Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders
暂无分享,去创建一个
Tom L. Roberts | Ross T. Hightower | Paul Benjamin Lowry | Clay Posey | Clay Posey | P. Lowry | T. Roberts | Ross T. Hightower
[1] Mikko T. Siponen,et al. Information security management standards: Problems and solutions , 2009, Inf. Manag..
[2] K. Witte. Fear control and danger control: A test of the extended parallel process model (EPPM) , 1994 .
[3] Detmar W. Straub,et al. Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..
[4] Gurpreet Dhillon,et al. Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..
[5] Laurie J. Kirsch,et al. If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security , 2009, Eur. J. Inf. Syst..
[6] Maureen L. Ambrose,et al. Sabotage in the workplace: The role of organizational injustice , 2002 .
[7] Michael E. Whitman. Enemy at the gate: threats to information security , 2003, CACM.
[8] Bruce Schneier,et al. Secrets and Lies: Digital Security in a Networked World , 2000 .
[9] Young U. Ryu,et al. Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..
[10] D. Straub. Effective IS Security , 1990 .
[11] Mikko T. Siponen,et al. Using the theory of interpersonal behavior to explain non-work-related personal use of the Internet at work , 2013, Inf. Manag..
[12] Ann Blandford,et al. Bridging the gap between organizational and user perspectives of security in the clinical domain , 2005, Int. J. Hum. Comput. Stud..
[13] Paul Slovic,et al. Why worry? Worry, risk perceptions, and willingness to act to reduce medical errors. , 2006, Health psychology : official journal of the Division of Health Psychology, American Psychological Association.
[14] U. Gneezy,et al. Journal of Economic Perspectives—Volume 25, Number 4—Fall 2011—Pages 191–210 When and Why Incentives (Don’t) Work to Modify Behavior , 2022 .
[15] Xin Luo,et al. Consumer motivations in taking action against spyware: an empirical investigation , 2009, Inf. Manag. Comput. Secur..
[16] P. Hartel. Overcoming the insider: reducing employee computer crime through situational crime prevention: Willison R., Siponen M. Communications of the ACM 52(9): 133-137, 2009 , 2009 .
[17] Younghwa Lee,et al. Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software , 2009, Eur. J. Inf. Syst..
[18] David J. Pauleen,et al. An Inductively Derived Model of Leader-Initiated Relationship Building with Virtual Team Members , 2003, J. Manag. Inf. Syst..
[19] Mikko T. Siponen,et al. Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..
[20] Klaus Krippendorff,et al. Content Analysis: An Introduction to Its Methodology , 1980 .
[21] Christopher Hadnagy,et al. Social Engineering: The Art of Human Hacking , 2010 .
[22] Qing Hu,et al. Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.
[23] Gurpreet Dhillon,et al. Computer crimes: theorizing about the enemy within , 2001, Comput. Secur..
[24] E. Seydel,et al. Protection Motivation Theory , 2022 .
[25] P. Slovic,et al. Risk Perception and Affect , 2006 .
[26] Steven Prentice-Dunn,et al. Protection motivation theory. , 1997 .
[27] Tero Vartiainen,et al. What levels of moral reasoning and values explain adherence to information security rules? An empirical study , 2009, Eur. J. Inf. Syst..
[28] Lakshmi Goel,et al. Exploring the dynamics of blog communities: the case of MetaFilter , 2009, Inf. Syst. J..
[29] Anat Hovav,et al. Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..
[30] Sanjay Goel,et al. Estimating the market impact of security breach announcements on firm values , 2009, Inf. Manag..
[31] D. S. Gochman,et al. Handbook of health behavior research , 1997 .
[32] Detmar W. Straub,et al. Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..
[33] P. Slovic. Perception of risk. , 1987, Science.
[34] Mikko T. Siponen,et al. Which Factors Explain Employees' Adherence to Information Security Policies? An Empirical Study , 2007, PACIS.
[35] James Backhouse,et al. Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..
[36] H. Raghav Rao,et al. Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..
[37] Eirik Albrechtsen,et al. A qualitative study of users' view on information security , 2007, Comput. Secur..
[38] Thomas Peltier,et al. Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .
[39] Rajendra P. Srivastava,et al. An Information Systems Security Risk Assessment Model Under the Dempster-Shafer Theory of Belief Functions , 2006, J. Manag. Inf. Syst..
[40] Merrill Warkentin,et al. Behavioral and policy issues in information systems security: the insider threat , 2009, Eur. J. Inf. Syst..
[41] M. Patton,et al. Qualitative evaluation and research methods , 1992 .
[42] Clay Posey,et al. When Computer Monitoring Backfires: Invasion of Privacy and Organizational Injustice as Precursors to Computer Abuse , 2011 .
[43] Irene Woon,et al. A Protection Motivation Theory Approach to Home Wireless Security , 2005, ICIS.
[44] M. Whitman,et al. Management Of Information Security , 2004 .
[45] Mikko T. Siponen,et al. Overcoming the insider: reducing employee computer crime through Situational Crime Prevention , 2009, CACM.
[46] R. W. Rogers,et al. Effects of components of protection-motivation theory on adaptive and maladaptive coping with a health threat. , 1987, Journal of personality and social psychology.
[47] S. Krimsky,et al. Social Theories of Risk , 1992 .
[48] R. Folger,et al. RETALIATION IN THE WORKPLACE: THE ROLES OF DISTRIBUTIVE, PROCEDURAL, AND INTERACTIONAL JUSTICE , 1997 .
[49] Eirik Albrechtsen,et al. The information security digital divide between information security managers and users , 2009, Comput. Secur..
[50] Isabelle Fagnot,et al. Behavioral Information Security , 2007 .
[51] Jackie Rees Ulmer,et al. Management of Information Security: Challenges and Research Directions , 2007, Commun. Assoc. Inf. Syst..
[52] Michael D. Myers,et al. The qualitative interview in IS research: Examining the craft , 2007, Inf. Organ..
[53] Izak Benbasat,et al. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..
[54] Merrill Warkentin,et al. Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..
[55] Mary Lacity,et al. Understanding Qualitative Data: A Framework of Text Analysis Methods , 1994, J. Manag. Inf. Syst..
[56] Tom L. Roberts,et al. Insiders' Protection of Organizational Information Assets: Development of a Systematics-Based Taxonomy and Theory of Diversity for Protection-Motivated Behaviors , 2013, MIS Q..
[57] R. Bennett,et al. Development of a measure of workplace deviance. , 2000, The Journal of applied psychology.
[58] Anat Hovav,et al. Deterring internal information systems misuse , 2007, CACM.
[59] Jeffrey M. Stanton,et al. The Visible Employee: Using Workplace Monitoring and Surveillance to Protect Information Assets—Without Compromising Employee Privacy or Trust , 2006 .
[60] Tom L. Roberts,et al. Motivating the Insider to Protect Organizational Information Assets: Evidence from Protection Motivation Theory and Rival Explanations , 2011 .
[61] Detmar W. Straub,et al. Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..
[62] Yajiong Xue,et al. Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..
[63] Nic Fleming. The bonus myth: How paying for results backfires , 2011 .
[64] R. Rogers. Cognitive and physiological processes in fear appeals and attitude change: a revised theory of prote , 1983 .
[65] Leiser Silva,et al. Fighting Against Windmills: Strategic Information Systems and Organizational Deep Structures , 2007, MIS Q..
[66] Qing Hu,et al. User behaviour towards protective information technologies: the role of national cultural differences , 2009, Inf. Syst. J..
[67] K. Witte. Putting the fear back into fear appeals: The extended parallel process model , 1992 .
[68] Huseyin Cavusoglu,et al. The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..
[69] B.J. Brooker,et al. A Framework for the Evaluation of State Breach Reporting Laws , 2007, 2007 IEEE Systems and Information Engineering Design Symposium.
[70] Dennis F. Galletta,et al. User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..
[71] Matthew B. Miles,et al. Qualitative Data Analysis: An Expanded Sourcebook , 1994 .
[72] Tom L. Roberts,et al. Proposing the online community self-disclosure model: the case of working professionals in France and the U.K. who use online communities , 2010, Eur. J. Inf. Syst..
[73] David E. Cook. Information Security Management: Global Changes in the New Millennium , 2002, Eur. J. Inf. Syst..
[74] Xiaolan Fu,et al. The Impact of Individualism—Collectivism, Social Presence, and Group Diversity on Group Decision Making Under Majority Influence , 2007, J. Manag. Inf. Syst..
[75] Richard Baskerville,et al. A longitudinal study of information system threat categories: the enduring problem of human error , 2005, DATB.
[76] B. Frey,et al. Motivation crowding theory , 2001 .
[77] Melissa L. Finucane,et al. Risk as Analysis and Risk as Feelings: Some Thoughts about Affect, Reason, Risk, and Rationality , 2004, Risk analysis : an official publication of the Society for Risk Analysis.
[78] M. Goldberg,et al. What to Convey in Antismoking Advertisements for Adolescents: The use of Protection Motivation Theory to Identify Effective Message Themes , 2003 .
[79] Mikko T. Siponen,et al. A Critical Assessment of IS Security Research between 1990-2004 , 2007, ECIS.
[80] Detmar W. Straub,et al. Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..
[81] Andrea Everard,et al. Privacy Concerns Versus Desire for Interpersonal Awareness in Driving the Use of Self-Disclosure Technologies: The Case of Instant Messaging in Two Cultures , 2011, J. Manag. Inf. Syst..
[82] James Backhouse,et al. Opportunities for computer crime: considering systems risk from a criminological perspective , 2006, Eur. J. Inf. Syst..
[83] R. W. Rogers,et al. Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change , 1983 .
[84] Yajiong Xue,et al. Avoidance of Information Technology Threats: A Theoretical Perspective , 2009, MIS Q..
[85] Houston H. Carr,et al. Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..
[86] R. Willison,et al. Motivations for employee computer crime: understanding and addressing workplace disgruntlement through the application of organisational justice , 2009 .