rowe F and Wolff F-C (2017) Integration of information systems and cybersecurity countermeasures: an exposure to risk perspective. Data Base for Advances in Information Systems (In press(December)).
- BauerJFrankeNTuertscherPIntellectual property norms in online communities: how user-organized intellectual property regulation supports innovationInformation Systems Research201627472475010.1287/isre.2016.0649
- BeccariaCOn Crimes and Punishments and Other Writings2009TorontoUniversity of Toronto Press
- BeckerGCrime and punishment: an economic approachJournal of Political Economy196876216921710.1086/259394
- BeegleLERootkits and their effects on information securityInformation Systems Security200716316417610.1080/10658980701402049
- BélangerFCrosslerRPrivacy in the digital age: a review of information privacy research in information systemsMIS Quarterly20113541017104110.2307/41409971
- BenbasatIBarkiHQuo vadis TAM?Journal of the Association for Information Systems2007847
- BenbasatIZmudRWThe identity crisis within the IS discipline: defining and communicating the discipline’s core propertiesMIS Quarterly200327218319410.2307/30036527
- BenthamJThe Principles of Morals and Legislation1988Amherst, NYPrometheus Books
- BerinatoSWith big data comes big responsibilityHarvard Business Review20149211100104
- BlumsteinACohenJFarringtonDCriminal career research: its value for criminologyCriminology198826113510.1111/j.1745-9125.1988.tb00829.x
- BossSRGallettaDFLowryPBMoodyGDPolakPWhat do users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviorsMIS Quarterly201539483786410.25300/MISQ/2015/39.4.5
- BrantinghamPBrantinghamPEnvironmental Criminology19912Prospect Heights, ILWaveland Press
- BREWERMREISHJUDDCResearch design and issues of validityHandbook of Research Methods in Social and Personality Psychology2000Cambridge, UKCambridge University Press
- BulgurcuBCavusogluHBenbasatIInformation security policy compliance: an empirical study of rationality-based beliefs and information security awarenessMIS Quarterly201034352354810.2307/25750690
- BurnsAJJohnsonMEHoneymanPA brief chronology of medical device securityCommunications of the ACM20165910667210.1145/2890488
- BurnsAJPoseyCCourtneyJFRobertsTLNanayakkaraPOrganizational information security as a complex adaptive system: insights from three agent-based modelsInformation Systems Frontiers201719350952410.1007/s10796-015-9608-8
- BurnsAJRobertsTLPoseyCLowryPBExamining the influence of organisational insiders’ psychological capital on information security threat and coping appraisalsComputers in Human Behavior201768March19020910.1016/j.chb.2016.11.018
- CaliendoMClementMPapiesDScheel-KopeinigSResearch note—the cost impact of spam filters: measuring the effect of information system technologies in organizationsInformation Systems Research201223(3-part-2)1068108010.1287/isre.1110.0396
- CavusogluHRaghunathanSCavusogluHConfiguration of and interaction between information security technologies: the case of firewalls and intrusion detection systemsInformation Systems Research200920219821710.1287/isre.1080.0180
- ChatterjeeSSarkerSInfusing ethical considerations in knowledge management scholarship: toward a research agendaJournal of the Association for Information Systems2013148452481
- ChatterjeeSSarkerSValacichJSThe behavioral roots of information systems security: exploring key factors related to unethical IT useJournal of Management Information Systems2015314498710.1080/07421222.2014.1001257
- ChenHChiangRHStoreyVCBusiness intelligence and analytics: from big data to big impactMIS Quarterly201236411651188
- ChenMJacobVSRadhakrishnanSRyuYUCan payment-per-click induce improvements in click fraud identification technologies?Information Systems Research201526475477210.1287/isre.2015.0598
- CHENP-YKATARIAGKRISHNANRCorrelated failures, diversification, and information security risk managementMIS Quarterly201135239742210.2307/23044049
- ChenYRamamurthyKWENK-WOrganizations’ information security policy compliance: stick or carrot approach?Journal of Management Information Systems201329315718810.2753/MIS0742-1222290305
- ChoiBCFJiangZJXiaoBKimSSEmbarrassing exposures in online social networks: an integrated perspective of privacy invasion and relationship bondingInformation Systems Research201526467569410.1287/isre.2015.0602
- ClarkeRCornishDTONRYMMORRISNModelling offender’s decisions: a framework for policy and researchCrime and Justice: An Annual Review of Research1985Chicago, ILUniversity of Chicago Press147185
- CramWAProudfootJGD’arcyJOrganizational information security policies: a review and research frameworkEuropean Journal of Information Systems2017
- CrosslerREJohnstonACLowryPBHuQWarkentinMBaskervilleRFuture directions for behavioral information security researchComputers & Security201332February9010110.1016/j.cose.2012.09.010
- CrosslerRELongJHLoraasTMTrinkleBSUnderstanding compliance with bring your own device policies utilizing protection motivation theory: bridging the intention-behavior gapJournal of Information Systems201428120922610.2308/isys-50704
- CrosslerREPoseyCRobbing Peter to pay Paul: surrendering privacy for security’s sake in an identity ecosystemJournal of the Association for Information Systems2017187487515
- CulnanMJWilliamsCCHow ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breachesMIS Quarterly200933467368710.2307/20650322
- CurrieWContextualising the IT artifact: towards a wider research agenda for IS using institutional theoryInformation Technology & People2009221637710.1108/09593840910937508
- D’ArcyJHerathTA review and analysis of deterrence theory in the IS security literature: making sense of the disparate findingsEuropean Journal of Information Systems201120664365810.1057/ejis.2011.23
- D’ArcyJHovavAGallettaDUser awareness of security countermeasures and its impact on information systems misuse: a deterrence approachInformation Systems Research2009201799810.1287/isre.1070.0160
- D’AubeterreFSinghRIyerLSecure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processesEuropean Journal of Information Systems200817552854210.1057/ejis.2008.42
- D’ArcyJHerathTSHOSSMUnderstanding employee responses to stressful information security requirements: a coping perspectiveJournal of Management Information Systems2014312291325
- DavenportTHHarrisJGJonesGLLemonKNNortonDMcCallisterMBThe dark side of customer analyticsHarvard Business Review20078553748
- DavisFDBagozziRPWarshawPRUser acceptance of computer technology: a comparison of two theoretical modelsManagement Science1989358982100310.1287/mnsc.35.8.982
- MontjoyeY-ARADAELLILSINGHVKUnique in the shopping mall: on the reidentifiability of credit card metadataScience2015347622153653910.1126/science.1256297
- DeyDLahiriAZhangGHacker behavior, network effects, and the security software marketJournal of Management Information Systems20122927710810.2753/MIS0742-1222290204
- DinevTGooJHuQNamKUser behavior towards protective information technologies: the role of cultural differences between the United States and South KoreaInformation Systems Journal20091939141210.1111/j.1365-2575.2007.00289.x
- DinevTHuQYaylaAIs there an online advertisers’ dilemma? A study of click fraud in the pay-per-click modelInternational Journal of Electronic Commerce2008132295910.2753/JEC1086-4415130202
- DinevTMcConnellARSmithHJInforming privacy research through information systems, psychology, and behavioral economics: thinking outside the “Apco” boxInformation Systems Research201526463965510.1287/isre.2015.0600
- DinevTXuHSmithHJHartPInformation privacy and correlates: an empirical attempt to bridge and distinguish privacy-related conceptsEuropean Journal of Information Systems201322329531610.1057/ejis.2012.23
- FelsonMCrime and Everyday Life: Insight and Implications for Society1994Thousand Oaks, CAPine Forge Press
- FrenchAMGuoCShimJPCurrent status, issues, and future of bring your own device (BYOD)Communications of the Association for Information Systems20143510
- GarbaABArmaregoJMurrayDKenworthyWReview of the information security and privacy challenges in Bring Your Own Device (BYOD) environmentsJournal of Information Privacy and Security2015111385410.1080/15536548.2015.1010985
- GefenDPavlouPThe boundaries of trust and risk: the quadratic moderating role of institutional structuresInformation Systems Research201223394095910.1287/isre.1110.0395
- GerlachJWidjajaTBuxmannPHandle with care: how online social network providers’ privacy policies impact users’ information sharing behaviorJournal of Strategic Information Systems2015241334310.1016/j.jsis.2014.09.001
- GibbsJPCrime, Punishment, and Deterrence1975New York, NYElsevier
- GoelSWilliamsKDincelliEGot phished? Internet security and human vulnerabilityJournal of the Association for Information Systems20171812244
- GoesPInformation systems research and behavioral economicsMIS Quarterly2013373iiiviii
- GoodeSHoehleHVenkateshVBrownSAUser compensation as a data breach recovery action: an investigation of the Sony PlayStation network breachMIS Quarterly201741370372710.25300/MISQ/2017/41.3.03
- GreenawayKEChanYECrosslerRECompany information privacy orientation: a conceptual frameworkInformation Systems Journal201525657960610.1111/isj.12080
- Haataja K and Toivanen P (2010) Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures. IEEE Transactions on Wireless Communications9(1).
- HaganJDefiance and despair: subcultural and structural linkages between delinquency and despair in the life courseSocial Forces199776111913410.1093/sf/76.1.119
- Hager CT and Midkiff SF (2003) An analysis of Bluetooth security vulnerabilities. In Wireless Communications and Networking, 2003 (WCNC 2003), pp 1825–1831, IEEE.
- HarringtonSJThe effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentionsMIS Quarterly199620325727810.2307/249656
- Hassan NR and Lowry PB (2015) Seeking middle-range theories in information systems research. In International Conference on Information Systems (ICIS 2015), AIS, Fort Worth, TX.
- Heikkila FM (2007) Encryption: security considerations for portable media devices. IEEE Security & Privacy5(4).
- HerathTRaoHREncouraging information security behaviors in organizations: role of penalties, pressures and perceived effectivenessDecision Support Systems200947215416510.1016/j.dss.2009.02.005
- HerathTRaoHRProtection motivation and deterrence: a framework for security policy compliance in organisationsEuropean Journal of Information Systems200918210612510.1057/ejis.2009.6
- HSUJs-CSHIHS-PHUNGYWLOWRYPBThe role of extra-role behaviors and social controls in information security policy effectivenessInformation Systems Research201526228230010.1287/isre.2015.0569
- HuQDinevTHartPCookeDTop management championship, organizational culture and individual behavior towards information securityDecision Sciences201243461565910.1111/j.1540-5915.2012.00361.x
- HuQXuZCDinevTLingHDoes deterrence work in reducing information security policy abuse by employees?Communications of the ACM2011546344010.1145/1953122.1953142
- HuiKLKimSHWangQHCybercrime deterrence and international legislation: evidence from distributed denial of service attacksMIS Quarterly201741249752310.25300/MISQ/2017/41.2.08
- HuiKLTeoHHLeeSYTThe value of privacy assurance: an exploratory field experimentMIS Quarterly2007311193310.2307/25148779
- HuthCLChadwickDWClaycombWRYouIGuest editorial: a brief overview of data leakage and insider threatsInformation Systems Frontiers20131511410.1007/s10796-013-9419-8
- JohnstonACWarkentinMFear appeals and information security behaviors: an empirical studyMIS Quarterly201034354956610.2307/25750691
- JohnstonACWarkentinMMcBrideMCarterLDispositional and situational factors: influences on information security policy violationsEuropean Journal of Information Systems201625323125110.1057/ejis.2015.15
- JohnstonACWarkentinMSiponenMAn enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoricMIS Quarterly201539111313410.25300/MISQ/2015/39.1.06
- Karame G (2016) On the security and scalability of Bitcoin’s blockchain. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp 1861–1862, ACM.
- KarjalainenMSiponenMToward a new meta-theory for designing information systems (IS) security training approachesJournal of the Association for Information Systems2011128518555
- KarwatzkiSTrenzMTuunainenVKVeitDAdverse consequences of access to individuals’ information: an analysis of perceptions and the scope of organisational influenceEuropean Journal of Information Systems2017
- KeithMJBabbJFurnerCPAbdullatALowryPBLimited information and quick decisions: consumer privacy calculus for mobile applicationsAIS Transactions on Human-Computer Interaction20168388130
- KeithMJBabbJLowryPBFurnerCPAbdullatAThe role of mobile-computing self-efficacy in consumer information disclosureInformation Systems Journal201525463766710.1111/isj.12082
- KeithMJThompsonSCHaleJLowryPBGreerCInformation disclosure on mobile devices: re-examining privacy calculus with actual user behaviorInternational Journal of Human-Computer Studies201371121163117310.1016/j.ijhcs.2013.08.016
- KimCTaoWShinNKIMK-SAn empirical study of customers’ perceptions of security and trust in e-payment systemsElectronic Commerce Research and Applications201091849510.1016/j.elerap.2009.04.014
- KimWJEONGO-RKIMCSOJThe dark side of the Internet: attacks, costs and responsesInformation Systems201136367570510.1016/j.is.2010.11.003
- KokolakisSPrivacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenonComputers & Security201764January12213410.1016/j.cose.2015.07.002
- KordzadehNWarrenJCommunicating personal health information in virtual health communities: an integration of privacy calculus model and affective commitmentJournal of the Association for Information Systems20171814581
- KrishnanVGuptaSAppropriateness and impact of platform-based product developmentManagement Science2001471526810.1287/mnsc.47.1.52.10665
- KwonJJohnsonMEProactive versus reactive security investments in the healthcare sectorMIS Quarterly201438245157210.25300/MISQ/2014/38.2.06
- Lavin F (2017) Traditional retail might not be dead, but It Is In a coffin. Forbes, https://www.forbes.com/sites/franklavin/2017/04/17/traditional-retail-might-not-be-dead-but-it-is-in-a-coffin/#7096e0c549e8, accessed August 31, 2017.
- LeeASRigor and relevance in MIS research: beyond the approach of positivism aloneMIS Quarterly1999231293310.2307/249407
- LeeASThomasMBaskervilleRLGoing back to basics in design science: from the information technology artifact to the information systems artifactInformation Systems Journal201525152110.1111/isj.12054
- LeeCHGengXRaghunathanSMandatory standards and organizational information securityInformation Systems Research2016271708610.1287/isre.2015.0607
- LeeSMLeeSGYooSAn integrative model of computer abuse based on social control and general deterrence theoriesInformation & Management200441670771810.1016/j.im.2003.08.008
- LeeYLarsenKRThreat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware softwareEuropean Journal of Information Systems200918217718710.1057/ejis.2009.11
- LiHSarathyRZhangJLuoXExploring the effects of organizational justice, personal ethics and sanction on internet use policy complianceInformation Systems Journal201424647950210.1111/isj.12037
- LIX-BQINJAnonymizing and sharing medical text recordsInformation Systems Research201728233235210.1287/isre.2016.0676
- LiuCZGal-OrEKemererCFSmithMDCompatibility and proprietary standards: the impact of conversion technologies in IT markets with network effectsInformation Systems Research201122118820710.1287/isre.1090.0255
- LowryPBCaoJEverardAPrivacy concerns versus desire for interpersonal awareness in driving the use of self-disclosure technologies: the case of instant messaging in two culturesJournal of Management Information Systems201127416320010.2753/MIS0742-1222270406
- LowryPBD’ArcyJHammerBMoodyGD‘Cargo Cult’ science in traditional organization and information systems survey research: a case for using nontraditional methods of data collection, including Mechanical Turk and online panelsJournal of Strategic Information Systems201625323224010.1016/j.jsis.2016.06.002
- LowryPBMoodyGDProposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organizational information security policiesInformation Systems Journal201525543346310.1111/isj.12043
- Lowry PB, Moody GD and Chatterjee SS (2017a) Using IT design to prevent cyberbullying. Journal of Management Information Systems 34(3), 1–39. 10.1080/07421222.2017.1373012.
- LowryPBMoodyGDVanceAJensenMLJenkinsJLWellsTUsing an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumersJournal of the Association for Information Science and Technology201263475577610.1002/asi.21705
- LowryPBPoseyCBennettRJRobertsTLLeveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trustInformation Systems Journal201525319323010.1111/isj.12063
- LowryPBPoseyCRobertsTLBennettRJIs your banker leaking your personal information? The roles of ethics and individual-level cultural characteristics in predicting organizational computer abuseJournal of Business Ethics2014121338540110.1007/s10551-013-1705-3
- LowryPBZhangJWangCSiponenMWhy do adults engage in cyberbullying on social media? An integration of online disinhibition and deindividuation effects with the social structure and social learning (SSSL) modelInformation Systems Research201627496298610.1287/isre.2016.0671
- LowryPBZhangJWuTNature or nurture? A meta-analysis of the factors that maximize the prediction of digital piracy by using social cognitive theory as a frameworkComputers in Human Behavior201768March10412010.1016/j.chb.2016.11.015
- LuoXLiaoQAwareness education as the key to ransomware preventionInformation Systems Security200716419520210.1080/10658980701576412
- MartinsonsMGMaDSub-cultural differences in information ethics across China: focus on Chinese management generation gapsJournal of the Association for Information Systems20091011816833
- MenonSSarkarSPrivacy and big data: scalable approaches to sanitize large transactional databases for sharingMIS Quarterly201640496398110.25300/MISQ/2016/40.4.08
- MerhoutJWHavelkaDInformation technology auditing: a value-added IT governance partnership between IT management and auditCommunications of the Association for Information Systems200823126
- MiltgenCSmithHJExploring information privacy regulation, risks, trust, and behaviorInformation & Management201552674175910.1016/j.im.2015.06.006
- MingersJWalshamGToward ethical information systems: the contribution of discourse ethicsMIS Quarterly201034483385410.2307/25750707
- MoodyGDGallettaDFDunnBK Which phish get caught? An exploratory study of individuals’ susceptibility to phishingEuropean Journal of Information Systems2017
- Moura J and Serrão C (2016) Security and privacy issues of big data. Working paperpreprint.
- MyyryLSiponenMPahnilaSVartiainenTVanceAWhat levels of moral reasoning and values explain adherence to information security rules? An empirical studyEuropean Journal of Information Systems200918212613910.1057/ejis.2009.10
- NiemimaaENiemimaaMInformation systems security policy implementation in practice: from best practices to situated practicesEuropean Journal of Information Systems201726112010.1057/s41303-016-0025-y
- OetzelMCSpiekermannSA systematic methodology for privacy impact assessments: a design science approachEuropean Journal of Information Systems201423212615010.1057/ejis.2013.18
- OrlikowskiWJIaconoCSResearch commentary: desperately seeking the “IT” in IT research—a call to theorizing the IT artifactInformation Systems Research200112212113410.1287/isre.12.2.121.9700
- OzdemirZDSmithHJBenamatiJHAntecedents and outcomes of information privacy concerns in a peer context: an exploratory studyEuropean Journal of Information Systems2017
- PaquetteSJaegerPTWilsonSCIdentifying the security risks associated with governmental use of cloud computingGovernment Information Quarterly201027324525310.1016/j.giq.2010.01.002
- ParkerGAlstyneMVJiangXPlatform ecosystems: how developers invert the firmMIS Quarterly201741125526610.25300/MISQ/2017/41.1.13
- ParksRXuHChuCHLowryPBExamining the intended and unintended consequences of organisational privacy safeguardsEuropean Journal of Information Systems2017261376510.1057/s41303-016-0001-6
- PavlouPState of the information privacy literature: where are we now and where should we go?MIS Quarterly201135497798810.2307/41409969
- PeaceAGGallettaDFThongJYLSoftware piracy in the workplace: a model and empirical testJournal of Management Information Systems200320115317710.1080/07421222.2003.11045759
- PoseyCBennettRJRobertsTLLowryPBWhen computer monitoring backfires: invasion of privacy and organizational injustice as precursors to computer abuseJournal of Information System Security2011712447
- PoseyCLowryPBRobertsTLEllisSProposing the online community self-disclosure model: the case of working professionals in France and the UK who use online communitiesEuropean Journal of Information Systems201019218119510.1057/ejis.2010.15
- PoseyCRajaUCrosslerREBurnsAJTaking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USAEuropean Journal of Information Systems2017
- PoseyCRobertsTLLowryPBThe impact of organizational commitment on insiders’ motivation to protect organizational information assetsJournal of Management Information Systems201532417921410.1080/07421222.2015.1138374
- PoseyCRobertsTLLowryPBBennettRJCourtneyJInsiders’ protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviorsMIS Quarterly20133741189121010.25300/MISQ/2013/37.4.09
- PoseyCRobertsTLLowryPBHightowerRBridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insidersInformation & Management201451555156710.1016/j.im.2014.03.009
- Pries-HejeJBaskervilleRThe design theory nexusMIS Quarterly200832473175510.2307/25148870
- RaiAAvoiding type III errors: formulating IS research problems that matterMIS Quarterly2017412iiivii
- RansbothamSMitraSChoice and chance: a conceptual model of paths to information security compromiseInformation Systems Research200920112113910.1287/isre.1080.0174
- RochetJCTiroleJTwo-sided markets: a progress reportRAND Journal of Economics200637364566710.1111/j.1756-2171.2006.tb00036.x
- SampsonRLaubJA life-course view of the development of crimeThe Annals of the American Academy of Political and Social Science20056021124510.1177/0002716205280075
- SimonHAThe Sciences of the Artificial1996Boston, MAMIT Press
- SinghJPasquierTBaconJKoHEyersDTwenty cloud security considerations for supporting the Internet of ThingsIEEE Internet of Things Journal20153326928410.1109/JIOT.2015.2460333
- Siponen M, Pahnila S and Mahmood A (2007) Employees’ adherence to information security policies: an empirical study. In New Approaches for Security, Privacy and Trust in Complex Environments, pp 133–144, Springer, Berlin.
- SiponenMVanceANeutralization: new insights into the problem of employee information systems security policy violationsMIS Quarterly201034348750210.2307/25750688
- SiponenMWillisonRInformation security management standards: problems and solutionsInformation & Management200946526727010.1016/j.im.2008.12.007
- SmithHJDinevTXuHThe information privacy research: an interdisciplinary reviewMIS Quarterly2011354989101610.2307/41409970
- SONJ-YOut of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policiesInformation & Management201148729630210.1016/j.im.2011.07.002
- Song P, Xue L, Rai A and Zhang C (2017) The ecosystem of software platform: a study of asymmetric cross-side network effects and platform governance. MIS Quarterly (forthcoming).
- SpearsJLBarkiHUser participation in information systems security risk managementMIS Quarterly201034350352210.2307/25750689
- StraubDWEffective IS securityInformation Systems Research19901325527610.1287/isre.1.3.255
- SubashiniSKavithaVA survey on security issues in service delivery models of cloud computingJournal of Network and Computer Applications201134111110.1016/j.jnca.2010.07.006
- SumnerMInformation security threats: a comparative analysis of impact, probability, and preparednessInformation Systems Management200926121210.1080/10580530802384639
- TangZHuYJSmithMDGaining trust through online privacy protection: self-regulation, mandatory standards, or caveat emptorJournal of Management Information Systems200824415317310.2753/MIS0742-1222240406
- Te’EniDRoweFÅgerfalkPJLeeJSPublishing and getting published in EJIS: marshaling contributions for a diversity of genresEuropean Journal of Information Systems201524655956810.1057/ejis.2015.20
- TsaiJEgelmanSCranorLAcquistiAThe effect of online privacy information on purchasing behavior: an experiment studyInformation Systems Research201122225426810.1287/isre.1090.0260
- TsiakisTSthephanidesGThe concept of security and trust in electronic paymentsComputers & Security2005241101510.1016/j.cose.2004.11.001
- TsohouAKarydaMKokolakisSKiountouzisEManaging the introduction of information security awareness programmes in organisationsEuropean Journal of Information Systems2015241385810.1057/ejis.2013.27
- TurelOBartCBoard-level IT governance and organizational performanceEuropean Journal of Information Systems201423222323910.1057/ejis.2012.61
- UnderwoodSBlockchain beyond bitcoinCommunications of the ACM20165911151710.1145/2994581
- VenAHEngaged Scholarship: A Guide for Organizational and Social Research2007New YorkOxford University Press
- Vance A, Lowry PB and Eggett D (2015) A new approach to the problem of access policy violations: Increasing perceptions of accountability through the user interface. MIS Quarterly39(2), 345–366.
- VanceALowryPBWilsonDUsing trust and anonymity to expand the use of anonymizing systems that improve security across organizations and nationsSecurity Journal201730397999910.1057/sj.2015.22
- VeigaADEloffJHAn information security governance frameworkInformation Systems Management200724436137210.1080/10580530701586136
- WallJDLowryPBBarlowJOrganizational violations of externally governed privacy and security rules: explaining and predicting selective violations under conditions of strain and excessJournal of the Association for Information Systems20161713976
- WangJGuptaMRaoHRInsider threats in a financial institution: analysis of attack-proneness of information systems applicationsMIS Quarterly20153919111210.25300/MISQ/2015/39.1.05
- WangJLiYRaoHROverconfidence in phishing email detectionJournal of the Association for Information Systems20161711759783
- WangJLiYRaoHRCoping responses in phishing detection: an investigation of antecedents and consequencesInformation Systems Research201728237839610.1287/isre.2016.0680
- WangJXiaoNRaoHRAn exploration of risk characteristics of information security threats and related public information search behaviorInformation Systems Research201526361963310.1287/isre.2015.0581
- WarkentinMJohnstonACWaldenEStraubDWNeural correlates of protection motivation for secure IT behaviors: an fMRI examinationJournal of the Association for Information Systems2016173194215
- WarkentinMWillisonRBehavioral and policy issues in information systems security: the insider threatEuropean Journal of Information Systems200918210110510.1057/ejis.2009.12
- WhettenDFelinTKingBThe practice of theory borrowing in organizational studies: current issues and future directionsJournal of Management200935353756310.1177/0149206308330556
- WhinstonABGengXOperationalizing the essential role of the information technology artifact in information systems research: gray area, pitfalls, and the importance of strategic ambiguityMIS Quarterly200428214915910.2307/25148631
- WillisonRWarkentinMBeyond deterrence: an expanded view of employee computer abuseMIS Quarterly201337112010.25300/MISQ/2013/37.1.01
- Willison R, Warkentin M and Johnston AC (2016) Examining employee computer abuse intentions: Insights from justice, deterrence and neutralization perspectives. Information Systems Journal. https://doi.org/10.1111/isj.12129.
- WorkmanMGaining access with social engineering: an empirical study of the threatInformation Systems Security200716631533110.1080/10658980701788165
- WrightRTJensenMLThatcherJBDingerMMarettKResearch note—influence techniques in phishing attacks: an examination of vulnerability and resistanceInformation Systems Research201425238540010.1287/isre.2014.0522
- XuHTeoHHTanBCYAgarwalRThe role of push-pull technology in privacy calculus: the case of location-based servicesJournal of Management Information Systems2010263137176
- ZahediFMAbbasiAChenYFake-website detection tools: identifying elements that promote individuals’ use and enhance their performanceJournal of the Association for Information Systems2015166448484