Advanced search
Publication Cover
Journal of Organizational Computing and Electronic Commerce Volume 29, 2019 - Issue 4
Submit an article Journal homepage
919
Views
6
CrossRef citations to date
0
Altmetric
Articles

Security Policy Opt-in Decisions in Bring-Your-Own-Device (BYOD) – A Persuasion and Cognitive Elaboration Perspective

Xue YangSchool of Business (Management), Nanjing University, Nanjing, Jiangsu, ChinaCorrespondence[email protected]
View further author information
,
Xinwei WangFaculty of Business and Economics, University of Auckland, Auckland, New ZealandView further author information
,
Wei Thoo YueDepartment of Information Systems, City University of Hong Kong, Hong Kong, ChinaView further author information
,
Choon Ling SiaDepartment of Information Systems, City University of Hong Kong, Hong Kong, ChinaView further author information
&
Xin (Robert) LuoRobert O. Anderson School of Management, The University of New Mexico (UNM), Albuquerque, NM, USAView further author information
Pages 274-293 | Published online: 18 Jul 2019

References

  • Akers, R. 1990. Rational choice, deterrence, and social learning theory in criminology: The path not taken. The Journal of Criminal Law and Criminology 81 (3):653–76. doi:10.2307/1143850.
  • Anderson, C., R. L. Baskerville, and M. Kaul. 2017. Information security control theory: Achieving a sustainable reconciliation between sharing and protecting the privacy of information. Journal of Management Information Systems 34 (4):1082–112. doi:10.1080/07421222.2017.1394063.
  • Anderson, C. L., and R. Agarwal. 2010. Practicing safe computing: A multimedia empirical examination of home computer user security behavioral intentions. MIS Quarterly 34 (3):613–43. doi:10.2307/25750694.
  • Bulgurcu, B., H. Cavusoglu, and I. Benbasat. 2010. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly 34 (3):523–48. doi:10.2307/25750690.
  • Cavusoglu, H., B. Mishra, and S. Raghunathan. 2004. The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce 9 (1):69–104. doi:10.1080/10864415.2004.11044320.
  • Chen, Y., K. Ramamurthy, and K. Wen. 2012. Organizations’ information security policy compliance: Stick or carrot approach? Journal of Management Information Systems 29 (3):157–88. doi:10.2753/MIS0742-1222290305.
  • Cohen, J. 1968. Weighted kappa: Nominal scale agreement provision for scaled disagreement or partial credit. Psychological Bulletin 70 (4):213–20.
  • Costa, G., A. Merlo, L. Verderame, and A. Armando. 2018. Automatic security verification of mobile app configurations. Future Generation Computer Systems (80):519–36. doi:10.1016/j.future.2016.06.014.
  • Crossler, R. E., J. H. Long, T. M. Loraas, and B. S. Trinkle. 2014. Understanding compliance with Bring Your Own Device policies utilizing protection motivation theory: Bridging the intention-behavior gap. Journal of Information Systems 28 (1):209–26. doi:10.2308/isys-50704.
  • Crossler, R. E., J. H. Long, T. M. Loraas, and B. S. Trinkle. 2017. The impact of moral intensity and ethical tone consistency on policy compliance. Journal of Information Systems 31 (2):49–64. doi:10.2308/isys-51623.
  • D’Arcy, J., A. Hovav, and D. Galletta. 2009. User awareness of security counter-measures and its impact on information systems misuse: A deterrence approach. Information Systems Research 20 (1):79–98. doi:10.1287/isre.1070.0160.
  • D’Arcy, J., and S. Devaraj. 2012. Employee misuse of information technology resources: Testing a contemporary deterrence model. Decision Sciences 43 (6):1091–124. doi:10.1111/j.1540-5915.2012.00383.x.
  • Dainton, M., and E. D. Zelley. 2017. Applying communication theory for professional life: A practical introduction. Sage Publications, Inc.
  • de Las Cuevas, P., A. M. Mora, J. J. Merelo, P. A. Castillo, P. Garcia-Sanchez, and A. Fernandez-Ares. 2015. Corporate security solutions for BYOD: A novel user-centric and self-adaptive system. Computer Communications 68:83–95. doi:10.1016/j.comcom.2015.07.019.
  • Fazio, R. H. 1995. Attitudes as object-evaluation associations: Determinants, consequences, and correlates of attitude accessibility. In Attitude strength: Antecedents and consequences, ed. R. E. Petty, and J. A. Krosnick, 247–82. Mahwah, NJ: Erlbaum.
  • French, A. M., C. Guo, and J. P. Shim. 2014. Current status, issues, and future of Bring Your Own Device (BYOD). Communications of the Association for Information Systems 35:191–97. doi:10.17705/1CAIS.
  • Gass, R. H., and J. S. Seiter. 2010. Persuasion, social influence, and compliance gaining. 4th ed. Boston: Allyn & Bacon.
  • Ghosh, A., P. K. Gajar, and S. Rai. 2013. Bring your own device (BYOD): Security risks and mitigating strategies. International Journal of Global Research in Computer Science 4 (4):62–70.
  • Herath, T., and H. R. Rao. 2009. Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems 47:154–65. doi:10.1016/j.dss.2009.02.005.
  • Hovav, A., and F. F. Putri. 2016. This is my device! why should i follow your rules? employees’ compliance with byod security policy. Pervasive and Mobile Computing 32:35-49. doi:10.1016/j.pmcj.2016.06.007.
  • Hsu, J. S. C., S. Shih, Y. Hung, and P. B. Lowry. 2015. The role of extra-role behaviors and social controls in information security policy effectiveness. Information Systems Research 26 (2):282–300. doi:10.1287/isre.2015.0569.
  • Koeffer, S., K. Ortbach, I. Junglas, B. Niehaves, and J. Harris. 2015. Innovation through BYOD? The influence of IT consumerization on individual IT innovation behavior. Business & Information Systems Engineering 57 (6):363–75. doi:10.1007/s12599-015-0387-z.
  • Lowry, P. B., C. Posey, R. J. Bennett, and T. L. Roberts. 2015. Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal 25 (3):193–230. doi:10.1111/isj.12063.
  • Malaviya, P. 2007. The moderating influence of advertising context on ad repetition effects: The role of amount and type of elaboration. Journal of Consumer Research 34 (1):32–40. doi:10.1086/513044.
  • McCann, C. D., E. T. Higgins, and R. A. Fondacaro. 1991. Primacy and recency in communication and self-persuasion: How successive audiences and multiple encodings influence subsequent evaluative judgments. Social Cognition 9 (1):47–66. doi:10.1521/soco.1991.9.1.47.
  • Moody, G. D., M. Siponen, and S. Pahnila. 2018. Toward a unified model of information security policy compliance. MIS Quarterly 42 (1):285–+. doi:10.25300/MISQ/2018/13853.
  • Myyry, L., M. Siponen, S. Pahnila, T. Vartiainen, and A. Vance. 2009. What levels of moral reasoning and values explain adherence to information security rules? An empirical study. European Journal of Information Systems 18 (2):126–39. doi:10.1057/ejis.2009.10.
  • Nenkov, G. Y., J. J. Inman, and J. Hulland. June 2008. Considering the future: The conceptualization and measurement of elaboration on potential outcomes. Journal of Consumer Research 35:126–41. doi:10.1086/525504.
  • Pahnila, S., M. Siponen, and A. Mahmood (2007). Employees’ behavior towards is security policy compliance. In Proceedings of the 40th Hawaii International Conference on System Sciences, Los Alamitos, CA: IEEE Computer Society Press, pp. 156–66.
  • Palvia, P., M. D. Kakhki, T. Ghoshal, V. Uppala, and W. Wang. 2015. Methodological and topic trends in information systems research: A meta-analysis of IS journals. Communications of the Association for Information Systems 37:30. doi:10.17705/1CAIS.
  • Petty, R. E. 1995. Attitude change. In Advances in social psychology, ed. A. Tesser, 194–255. New York: McGraw–Hill.
  • Petty, R. E., C. Haugtvedt, and S. M. Smith. 1995. Elaboration as a determinant of attitude strength: Creating attitudes that are persistent, resistant, and predictive of behavior. In Attitude strength: Antecedents and consequences, ed. R. E. Petty, and J. A. Krosnick, 93–130. Mahwah, NJ: Erlbaum.
  • Petty, R. E., and D. T. Wegener. 1999. The elaboration likelihood model: Current status and controversies. In Dual process theories in social psychology, ed. S. Chaiken, and Y. Trope, 41–72. New York: Guilford Press.
  • Schmitz, K. W., J. T. C. Teng, and K. J. Webb. 2016. Capturing the complexity of malleable IT use: Adaptive structuration theory for individuals. MIS Quarterly 40 (3):663–+. doi:10.25300/MISQ/2016/40.3.07.
  • Siboni, S., A. Shabtai, and Y. Elovici. 2018. An attack scenario and mitigation mechanism for enterprise BYOD environments. ACM SIGAPP Applied Computing Review 18 (2):5–21. doi:10.1145/3243064.
  • Siponen, M. T., S. Pahnila, and A. Mahmood. 2007. Employees’ adherence to information security policies: An empirical study. In New approaches for security, privacy and trust in complex environments, ed. H. Venter, M. Eloff, L. Labuschagne, J. Eloff, and R. von Solms, 133–44. Boston: Springer.
  • Siponen, M. T., and A. Vance. 2010. Neutralization: New insight into the problem of employee information systems security policy violations. MIS Quarterly 34 (3):487–502. doi:10.2307/25750688.
  • Smith, S. M., L. R. Fabrigar, B. L. Macdougall, and N. L. Wiesenthal. 2008. The role of amount, cognitive elaboration, and structural consistency of attitude-relevant knowledge in the formation of attitude certainty. European Journal of Social Psychology 38 (2):280–95. doi:10.1002/(ISSN)1099-0992.
  • Smith, S. M., and R. E. Petty. 1996. Message framing and persuasion: A message processing analysis. Personality and Social Psychology Bulletin 22 (3):257–68. doi:10.1177/0146167296223004.
  • Stoneburner, G., A. Goguen, and A. Feringa. 2002. Risk management guide for information technology systems. Gaithersburg, MD: NIST Special Publications 800–30, White Paper, United States Department of Commerce.
  • Street, M. D., S. C. Douglas, S. W. Geiger, and M. J. Martinko. 2001. The impact of cognitive expenditure on the ethical decision-making process: The cognitive elaboration model. Organizational Behavior and Human Decision Processes 86 (2):256–77. doi:10.1006/obhd.2001.2957.
  • Tyler, T. R., and S. L. Blader. 2005. Can businesses effectively regulate employee conduct? The antecedents of rule following in work settings. Academy of Management Journal 48 (6):1143–58. doi:10.5465/amj.2005.19573114.
  • Vance, M., S. Siponen, and S. Pahnila. 2012. Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management 49 (3–4):190–98. doi:10.1016/j.im.2012.04.002.
  • van't Riet, J., R. A. Ruiter, M. Q. Werrij, M. J. Candel, and H. de Vries. 2010. Distinct pathways to persuasion: the role of affect in message-framing effects. European Journal Of Social Psychology 40 (7):1261–76. doi:10.1002/ejsp.722
  • Vorakulpipat, C., S. Sirapaisan, E. Rattanalerdnusorn, and V. Savangsuk. 2017. A policy-based framework for preserving confidentiality in BYOD environments: A review of information security perspectives. In Security and communication networks.
  • Ward, J., H. Dogan, E. T. Apeh, A. Mylonas, and V. Katos. April 8–14, 2017. Using human factor approaches to an organisation’s bring your own device scheme. 5th International Conference on Human Aspects of Information Security, Privacy and Trust, Vancouver, Canada.
  • Warkentin, M., K. Davis, and E. Bekkering. 2004. Introducing the check-off password system (cops): An advancement in user authentication methods and information security. Journal of Organizational and End User Computing 16 (3):41–58. doi:10.4018/JOEUC.
  • Warkentin, M., and R. Willison. 2009. Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems 18 (2):101–05. doi:10.1057/ejis.2009.12.
  • Weber, R. P. 1990. Basic content analysis, quantitative applications in the social sciences. Beverly Hills, CA: Sage.
  • Weeger, A., Wang, X., Gewald, H., Raisinghani, M., Sanchez, O., Grant, G., & Pittayachawan, S. (2015). Determinants of intention to participate in corporate BYOD-Programs: The case of digital natives. Information Systems Frontiers, 1–17.
  • Williams, K., and R. Hawkins. 1986. Perceptual research on general deterrence: A critical review. Law and Society Review 20 (4):545–72. doi:10.2307/3053466.
  • Willison, R., and M. Warkentin. 2013. Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly 37 (1):1–20. doi:10.25300/MISQ.
  • Wyer,R.S. 2002. Language and advertising effectiveness: Mediating influences of comprehension and cognitive elaboration. Psychology & Marketing 19 (7–8):693–712. doi:10.1002/(ISSN)1520-6793.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.