Advanced search
Publication Cover
Information Systems Management Volume 36, 2019 - Issue 4
Submit an article Journal homepage
949
Views
10
CrossRef citations to date
0
Altmetric
Regular Articles

Information Security Behavior: A Cross-Cultural Comparison of Irish and US Employees

Lena Y. ConnollySchool of Law, University of Leeds, Leeds, UKCorrespondence[email protected]
View further author information
,
Michael LangBusiness Information Systems, National University of Ireland Galway, Galway, IrelandView further author information
&
David S. WallSchool of Law, University of Leeds, Leeds, UKView further author information
Pages 306-322 | Published online: 09 Aug 2019

References

  • Adler, N. J., & Gundersen, A. (2008). International dimensions of organizational behavior. Eagan, MN: Thomson/South-Western.
  • Alderson, S., & Kakabadse, A. (1994). Business ethics and Irish management: A cross-cultural study. European Management Journal, 12(4), 432–441. doi:10.1016/0263-2373(94)90029-9
  • Ali, M., & Brooks, L. (2009). A situated cultural approach for cross-cultural studies in IS. Journal of Enterprise Information Management, 22(5), 548–563. doi:10.1108/17410390910993536
  • Al-Mukahal, H. M., & Alshare, K. (2015). An examination of factors that influence the number of information security policy violations in Qatari organizations. Information & Computer Security, 23(1), 102–118. doi:10.1108/ICS-03-2014-0018
  • Asai, T., & Hakizabera, A. U. (2010). Human‐related problems of information security in East African cross‐cultural environments. Information Management & Computer Security, 18(5), 328–338. doi:10.1108/09685221011095245
  • Asai, T., Siripukdee, S., Waluyan, L., & Noguera, S. (2009). Potential problems on information security management in cross-cultural environment – A study of cases of foreign companies including Japanese companies in Thailand. International Journal of Japan Association for Management Systems, 1(1), 91–100.
  • Baskerville, R., & Pries-Heje, J. (2004). Short cycle time systems development. Information Systems Journal, 14(3), 237–264. doi:10.1111/isj.2004.14.issue-3
  • Becker, T. E., Billings, R. S., Eveleth, D. M., & Gilbert, N. L. (1996). Foci and bases of employee commitment: Implications for job performance. Academy of Management Journal, 39(2), 464–482.
  • Bik, O. P. G. (2010). The behavior of assurance professionals: A cross-cultural perspective. Amsterdam, Netherlands: Eburon Academic Publishers.
  • Chen, C. C., Medlin, B. D., & Shaw, R. S. (2008). A cross‐cultural investigation of situational information security awareness programs. Information Management & Computer Security, 16(4), 360–376. doi:10.1108/09685220810908787
  • Chen, Y., & Zahedi, F. M. (2016). Individuals’ internet security perceptions and behaviors: Polycontextual contrasts between the United States and China. MIS Quarterly, 40(1), 205–222. doi:10.25300/MISQ
  • Chipperfield, C., & Furnell, S. (2010). From security policy to practice: Sending the right messages. Computer Fraud & Security, 3, 13–19. doi:10.1016/S1361-3723(10)70025-7
  • Clugston, M., Howell, J. P., & Dorfman, P. W. (2000). Does cultural socialization predict multiple bases and foci of commitment? Journal of Management, 26(1), 5–30. doi:10.1177/014920630002600106
  • Cockroft, S., & Rekker, S. (2016). The relationship between culture and information privacy policy. Electronic Markets, 26, 55–72. doi:10.1007/s12525-015-0195-9
  • Connolly, L., Lang, M., Gathegi, J., & Tygar, D. (2017). Organisational culture, procedural countermeasures, and employee security behaviour: A qualitative study. Information and Computer Security, 25(2), 118–136. doi:10.1108/ICS-03-2017-0013
  • Cram, W. A., Proudfoot, J. C., & D’Arcy, J. (2017). Organizational information security policies: A review and research framework. European Journal of Information Systems, 26(6), 605–641. doi:10.1057/s41303-017-0059-9
  • Crossler, R. E., Johnston, A. C., Lowry, P. B., Hud, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90–101. doi:10.1016/j.cose.2012.09.010
  • Da Veiga, A., & Eloff, J. H. P. (2007). An information security governance framework. Information Systems Management, 24, 361–372. doi:10.1080/10580530701586136
  • De Pillis, E., & Reardon, K. K. (2007). The influence of personality traits and persuasive messages on entrepreneurial intention: A cross-cultural comparison. Career Development International, 12(4), 382–396. doi:10.1108/13620430710756762
  • Dinev, T., Goo, J., Hu, Q., & Nam, K. (2009). User behaviour towards protective information technologies: The role of national cultural differences. Information Systems Journal, 19, 391–412.
  • Eisenhardt, K. M. (1989). Building theories from case study research. Academy of Management Review, 14(4), 532–550. doi:10.5465/amr.1989.4308385
  • FBI. (2016). 2016 Internet crime report. Federal Bureau of Investigation, Internet Crime Complaint Centre. Retrieved from. https://pdf.ic3.gov/2016_IC3Report.pdf
  • FBI. (2017). 2017 Internet crime report. Federal Bureau of Investigation, Internet Crime Complaint Centre. Retrieved from. https://pdf.ic3.gov/2017_IC3Report.pdf
  • Flores, W. R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, 90–110. doi:10.1016/j.cose.2014.03.004
  • García-Crespo, Á., Colomo-Palacios, R., Soto-Acosta, P., & Ruano-Mayoral, M. (2010). A qualitative study of hard decision making in managing global software development teams. Information Systems Management, 27, 247–252. doi:10.1080/10580530.2010.493839
  • Glaser, B. G., & Strauss, A. L. (1967). The discovery of grounded theory: Strategies for qualitative research. New York: Aldine de Gruyter.
  • Goffee, R., & Jones, G. (1996). What holds the modern company together? Harvard Business Review, 74(6), 133–148.
  • Guo, K. H. (2013). Security-related behavior in using information systems in the workplace: A review and synthesis. Computers & Security, 32, 242–251. doi:10.1016/j.cose.2012.10.003
  • Hall, E. T. (1976). Beyond culture. Garden City, NY: Anchor Press/Doubleday.
  • Hernandez-Ortega, B., Aldas-Manzano, J., Ruiz-Mafe, C., & Sanz-Blas, S. (2017). Perceived value of advanced mobile messaging services: A cross-cultural comparison of Greek and Spanish users. Information Technology & People, 30(2), 324–355.
  • Hofstede, G. H. (1980). Culture’s consequences: International differences in work-related values. Beverly Hills, CA: Sage Publications.
  • Hofstede, G. H. (2001). Culture’s consequences: Comparing values, behaviors, institutions, and organizations across nations. Thousand Oaks, CA: Sage Publications.
  • Hofstede, G. H., Hofstede, G. J., & Minkov, M. (2010). Cultures and organizations. New York, NY: McGraw-Hill Publishing.
  • House, R. J., Hanges, P. J., Javidan, M., Dorfman, P. W., & Gupta, V. (2004). Culture, leadership, and organizations. Thousand Oaks, CA: Sage Publications.
  • Hovav, A., & D’Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea. Information & Management, 49(2), 99–110. doi:10.1016/j.im.2011.12.005
  • Hult, G. T. M., Ketchen, D. J., Griffith, D. A., Finnegan, C. A., Gonzalez-Padron, T., Harmancioglu, N., … Cavusgil, S. T. (2008). Data equivalence in cross-cultural international business research: Assessment and guidelines. Journal of International Business Studies, 39(6), 1027–1044. doi:10.1057/palgrave.jibs.8400396
  • IDPC (Irish Data Protection Commissioner). (2017). Annual Report of the Data Protection Commissioner. Retrieved from https://www.dataprotection.ie/docimages/documents/DPC%20Annual%20Report%202017.pdf
  • Ifinedo, P. (2009). Information technology security management concerns in global financial services institutions: Is national culture a differentiator? Information Management & Computer Security, 17(5), 372–387. doi:10.1108/09685220911006678
  • Karlsson, F., Åström, J., & Karlsson, M. (2015). Information security culture: State-of-the-art review between 2000 and 2013. Information & Computer Security, 23(3), 246–285. doi:10.1108/ICS-05-2014-0033
  • Karlsson, F., & Hedström, K. (2014). End user development and information security culture. In T. Tryfonas & I. Askoxylakis (Eds.), HAS 2014: Human aspects of information security, privacy, and trust, LNCS (Vol. 8533, pp. 246–257). New York, NY: Springer.
  • Keating, M., Martin, G. S., Resick, C. J., & Dickson, M. W. (2007). A comparative study of the endorsement of ethical leadership in Ireland and the United States. Irish Journal of Management, 28 (1), 5–30.
  • Kwak, D.-H., McAlister Kizzier, D., Zo, H., & Jung, E. (2011). Understanding security knowledge and national culture: A comparative investigation between Korea and the US. Asia Pacific Journal of Information Systems, 21(3), 51–69.
  • Leidner, D. E., & Kayworth, T. (2006). A review of culture in information systems research: Toward a theory of information technology culture conflict. MIS Quarterly, 30(2), 357–399. doi:10.2307/25148735
  • Lincoln, Y., & Guba, E. (1985). Naturalistic inquiry. Beverly Hills, CA: Sage Publications Inc.
  • Lowry, P. B., Cao, J., & Everard, A. (2011). Privacy concerns versus desire for interpersonal awareness in driving the use of self-disclosure technologies: The case of instant messaging in two cultures. Journal of Management Information Systems, 27(4), 163–200. doi:10.2753/MIS0742-1222270406
  • Matavire, R., & Brown, I. (2013). Profiling grounded theory approaches in information systems research. European Journal of Information Systems, 22(1), 119–129. doi:10.1057/ejis.2011.35
  • Maykut, P., & Morehouse, R. (1994). Beginning qualitative research: A philosophic and practical guide. London: The Falmer Press.
  • McHugh, O., Conboy, K., & Lang, M. (2011). Using agile practices to build trust in an agile team: A case study. In J. Pokorny, V. Repa, K. Richta, W. Wojtkowski, H. Linger, C. Barry & M. Lang (Eds.), Information systems development - Business systems and services: Modeling and development (pp. 503–516). New York, NY: Springer.
  • Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook. Thousand Oaks, CA: Sage.
  • Moody, G. D., Siponen, M., & Pahnila, P. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285–312. doi:10.25300/MISQ/2018/13853
  • Myers, M. D., & Tan, F. (2002). Beyond models of national culture in information systems research. Journal of Global Information Management, 10(1), 24–32. doi:10.4018/JGIM
  • PwC. (2018). Pulling fraud out of the shadows: Global economic crime and fraud survey 2018. Retrieved from https://www.pwc.com/gx/en/forensics/global-economic-crime-and-fraud-survey-2018.pdf
  • Saran, C. (2016). Human error causes more data loss than malicious attacks. Computer Weekly, June 2. Retrieved from http://www.computerweekly.com/news/450297535/Human-error-causes-more-data-loss-than-malicious-attacks
  • Schmidt, M. B., Johnston, A. C., Arnett, K. P., Chen, J. Q., & Li, S. (2008). A cross-cultural comparison of US and Chinese computer security awareness. Journal of Global Information Management, 16(2), 91–103. doi:10.4018/jgim.2008040106
  • Schneider, S. C. (1988). National vs. corporate culture: Implications for human resource management. Human Resource Management, 27, 231–246. doi:10.1002/(ISSN)1099-050X
  • Schwartz, S. H. (1994). Beyond individualism-collectivism: New cultural dimensions of values. In U. Kim, H. C. Triandis, C. Kagitcibasi, S. Choi, & S. G. Yoon (Eds.), Individualism and collectivism: Theory method and applications (pp. 85–119). Thousand Oaks, CA: Sage Publications.
  • Shaaban, H., & Conrad, M. (2013). Democracy, culture and information security: A case study in Zanzibar. Information Management & Computer Security, 21(3), 191–201. doi:10.1108/IMCS-09-2012-0057
  • Silic, M., & Back, A. (2014). Information security: Critical review and future directions for research. Information Management & Computer Security, 22(3), 279–308.
  • Simon, S., & Cagle, C. (2017). Culture’s impact on trust, distrust, and intentions in data theft environments: A cross-cultural exploratory study. Journal of Global Information Technology Management, 20(4), 214–235. doi:10.1080/1097198X.2017.1388672
  • Siripukdee, S., Waluyan, L., Noguera, S., & Asai, T. (2010). Empirical analysis of human-related problems on information security in cross-cultural environment: Focusing on Japanese companies in Thailand. Journal of Japan Society for Information and Management, 30(4), 96–106. Retrieved from https://www.jstage.jst.go.jp/article/jsim/30/4/30_KJ00009209453/_pdf
  • Trompenaars, F. (1996). Resolving international conflict: Culture and business strategy. Business Strategy Review, 7(3), 51–68. doi:10.1111/busr.1996.7.issue-3
  • Useem, J., Useem, R. H., & Donoghue, J. (1963). Men in the middle of the third-culture: The role of American and Non-Western people in cross-cultural administration. Human Organization, 22(3), 169–179.
  • van Wessel, R., Yang, X., & de Vries, H. K. (2011). Implementing international standards for information security management in China and Europe: A comparative multi-case study. Technology Analysis & Strategic Management, 23(8), 865–879.
  • Wallach, E. J. (1983). Individuals and organizations: The cultural match. Training and Development Journal, 37(2), 28–36.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.