1
|
Li W, Liu R, Sun L, Guo Z, Gao J. An Investigation of Employees' Intention to Comply with Information Security System-A Mixed Approach Based on Regression Analysis and fsQCA. INTERNATIONAL JOURNAL OF ENVIRONMENTAL RESEARCH AND PUBLIC HEALTH 2022; 19:16038. [PMID: 36498115 PMCID: PMC9737675 DOI: 10.3390/ijerph192316038] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 10/17/2022] [Revised: 11/22/2022] [Accepted: 11/28/2022] [Indexed: 06/17/2023]
Abstract
Employee security compliance behavior has become an important safeguard to protect the security of corporate information assets. Focusing on human factors, this paper discusses how to regulate and guide employees' compliance with information security systems through effective methods. Based on protection motivation theory (PMT), a model of employees' intention to comply with the information security system was constructed. A questionnaire survey was adopted to obtain 224 valid data points, and SPSS 26.0 was applied to verify the hypotheses underlying the research model. Then, based on the results of a regression analysis, fuzzy set qualitative comparative analysis (fsQCA) was used to explore the conditional configurations that affect employees' intention to comply with the information security system from a holistic perspective. The empirical results demonstrated that perceived severity, perceived vulnerability, response efficacy, and self-efficacy all positively influenced the employees' intention to comply with the information security system; while rewards and response costs had a negative effect. Threat appraisal had a greater effect on employees' intention to comply with the information security system compared to response appraisal. The fsQCA results showed that individual antecedent conditions are not necessary to influence employees' intention to comply with an information security system. Seven pathways exist that influence an employees' intention to comply with an information security system, with reward, self-efficacy, and response cost being the core conditions having the highest probability of occurring in each configuration of pathways, and with perceived severity and self-efficacy appearing in the core conditions of configurations with an original coverage greater than 40%. Theoretically, this study discusses the influence of the elements of PMT on employees' intention to comply with an information security system, reveals the mechanism of influence of the combination of the influencing factors on the outcome variables, and identifies the core factors and auxiliary factors in the condition configurations, providing a new broader perspective for the study of information security compliance behavior and providing some theoretical support for strengthening enterprise security management. Practically, targeted suggestions are proposed based on the research results, to increase the intention of enterprise employees to comply with information security systems, thereby improving the effectiveness of enterprise information security management and the degree of information security in enterprises.
Collapse
Affiliation(s)
- Wenqin Li
- School of Management, Xi’an University of Science and Technology, Xi’an 710054, China
| | - Rongmin Liu
- School of Management, Xi’an University of Science and Technology, Xi’an 710054, China
- Research Center for Human Factors and Management Ergonomics, Xi’an University of Science and Technology, Xi’an 710054, China
| | - Linhui Sun
- School of Management, Xi’an University of Science and Technology, Xi’an 710054, China
- Research Center for Human Factors and Management Ergonomics, Xi’an University of Science and Technology, Xi’an 710054, China
| | - Zigu Guo
- School of Management, Xi’an University of Science and Technology, Xi’an 710054, China
- Research Center for Human Factors and Management Ergonomics, Xi’an University of Science and Technology, Xi’an 710054, China
| | - Jie Gao
- School of Management, Xi’an Jiaotong University, Xi’an 710049, China
| |
Collapse
|
2
|
Parks RF, Wigand RT, Benjamin Lowry P. Balancing information privacy and operational utility in healthcare: proposing a privacy impact assessment (PIA) framework. EUR J INFORM SYST 2022. [DOI: 10.1080/0960085x.2022.2103044] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/03/2022]
Affiliation(s)
- Rachida F Parks
- Computer Information Systems, Quinnipiac University, Hamden, Quinnipiac, USA
| | - Rolf T Wigand
- Emeritus College at Arizona State University, Scottsdale, Arizona, USA
| | - Paul Benjamin Lowry
- Pamplin College of Business Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, Virginia, USA
| |
Collapse
|
3
|
Hodapp D, Hanelt A. Interoperability in the era of digital innovation: An information systems research agenda. JOURNAL OF INFORMATION TECHNOLOGY 2022. [DOI: 10.1177/02683962211064304] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Abstract
Digital innovation enables new forms of cyber-physical innovation based on digital business ecosystems. However, the realization of the opportunities arising from such innovation substantially hinges on interoperability, that is, the ability of two or more systems to exchange information and understand that exchanged information. While interoperability is a long-standing topic in research and practice alike and a valuable knowledge base exists, digital innovation poses novel challenges that might not be covered by conventional wisdom. Accordingly, we review the literature and, first, propose an organizing framework for existing interoperability knowledge involving the contextual conditions of low interoperability, the mechanisms to increase interoperability, and the associated outcomes. Second, we use the framework to identify previous research foci in the scholarly discourse about interoperability and to discuss the potential limitations of this past work in light of digital innovation. Third, we propose a research agenda that enables information systems (IS) research to address the identified limitations—involving conceptual, scoping, and methodological issues—and provide specific recommendations on how to address the identified issues in future IS research. Finally, we propose five major research topics for further inquiry by combining the challenges identified in current knowledge with the current shift toward hyper-connected ecosystems underlying digital innovation.
Collapse
Affiliation(s)
| | - André Hanelt
- Chair of Digital Transformation Management, School of Economics and Management, University of Kassel, Kassel, Germany
| |
Collapse
|
4
|
Demystifying mobile banking apps security through gender, education, privacy, and trust intervention. INTERNATIONAL JOURNAL OF E-ADOPTION 2022. [DOI: 10.4018/ijea.294859] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/09/2022]
Abstract
The escalating of mobile banking apps has decongested the banking hall, especially in developing countries, and the penetration of mobile banking apps is crucial for both financial institutions and customers. This study reviewed existing relevant literature from the Web of Science to position this study well and dwelled on a theoretical foundation for the exposition of the interrelation of trust and privacy as an antecedent of mobile banking app security. The quantitative method was employed and banking customers data using SmartPLS 3.0 version with different data analysis techniques such as structural equation modelling, multigroup data analysis, interaction effects, and importance-performance analysis. This study results show the intervention of gender and education. It also indicates that the orientation and persuasion of banking customers to the point of higher trust is a determinant of security assurance of using mobile banking apps. This study discusses the theoretical and managerial impacts with the limitation of the study and projects into the future.
Collapse
|
5
|
Zorina A, Bélanger F, Kumar N, Clegg S. Watchers, Watched, and Watching in the Digital Age: Reconceptualization of Information Technology Monitoring as Complex Action Nets. ORGANIZATION SCIENCE 2021. [DOI: 10.1287/orsc.2021.1435] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/20/2022]
Abstract
Despite increasing studies of information technology (IT) monitoring, our understanding of how IT-mediates relations between the watcher and watched remains limited in two areas. First, either traditional actor-centric frameworks assuming predefined watcher-watched relationships (e.g., panopticon or synopticon) are adopted or monitoring actors are removed to focus on data flows (e.g., dataveillance, assemblages, panspectron). Second, IT monitoring research predominantly assumes IT artifacts to be stable, bounded, designed objects, with prescribed uses which provides an oversimplified view of actor relationships. To redress these limitations, a conceptual framework of veillance applicable to a variety of possible IT or non-IT-mediated relationships between watcher and watched is developed. Using the framework, we conduct a conceptual review of the literature, identifying IT-enabled monitoring and transformations of actors, goals, mechanisms and foci and develop an action net model of IT veillance where IT artifacts are theorized as equivocal, distributable and open for diverse use, open to edits and contributions by unbounded sets of heterogenous actors characterized by diverse goals and capabilities. The action net of IT veillance is defined as a flexible decentralized interconnected web shaped by multidirectional watcher-watched relationships, enabling multiple dynamic goals and foci. Cumulative contributions by heterogenous participants organize and manipulate the net, having an impact through influencing dispositions, visibilities and the inclusion/exclusion of self and others. The model makes three important theoretical contributions to our understanding of IT monitoring of watchers and watched and their relationships. We discuss implications and avenues for future studies on IT veillance.
Collapse
Affiliation(s)
- Aljona Zorina
- Leeds University Business School, Leeds LS2 9JT, United Kingdom
| | | | - Nanda Kumar
- Zicklin School of Business, Baruch College, City University of New York, New York, New York 10010
| | - Stewart Clegg
- Nova School of Business and Economics Campus de Carcavelos, 2775-405 Carcavelos, Cascais, Portugal
- University of Stavanger Business School, 8600 Forus, Norway
| |
Collapse
|
6
|
Contradicting challenges: the complexity of documenting personal information in a regulatory environment. RECORDS MANAGEMENT JOURNAL 2021. [DOI: 10.1108/rmj-06-2020-0023] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Purpose
Many organizations are challenged by different and, perhaps, opposite, registration and protection obligations of information regarding their employees. The purpose of this paper is to explore how organizations balance the registration obligations of the Icelandic equal pay standard (EPS) and the protection requirements of the general data protection regulation (GDPR). It aims to raise awareness of how information professionals can ensure that documentation on the education and skills of employees is authentic, traceable and secure.
Design/methodology/approach
The analytical framework covered multiple-cases and semi-structured interviews with various professionals and comprehensive documentary analysis.
Findings
The findings indicate that the organizations were not properly prepared for the implementation of the EPS and were hesitant regarding further registration of personal information due to GDPR. Documentary analysis also revealed critical attitudes towards the legal endorsement of the standard and its potential success.
Originality/value
There is a lack of studies explaining the juxtaposition of information and records management and the legal and regulatory environment. This paper provides a unique description of how information and recordkeeping practices function with the requirements of the EPS whilst complying with GDPR. The results could bring valuable opportunities for the information profession regarding the development, implementation, administration and maintenance of documentary evidence regarding the requirements of international and national standards and legislations and advance their collaboration with other professionals in the management of information.
Collapse
|
7
|
An interdisciplinary view of social engineering: A call to action for research. COMPUTERS IN HUMAN BEHAVIOR REPORTS 2021. [DOI: 10.1016/j.chbr.2021.100126] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/20/2022] Open
|
8
|
Chandrasekaran R, Sankaranarayanan B, Pendergrass J. Unfulfilled promises of health information exchange: What inhibits ambulatory clinics from electronically sharing health information? Int J Med Inform 2021; 149:104418. [PMID: 33640839 DOI: 10.1016/j.ijmedinf.2021.104418] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 11/12/2020] [Revised: 02/11/2021] [Accepted: 02/14/2021] [Indexed: 11/18/2022]
Abstract
PURPOSE This study seeks to understand the key inhibitors for health information exchange (HIE) by ambulatory (outpatient) clinics. We examine the key technological, organizational and environmental factors that inhibit an ambulatory clinic from electronically exchanging health information with external clinics and hospitals. METHODS We utilize survey data from 1285 ambulatory clinics in the US state of Minnesota. Using logistic regressions, we assess if the ambulatory clinic's HIE with external clinics and external hospitals are associated with fourteen inhibitors from technological, organizational and environmental contexts in which ambulatory clinics operate. RESULTS Among the technological inhibitors, we find lack of adequate technological infrastructure, difficulties in integrating external data with electronic medical record systems, and security concerns to inhibit ambulatory clinics' HIE with both clinics and hospitals. Inadequate technical support was a barrier for HIE with hospitals, whereas inadequate training of staff was an inhibitor for clinic-to-clinic HIE. Of the environmental variables, legal concerns and complexity in framing HIE agreements with partners were found to inhibit ambulatory clinics' HIE with both external clinics and hospitals. Lack of partner readiness and ability was an inhibiting factor for clinic-to-hospital HIE whereas issues in patient consent, and problems in choosing the right vendor with a good fit were inhibiting ambulatory clinics' HIE with other clinics. Among the organizational variables, lack of adequate senior leadership support and complexity of workflow changes inhibited clinic-to-clinic health data sharing, whereas unclear return on investment (ROI) for HIE was a deterrent for ambulatory clinics' HIE with hospitals. CONCLUSIONS This study throws light on electronic HIE practices and its key inhibitors in ambulatory clinics, an understudied area in digital health. This paper provides unique insights into specific inhibitors that deter clinic-to-clinic health information sharing versus those that affect and clinic-to-hospital health information exchange.
Collapse
Affiliation(s)
| | - Balaji Sankaranarayanan
- Department of IT and Supply Chain Management, University of Wisconsin at Whitewater, United States.
| | - John Pendergrass
- Department of Operations Management and Information Systems, Northern Illinois University, United States.
| |
Collapse
|
9
|
The Role of Information Systems in the Sustainable Development of Enterprises: A Systematic Literature Network Analysis. SUSTAINABILITY 2020. [DOI: 10.3390/su12083337] [Citation(s) in RCA: 16] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 01/21/2023]
Abstract
Information Systems (IS) play an important role in improving the efficiency of firms’ operations and supply chains, which links to sustainability. Therefore, this study conducted a systematic literature network analysis to review 132 articles that discuss current trends in the IS discipline. Based on a citation network analysis, this study discovered three main research domains (sustainable competitive advantage, environmental sustainability, and sustainable online social communities), and two emerging research domains (the role of IS in developing countries and sustainable information infrastructures). Furthermore, a main path analysis was conducted to understand the knowledge structure of each research domain. This addresses how different trends are reflected in the IS literature related to improving firms’ competitive advantages and environmental sustainability. The results found that the sustainable competitiveness of enterprises is improved by the synergy between IS and other recourses within in the enterprises. Green IS initiatives not only solve the issues of environmental sustainability, but also enhance sustainable competitive advantage (i.e., stock price). As social media becomes the optimal enterprise communication channel, this study discusses the factors affecting sustainable online social community, such as structural dynamics (i.e., membership size, communication activity), social dynamics (the basic nature of interactions among members), participation costs, and topic consistency. Overall, the Information System literature is highly focused on three areas—economy, environment, and society, which supports Triple Bottom Line theory.
Collapse
|
10
|
Fan L, Gil-Garcia JR, Song Y, Cronemberger F, Hua G, Werthmuller D, Burke GB, Costello J, Meyers BR, Hong X. Sharing big data using blockchain technologies in local governments: Some technical, organizational and policy considerations. INFORMATION POLITY 2019. [DOI: 10.3233/ip-190156] [Citation(s) in RCA: 8] [Impact Index Per Article: 1.6] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 12/29/2022]
Affiliation(s)
- Lingjun Fan
- Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China
| | - J. Ramon Gil-Garcia
- University at Albany, State University of New York, USA
- Universidad de las Americas Puebla, Cholula, Mexico
| | - Yi Song
- Renming University, Beijing, China
| | | | - Gang Hua
- Ningbo Academy of Smart City Development, Zhejiang, China
| | | | | | - Jim Costello
- University at Albany, State University of New York, USA
| | | | - Xuehai Hong
- Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China
| |
Collapse
|
11
|
Yang X, Wang X, Yue WT, Sia CL, Luo X(R. Security Policy Opt-in Decisions in Bring-Your-Own-Device (BYOD) – A Persuasion and Cognitive Elaboration Perspective. JOURNAL OF ORGANIZATIONAL COMPUTING AND ELECTRONIC COMMERCE 2019. [DOI: 10.1080/10919392.2019.1639913] [Citation(s) in RCA: 4] [Impact Index Per Article: 0.8] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/26/2022]
Affiliation(s)
- Xue Yang
- School of Business (Management), Nanjing University, Nanjing, Jiangsu, China
| | - Xinwei Wang
- Faculty of Business and Economics, University of Auckland, Auckland, New Zealand
| | - Wei Thoo Yue
- Department of Information Systems, City University of Hong Kong, Hong Kong, China
| | - Choon Ling Sia
- Department of Information Systems, City University of Hong Kong, Hong Kong, China
| | - Xin (Robert) Luo
- Robert O. Anderson School of Management, The University of New Mexico (UNM), Albuquerque, NM, USA
| |
Collapse
|