0000000000080075
AUTHOR
Marko Niemimaa
Do SETA Interventions Change Security Behavior? : A Literature Review
Information security education, training, and awareness (SETA) are approaches to changing end-users’ security behavior. Research into SETA has conducted interventions to study the effects of SETA on security behavior. However, we lack aggregated knowledge on ‘how do SETA interventions influence security behavior?’. This study reviews 21 empirical SETA intervention studies published across the top IS journals. The theoretical findings show that the research has extended Protection Motivation Theory by (1) enhancements to fear appeals; (2) drawing attention to relevance; (3) incorporating temporality; (4) and shifting from intentions to behavior. In terms of behavior, the SETA interventions h…
Business continuity of business models : Evaluating the resilience of business models for contingencies
Company business models are vulnerable to various contingencies in the business environment that may unexpectedly render their business logic ineffective. In particular, technological advancements, such as the Internet of things, big data, sharing economy and crowdsourcing, have enabled new forms of business models that can effectively and abruptly make traditional business models obsolete. By disrupting or even diminishing companies’ revenue streams, environmental contingencies may present a significant threat to business continuity (BC). Evaluating the resilience of business models against these contingencies should therefore be a core area of BC. However, existing BC approaches tend to f…
Affordances and Agential Realism : A Relational Ontology for a Relational Theory
Relational view of affordance theory has emerged as a viable theory in Information Systems (IS) research to explain variation in IS use. According to this theory, what a specific person can achieve with a technology is neither inherent in the person himself nor on the technology but emerges from their interaction. Despite that such relational view implies relational ontology, the ontological foundations have been insufficiently theorized which limits both its practical and theoretical applicability and explanatory power. In this paper, I suggest that Karen Barad’s relational ontology, known as agential realism, provides coherent and solid foundations for affordances that are especially suit…
Abductive innovations in information security policy development : an ethnographic study
Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research indicates that organisations should create InfoSec policies based on best practices (top-down) and simultaneously encourages participatory development (bottom-up). These contradictory suggestions place managers in a dilemma: Should they follow a top-down or bottom-up approach? In this research, we build on an ethnographic approach to study how an innovative engineering company (MachineryCorp) managed the contradiction when the firm developed an InfoSec policy. Drawing on the …