References
- Abadie, A. Semiparametric difference-in-differences estimators. The Review of Economic Studies 72, 1 (2005), 1–19.
- Adelsman, R.M.; and Whinston, A.B. Sophisticated voting with information for two voting functions. Journal of Economic Theory 15, 1 (1977), 145–159.
- Akerlof, G.A. The market for “lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics 84, 3 (1970), 488–500.
- Angrist, J.D.; and Pischke, J.S. Mostly Harmless Econometrics: An Empiricist’s Companion. Princeton, NJ: Princeton University Press, 2008.
- August, T.; August, R.; and Shin, H. Designing user incentives for cybersecurity. Communications of the ACM 57, 11 (2014), 43–46.
- Autor, D.H. Outsourcing at will: The contribution of unjust dismissal doctrine to the growth of employment outsourcing. Journal of Labor Economics 21, 1 (2003), 1–42.
- Ba, S.; Whinston, A.B.; and Zhang, H. The dynamics of the electronic market: An evolutionary game approach. Information Systems Frontiers 2, 1 (2000), 31–40.
- Baker, J. The technology–organization–environment framework. In, Dwivedi, Y.K., Wade, M.R., and Schneberger, S.L., (eds.), Information Systems Theory: Explaining and Predicting Our Digital Society, Vol. 1, New York, NY: Springer New York, 2012, pp. 231–245.
- Bauer, J.M.; and van Eeten, M.J.G. Cybersecurity: Stakeholder incentives, externalities, and policy options. Telecommunications Policy 33, 10 (2009), 706–719.
- Bergeron, F.; Rivard, S.; and de Serre, L. Investigating the support role of the information center. MIS Quarterly 14, 3 (1990), 247–260.
- Bhatt, G.D.; and Grover, V. Types of information technology capabilities and their role in competitive advantage: An empirical study. Journal of Management Information Systems 22, 2 (2005), 253–277.
- Bose, I.; and Leung, A.C.M. Unveiling the mask of phishing: Threats, preventive measures, and responsibilities. Communications of the Association for Information Systems 19 (2007), 24.
- Bose, I.; and Leung, A.C.M. Do phishing alerts impact global corporations? A firm value analysis. Decision Support Systems 64 (2014), 67–78.
- Bose, I.; and Leung, A.C.M. Adoption of identity theft countermeasures and its short- and long-term impact on firm value. MIS Quarterly 43, 1 (2019), 313–327.
- Brown, S.; and Hillegeist, S.A. How disclosure quality affects the level of information asymmetry. Review of Accounting Studies 12, 2 (2007), 443–477.
- Chatterjee, S.; Sarker, S.; and Valacich, J.S. The behavioral roots of information systems security: Exploring key factors related to unethical IT use. Journal of Management Information Systems 31, 4 (2015), 49–87.
- Chen, Y.; and Zahedi, F. Individuals’ internet security perceptions and behaviors: Polycontextual contrasts between the United States and China. MIS Quarterly 40, 1 (2016), 205.
- D’Arcy, J.; Hovav, A.; and Galletta, D. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research 20, 1 (2009), 79–98.
- Eeten, M.; and Bauer, J. Economics of malware: Security decisions, incentives and externalities. OECD Science, Technology and Industry Working Papers, Directorate for Science, Technology and Industry, OECD, Paris, France, 2008.
- Efron, B. An Introduction to the Bootstrap. New York: Chapman & Hall, 1993.
- Gal-Or, E.; and Ghose, A. The economic incentives for sharing security information. Information Systems Research 16, 2 (2005), 186–208.
- Gordon, L.A.; Loeb, M.P.; and Lucyshyn, W. Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 19, 2 (2003), 1–7.
- Gordon, L.A.; Loeb, M.P.; and Sohail, T. Market value of voluntary disclosures concerning information security. MIS Quarterly 34, 3 (2010), 567–594.
- He, S.; Lee, G.M.; Han, S.; and Whinston, A.B. How would information disclosure influence organizations’ outbound spam volume? Evidence from a field experiment. Journal of Cybersecurity 2, 1 (2016), 99–118.
- Heckman, J.J.; and Smith, J.A. Assessing the case for social experiments. The Journal of Economic Perspectives 9, 2 (1995), 85–110.
- Hui, K.-L.; Kim, S.; and Wang, Q.-H. Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks. MIS Quarterly 41, 2 (2017), 497.
- Jolliffe, I.T. Principal Component Analysis. New York: Springer-Verlag, 2002.
- Kim, S.; Wang, Q.-H.; and Ullrich, J. A comparative study of cyberattacks. Communications of the ACM 55, 3 (2012), 66–73.
- Kim, S.H.; and Kim, B.C. Differential effects of prior experience on the malware resolution process. MIS Quarterly 38, 3 (2014), 655–678.
- Kuan, K.K.Y.; and Chau, P.Y.K. A perception-based model for EDI adoption in small businesses using a technology–organization–environment framework. Information & Management 38, 8 (2001), 507–521.
- Kunreuther, H.; and Heal, G. Interdependent security. Journal of Risk and Uncertainty 26, 2 (2003), 231–249.
- Kwon, J.; and Johnson, E.M. Meaningful healthcare security: Does meaningful-use attestation improve information security performance? MIS Quarterly 42, 4 (2018), 1043–1067.
- Lee, J.K. Research framework for AIS grand vision of the Bright ICT initiative. MIS Quarterly 39, 2 (2015), iii–xii.
- Lee, J.K.; Cho, D.; and Lim, G.G. Design and validation of the Bright Internet. Journal of the Association for Information Systems 19, 2 (2018), 63–85.
- Menard, P.; Bott, G.J.; and Crossler, R.E. User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems 34, 4 (2017), 1203–1230.
- Mitra, S.; and Ransbotham, S. Information disclosure and the diffusion of information security attacks. Information Systems Research 26, 3 (2015), 565–584.
- Moore, T. The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection 3, 3 (2010), 103–117.
- Moore, T.; and Clayton, R. The impact of public information on phishing attack and defense. Communications & Strategies 1, 81 (2011), 45–68.
- Moore, T.; Clayton, R.; and Anderson, R. The economics of online crime. Journal of Economic Perspectives 23, 3 (2009), 3–20.
- Morgan, K.L.; and Rubin, D.B. Rerandomization to improve covariate balance in experiments. The Annals of Statistics 40, 2 (2012), 1263–1282.
- Öğüt, H.; Raghunathan, S.; and Menon, N. Cyber security risk management: Public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection. Risk Analysis 31, 3 (2011), 497–512.
- Png, I.P.L.; Wang, C.-Y.; and Wang, Q.-H. The deterrent and displacement effects of information security enforcement: International evidence. Journal of Management Information Systems 25, 2 (2008), 125–144.
- Quarterman, J.S.; Linden, L.L.; Tang, Q.; Lee, G.M.; and Whinston, A.B. Spam and botnet reputation randomized control trials and policy. The 41st Research Conference on Communication, Information and Internet Policy, George Mason University, Arlington, VA, 2013.
- Rubin, D.B. Basic concepts of statistical inference for causal effects in experiments and observational studies. Cambridge, MA: Harvard University, 2004, pp. 1–140.
- Sanchez, F.; Duan, Z.; and Dong, Y. Blocking spam by separating end-user machines from legitimate mail server machines. Security and Communication Networks 9, 4 (2016), 316–326.
- Santanam, R.; Sethumadhavan, M.; and Virendra, M. Cyber Security, Cyber Crime and Cyber Forensics: Applications and Perspectives. Hershey, United States: IGI Global, 2010.
- Sen, R.; and Borle, S. Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems 32, 2 (2015), 314–341.
- Shetty, N.; Schwartz, G.; and Walrand, J. Can competitive insurers improve network security? In, Acquisti, A., Smith, S.W., and Sadeghi, A.-R., (eds.), Trust and Trustworthy Computing, Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 308–322.
- Sommer, A.; and Zeger, S.L. On estimating efficacy from clinical trials. Statistics in Medicine 10, 1 (1991), 45–52.
- Symantec. Internet security threat report 2016. Mountain View, CA, 2016.
- Symantec. Internet security threat report 2017. Mountain View, CA, 2017.
- Tan, C.L.; Chiew, K.L.; Wong, K.; and Sze, S.N. Phishwho: Phishing webpage detection via identity keywords extraction and target domain name finder. Decision Support Systems 88 (2016), 18–27.
- Tang, Q.; and Whinston, A.B. Do reputational sanctions deter negligence in information security management? A field quasi-experiment. Production and Operations Management 29, 2 (2020), 410–427.
- van Wanrooij, W.; and Pras, A. Filtering spam from bad neighborhoods. International Journal of Network Management 20, 6 (2010), 433–444.
- Wang, J.; Xiao, N.; and Rao, H.R. Research note—an exploration of risk characteristics of information security threats and related public information search behavior. Information Systems Research 26, 3 (2015), 619–633.
- Weill, P. The relationship between investment in information technology and firm performance: A study of the valve manufacturing sector. Information Systems Research 3, 4 (1992), 307–333.
- Wright, R.T.; Jensen, M.L.; Thatcher, J.B.; Dinger, M.; and Marett, K. Influence techniques in phishing attacks: An examination of vulnerability and resistance. Information Systems Research 25, 2 (2014), 385–400.
- Zeng, V.; Baki, S.; Aassal, A.E.; Verma, R.; Moraes, L.F.T.D.; and Das, A. Diverse datasets and a customizable benchmarking framework for phishing. In Proceedings of the Sixth International Workshop on Security and Privacy Analytics, New York: ACM Press, 2020.
- Zhou, W.; and Piramuthu, S. IoT security perspective of a flexible healthcare supply chain. Information Technology and Management 19, 3 (2018), 141–153.
- Zhu, K.; and Kraemer, K.L. Post-adoption variations in usage and value of e-business by organizations: Cross-country evidence from the retail industry. Information Systems Research 16, 1 (2005), 61–84.
- Zhu, K.; Kraemer, K.; and Xu, S. Electronic business adoption by European firms: A cross-country assessment of the facilitators and inhibitors. European Journal of Information Systems 12, 4 (2003), 251–268.
- Zhu, K.; Kraemer, K.L.; and Dedrick, J. Information technology payoff in e-business environments: An international perspective on value creation of e-business in the financial services industry. Journal of Management Information Systems 21, 1 (2004), 17–54.