0000000000180371

AUTHOR

Mikko T. Siponen

showing 42 related works from this author

When more is less: The other side of artificial intelligence recommendation

2022

Based on consumers' preferences, AI (artificial intelligence) recommendation automatically filters information, which provokes scholars' debate. Supporters believe that by analyzing the consumers' preferences, AI recommendation enables consumers to choose products more quickly and with lower cost. Critics deem that consumers are more easily trapped in information cocoons because of the use of AI recommendation. This reduces the possibility of consumers contacting with a variety of commodities, thus lowering the consumer decision quality. Based on experiments, this paper discusses the moderating role of AI recommendation on the relationship of consumers' preferences and information cocoons. …

verkkokauppabusiness.industryStrategy and Managementconsumer decision qualitysuosittelujärjestelmätDecision qualityinformation cocoonGeneral Decision ScienceskuluttajakäyttäytyminentekoälyostopäätöksetAI recommendationGeneralLiterature_MISCELLANEOUSManagement Information SystemsVariety (cybernetics)ComputingMethodologies_PATTERNRECOGNITIONControl and Systems EngineeringManagement of Technology and Innovationconsumers' preferencesLower costArtificial intelligenceBusiness and International ManagementEmpirical evidencebusinessEngineering (miscellaneous)Journal of Management Science and Engineering
researchProduct

State of the Art in Information Security Policy Development

2020

Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ISP development by examining a diverse sample of literature on the subject. The definition and function of an ISP is studied first, revealing a rich tapestry of different notions behind the same term. When looking at the broad picture of the research on ISP development methods, we find different phases and levels of detail. Analyzing the different views on the content, context, and strategy alignment provides for further understanding on the complexity of the matter. As an o…

General Computer ScienceComputer scienceliterature reviewmedia_common.quotation_subjectContext (language use)Sample (statistics)02 engineering and technologyOutcome (game theory)information security policyconcept definitionState (polity)development method0202 electrical engineering electronic engineering information engineeringtietoturvaFunction (engineering)media_commonComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSpolicy developmenttietoturvapolitiikka020206 networking & telecommunicationsSubject (documents)kehittäminenInformation securityData scienceTerm (time)Information security policy020201 artificial intelligence & image processingLawkäsiteanalyysi
researchProduct

Mechanistic Explanations and Deliberate Misrepresentations

2020

The philosophy of mechanisms has developed rapidly during the last 30 years. As mechanisms-based explanations (MBEs) are often seen as an alternative to nomological, law-based explanations, MBEs could be relevant in IS. We begin by offering a short history of mechanistic philosophy and set out to clarify the contemporary landscape. We then suggest that mechanistic models provide an alternative to variance and process models in IS. Finally, we highlight how MBEs typically contain deliberate misrepresentations. Although MBEs have recently been advocated as critical realist (CR) accounts in IS, idealizations (deliberate misrepresentations) seem to violate some fundamental tenets of CR and rese…

Philosophy of sciencemechanisms-based explanationsselittäminenmekanismitPsychologyNaturalismEpistemologyProceedings of the Annual Hawaii International Conference on System Sciences
researchProduct

Examining the side effects of organizational Internet monitoring on employees

2020

PurposeInternet monitoring in organizations can be used to monitor risks associated with Internet usage and information systems in organizations, such as employees' cyberloafing behavior and information security incidents. Extant research has mainly discussed the effect of Internet monitoring in achieving the targeted goals (e.g. mitigating cyberloafing behavior and information security incidents), but little attention has been paid to the possible side effects of Internet monitoring. Drawing on affective events theory, the authors attempt to reveal that Internet monitoring may cause side effects on employees' Internet usage policy satisfaction, intrinsic work motivation and affective organ…

Economics and EconometricsSociology and Political ScienceInternet privacypolicy satisfactionAffective events theorykäyttöExtant taxontyöntekijätInformation systemseurantatietoturvakäyttötutkimusriskitWork motivationInternettyömotivaatiobusiness.industryCommunicationSoftware developmentInternet monitoringsitoutuminenInformation securityfield experimentaffective organizational commitmentThe InternetseurantatutkimusbusinessPsychologyInternet monitoringintrinsic work motivationInternet Research
researchProduct

Narrowing the Theory’s or Study’s Scope May Increase Practical Relevance

2019

Philosophy of scienceScope (project management)Computer scienceRelevance (information retrieval)EpistemologyProceedings of the Annual Hawaii International Conference on System Sciences
researchProduct

A Design Theory for Secure Information Systems Design Methods

2006

Many alternative methods for designing secure information systems (SIS) have been proposed to ensure system security. However, within all the literature on SIS methods, there exists little theoretically grounded work that addresses the fundamental requirements and goals of SIS design. This paper first uses design theory to develop a SIS design theory framework that defines six requirements for SIS design methods, and second, shows how known SIS design methods fail to satisfy these requirements. Third, the paper describes a SIS design method that does address these requirements and reports two empirical studies that demonstrate the validity of the proposed framework. peerReviewed

Iterative designComputer scienceDistributed computingAxiomatic designComputer Science ApplicationsHardware_GENERALSystems engineeringDesigntheorySystems designProbabilistic designIDEF4Design methodsInformation SystemsDesign technologyHardware_LOGICDESIGN
researchProduct

Determinants of Individual Knowledge Innovation Behavior

2021

With the upsurge of "emotional storm" in the field of organizational behavior, the studies on individual emotions in organizational context are rising. Especially the relationship between emotions and knowledge innovation has attracted much attention by scholars. In particular, individual emotions may exert great effect on knowledge innovation whereas the mechanism is still unclear. Based on the emotional event theory, this paper constructs a model which explores the interaction of positive and negative emotions with individual knowledge innovation. Based on questionnaire data analysis, the results show that knowledge sharing partly mediate the relationship between positive emotion and know…

Human-Computer InteractionIndividual knowledgeKnowledge managementbusiness.industryStrategy and ManagementPsychologybusinessComputer Science ApplicationsJournal of Organizational and End User Computing
researchProduct

Toward a Unified Model of Information Security Policy Compliance

2018

Information systems security (ISS) behavioral research has produced different models to explain security policy compliance. This paper (1) reviews 11 theories that have served the majority of previous information security behavior models, (2) empirically compares these theories (Study 1), (3) proposes a unified model, called the unified model of information security policy compliance (UMISPC), which integrates elements across these extant theories, and (4) empirically tests the UMISPC in a new study (Study 2), which provided preliminary empirical support for the model. The 11 theories reviewed are (1) the theory of reasoned action, (2) neutralization techniques, (3) the health belief model,…

Information Systems and ManagementManagement scienceComputer scienceturvallisuus05 social sciencesTheory of planned behaviorRational choice theoryContext (language use)02 engineering and technologyInformation securitySecurity policyinformation system securityComputer Science ApplicationsManagement Information SystemsTheory of reasoned actionEmpirical researchunified theory020204 information systems0502 economics and business0202 electrical engineering electronic engineering information engineering050211 marketingsurveyBalance theoryInformation Systemstietojärjestelmät
researchProduct

Toward a Theory of Information Systems Security Behaviors of Organizational Employees: A Dialectical Process Perspective

2019

Practice-/policy-oriented abstract: Understanding why employees do or do not comply with information systems security (ISS) procedures is an imperative in today’s organizations whose futures often depend on how well they protect and harness information assets. We use a predominantly inductive approach to develop a theoretical understanding of how employees’ reasons for engaging to ISS behaviors (ISSBs) change over time, using ideas from dialectics as our scaffolding. Our dialectical view of this process suggests that explanations for engaging in different ISSBs change over time as individuals seek to balance contradictory demands. Furthermore, our view suggests that new experiences and ext…

DialecticInformation Systems and ManagementKnowledge managementComputer Networks and Communicationsbusiness.industry05 social sciencesPerspective (graphical)Information systems security02 engineering and technologyLibrary and Information SciencesManagement Information Systems020204 information systemsProcess theory0502 economics and business0202 electrical engineering electronic engineering information engineering050211 marketingSociologybusinessFutures contractInformation SystemsInformation Systems Research
researchProduct

How does information technology– based service degradation influence consumers’ use of services? An information technology–based service degradation …

2019

Information technology is crucial for modern services. Service delivery may include a complex mix of information technology and telecommunication providers, global networks and customers’ information technology devices. This research focuses on service failures that are caused by information technology problems, which we conceptualize as information technology-based service degradation (ITSD). When information technology-based service degradation occurs in a modern service, the information technology problem may originate from the service provider, another partner or any information technology equipment involved. But the customer may not be able to pinpoint the source of the problem immedi…

Service (business)Process managementinformation technology–based service degradationService delivery frameworkbusiness.industryStrategy and ManagementDecision theorystage theoryInformation technologyonline service qualityLibrary and Information SciencesStage theoryService failureUse of servicesGlobal networkbusinessInformation SystemsDegradation (telecommunications)
researchProduct

How Do Mobile ICTs Enable Organizational Fluidity: Toward a Theoretical Framework

2017

Abstract The focus of this theoretical paper is to investigate how mobile information and communication technologies (ICTs) give rise to the notion of organizational fluidity. Drawing upon previous literature, five affordances of mobile ICTs − mobility, connectedness, interoperability, identifiability, and personalization − are discussed. Delving into the concept of organizational fluidity, the paper captures three dimensions of organizational fluidity, namely, team fluidity, task fluidity, and control fluidity. The paper then develops propositions on how different combinations of the mobile ICT affordances influence each of the dimensions of organizational fluidity. The contributions and i…

ta113EngineeringInformation Systems and ManagementKnowledge managementbusiness.industrySocial connectedness05 social sciencesInteroperability02 engineering and technologyManagement Information SystemsPersonalizationInformation and Communications Technologymobile information020204 information systems0502 economics and business0202 electrical engineering electronic engineering information engineeringICTSorganizational fluiditybusinessAffordancemobilization050203 business & managementcommunication technologieswork-processesInformation SystemsInformation & Management
researchProduct

Shall we follow? Impact of reputation concern on information security managers’ investment decisions

2020

Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline practices. The present paper uses reputational herding theory to explain the decision made by infosec managers to use a “let's follow others” strategy in this context. Based on a sample of 106 organizations in Finland, we find that infosec managers’ ability to accurately predict the benefit of infosec investment, as well as their reputations, have significant effects on motivating them to discount their own information. Infosec managers’ discounting of their own informatio…

General Computer Sciencemedia_common.quotation_subjectpäätöksentekoorganisaatiotContext (language use)02 engineering and technologydecision makingdiscount own informationtietohallintojohtajat0202 electrical engineering electronic engineering information engineeringHerdingtietoturvauncertaintyBaseline (configuration management)media_commonDiscountingActuarial sciencetietoturvapolitiikka020206 networking & telecommunicationsInformation securityInvestment (macroeconomics)maineenhallintareputational herdingInfosec investmentInvestment decisions020201 artificial intelligence & image processingBusinessLawReputationComputers & Security
researchProduct

To Calculate or To Follow Others : How Do Information Security Managers Make Investment Decisions?

2019

Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents managers from applying costbenefit analysis in practice. Instead, information security managers may follow experts’ recommendations or the practices of other organizations. The present paper examines factors that influence information security managers’ investment decisions from the reputational herding perspective. The study was conducted using survey questionnaire data collected from 106 organizations in Finland. The findings of the study reveal that the ability and reputation …

FinanceInternetbusiness.industryuusi talouspäätöksentekotietoturvapolitiikkaInformation securitysecuritydecision-makinginformation systemsdigital economyherding strategyInvestment decisionsyksityisyysinformation security investmentsBusinesstietoturvatietojärjestelmät
researchProduct

Speak their Language : Designing Effective Messages to Improve Employees’ Information Security Decision Making

2018

Employee disinterest in information security remains one of the greatest impediments to effective information security management programs. How can organizations enhance the persuasiveness of the information security messages used to warn employees of threats and encourage employees to take specific actions to improve their security? We use fear appeal theory and the elaboration likelihood model to argue that security messages presented using more personally relevant language are more likely to induce employees to engage in the recommended protective security behaviors. Our strategy uses organization identification theory to segment employees into two groups and then develops security messa…

Information Systems and Managementinformation securityStrategy and Managementmedia_common.quotation_subjectpäätöksentekoorganisaatiot02 engineering and technologydecision makingsecurity messages020204 information systemsManagement of Technology and Innovation0502 economics and businesstyöntekijätviestit0202 electrical engineering electronic engineering information engineeringta518tietoturvamedia_commonviestintäta113organizationsbusiness.industry05 social sciencesInformation securityPublic relationsGeneral Business Management and AccountingyrityksetemployeesmessagesRhetorical theoryRhetoricbusinessPsychology050203 business & management
researchProduct

Personal use of technology at work : a literature review and a theoretical model for understanding how it affects employee job performance

2021

Employee personal use of technology at work (PUTW)—defined as employees’ activities using organisational or personal IT resources for non-work-related purposes while at work—is increasingly common in organisations. Our review of existing PUTW studies (n = 137) suggests that previous studies widely discussed PUTW outcomes, antecedents, and policies. The literature review also indicates that previous studies have proposed opposing viewpoints regarding the effect of PUTW on employee job performance, but few studies offered empirical evidence. Consequently, the conditions under which PUTW can increase or decrease employee job performance have not been discussed. We develop a theoretical model (…

työtehoKnowledge managementliterature reviewLibrary and Information SciencestietotekniikkakäyttömobiililaitteetExecutive attentionUse of technologykäyttötutkimussuorituskykyInternetexecutive attentionbusiness.industrynon-work-related purposespersonal use of technology at workjob performanceWork (electrical)Job performancetask-switching costtechnologyusebusinessPsychologyhenkilökohtainen käyttöInformation Systemsjohtajat
researchProduct

Improving Password Memorability, While Not Inconveniencing the User

2019

Abstract Passwords are the most frequently used authentication mechanism. However, due to increased password numbers, there has been an increase in insecure password behaviors (e.g., password reuse). Therefore, new and innovative ways are needed to increase password memorability and security. Typically, users are asked to input their passwords once in order to access the system, and twice to verify the password, when they create a new account. But what if users were asked to input their passwords three or four times when they create new accounts? In this study, three groups of participants were asked to verify their passwords once (control group), twice, and three times (two experimental gr…

Software_OPERATINGSYSTEMSpassword security behaviorrepetitionComputer sciencepassword memorabilityHuman Factors and ErgonomicsComputer securitycomputer.software_genreEducationPassword strengthmuistaminenPasswordta113AuthenticationRepetition (rhetorical device)turvallisuusGeneral EngineeringsalasanatHuman-Computer InteractionComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSpassword securityHardware and Architectureuser conveniencekäyttäjäkokemuscomputerpassword verificationSoftwareInternational Journal of Human-Computer Studies
researchProduct

Errors and Complications in SQL Query Formulation

2018

SQL is taught in almost all university level database courses, yet SQL has received relatively little attention in educational research. In this study, we present a database management system independent categorization of SQL query errors that students make in an introductory database course. We base the categorization on previous literature, present a class of logical errors that has not been studied in detail, and review and complement these findings by analyzing over 33,000 SQL queries submitted by students. Our analysis verifies error findings presented in previous literature and reveals new types of errors, namely logical errors recurring in similar manners among different students. We…

Information managementlanguagesSQLkieli ja kieletGeneral Computer ScienceComputer scienceexercise designListing (computer)02 engineering and technologytietotekniikkaQuery languageDatabase designkyselykieletEducation020204 information systemsstandardointi0202 electrical engineering electronic engineering information engineeringComputingMilieux_COMPUTERSANDEDUCATIONerrorstietojenkäsittelycomputer.programming_languageComplement (set theory)inhimilliset tekijätta113query languagesstandardizationClass (computer programming)SQLInformation retrievalInformationSystems_DATABASEMANAGEMENT020207 software engineeringCategorizationvirheetcomputerhuman factors
researchProduct

Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations

2014

The information systems (IS) field continues to debate the relative importance of rigor and relevance in its research. While the pursuit of rigor in research is important, we argue that further effort is needed to improve practical relevance, not only in terms of topics, but also by ensuring contextual relevance. While content validity is often performed rigorously, validated survey instruments may still lack contextual relevance and be out of touch with practice. We argue that IS behavioral research can improve its practical relevance without loss of rigor by carefully addressing a number of contextual issues in instrumentation design. In this opinion article, we outline five guidelines – …

ta113Knowledge managementbusiness.industryComputer science05 social sciences02 engineering and technologyInformation securityLibrary and Information SciencesData scienceManagement information systems020204 information systems0502 economics and business0202 electrical engineering electronic engineering information engineeringContent validityInformation systemStrategic information systemSoft systems methodologyRelevance (information retrieval)Instrumentation (computer programming)business050203 business & managementInformation SystemsEuropean Journal of Information Systems
researchProduct

Research Perspectives: Reconsidering the Role of Research Method Guidelines for Interpretive, Mixed Methods, and Design Science Research

2021

Information systems (IS) scholars have proposed guidelines for interpretive, mixed methods, and design science research in IS. Because many of these guidelines have also been suggested for evaluating what good or rigorous research is, they may be used as a checklist in the review process. In this paper, we raise the question: To what extent do research guidelines for interpretive, mixed methods, and design science research offer evidence that they can be used to evaluate the quality of research. We argue that scholars can use these guidelines to evaluate what good research is if there is compelling evidence that they lead to certain good research outcomes. We use three well-known sets of gu…

mixed methodsNoticeComputer sciencebusiness.industrydesign sciencemetodologiaInternet privacyresearch guidelinestietojärjestelmätiedeDesign sciencePermissionComputer Science Applicationstheory of scientific methodologyServertutkimusmenetelmätInformation systemtieteenteoriainterpretive researchDesign science researchbusinessCitationPublicationInformation SystemsJournal of the Association for Information Systems
researchProduct

Demystifying beliefs about the natural sciences in information system

2020

Strategy and ManagementNatural scienceInformation systemEngineering ethicsSociologyLibrary and Information SciencesInformation SystemsJournal of Information Technology
researchProduct

On natural science beliefs in IS: Short comments to commentators

2020

Strategy and ManagementNatural scienceEnvironmental ethicsSociologyLibrary and Information SciencesInformation SystemsJournal of Information Technology
researchProduct

Reconsidering the Role of Research Method Guidelines for Qualitative, Mixed-methods, and Design Science Research

2019

Guidelines for different qualitative research genres have been proposed in information systems (IS). As these guidelines are outlined for conducting and evaluating good research, studies may be denied publication simply because they do not follow a prescribed methodology. This can result in “checkbox” compliance, where the guidelines become more important than the study. We argue that guidelines can only be used to evaluate what good research is if there is evidence that they lead to certain good research outcomes. Currently, the guidelines do not present such evidence. Instead, when it is presented, the evidence is often an authority argument or evidence of popularity with usability exampl…

Philosophy of sciencetoimintaohjeetdesign science researchtutkimusmenetelmätEngineering ethicsDesign science researchSociologytutkimusinformation systemsResearch methodQualitative researchtietojärjestelmät
researchProduct

Unauthorized copying of software and levels of moral development: a literature analysis and its implications for research and practice

2004

.  Several approaches for and against the unauthorized copying of software have been proposed. These approaches can be divided into two categories: moral reasoning and solution. These categories of approaches to unauthorized copying of software are scrutinized in the light of Kohlberg's theory of Cognitive Moral Development. The results suggest that most approaches presenting solutions to unauthorized copying of software have focused attention on the lower levels of moral development, while approaches at the highest stage are few and far between. No single approach covers all the stages of moral development. The implications of this analysis for practice and research are discussed.

CopyingComputingMilieux_THECOMPUTINGPROFESSIONComputer Networks and Communicationsbusiness.industryComputer ethicsInternet privacyComputingMilieux_LEGALASPECTSOFCOMPUTINGCognitionMoral reasoningSoftwareMoral developmentLawrence Kohlberg's stages of moral developmentbusinessPsychologySocial psychologySoftwareInformation SystemsInformation Systems Journal
researchProduct

The Primary Scientific Contribution is Hardly a Theory in Design Science Research

2021

Generally, to publish a paper in a top IS journal, making a new theory contribution is, so we are told, required. Such a requirement also exists in Design Science Research (DSR) literature. We review a number of claims about the necessity of theory as it applies to DSR. We find these claims wanting. For example, medical research and engineering are both called “design science” in (Simon 1996) Sciences of the Artificial. However, most articles in the top medical, computer engineering, and network engineering journals do not develop new theories. Unless the proponents of theories, as the primary vehicle of scientific DSR knowledge, can offer a satisfactory argument for why theories are the pr…

Primary outcomeArgumentbusiness.industryComputer sciencePrimary (astronomy)Network engineeringEngineering ethicsDesign science researchDesign sciencebusinessMedical researchPublication
researchProduct

Using the theory of interpersonal behavior to explain non-work-related personal use of the Internet at work

2013

Non-work-related personal use of the Internet within organizations has received increased attention from scholars. We increase previous understanding of this phenomenon by proposing a novel model based on the theory of interpersonal behavior (TIB). The TIB includes previous researched constructs (i.e., attitudes, social influence, and intentions) as well as emotional factors, habits, and different sources of social influence. Our results (N=238) suggest that the model well predicts the use of the Internet at work for non-work purposes. Our results shed new light on the influence of habit, affect, role, and self-concept in the use of the Internet.

ta113Information Systems and Managementbusiness.industrymedia_common.quotation_subjectAffect (psychology)Work relatedInterpersonal behaviorManagement Information SystemsWork (electrical)PhenomenonThe InternetHabitbusinessPsychologySocial psychologyInformation SystemsSocial influencemedia_commonInformation & Management
researchProduct

Too many passwords? How understanding our memory can increase password memorability

2018

Abstract Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related …

Software_OPERATINGSYSTEMSinformation securityComputer scienceInternet privacymetamemoryHuman Factors and ErgonomicsContext (language use)02 engineering and technologyEducationPassword strength020204 information systems0202 electrical engineering electronic engineering information engineering0501 psychology and cognitive sciencestietoturvaPassword psychology050107 human factorsmuisti (kognitio)human memoryta113PasswordAuthenticationmemorabilityCognitive passwordbusiness.industry05 social sciencesGeneral EngineeringsalasanatHuman-Computer InteractionComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSpassword securitytodentaminenHardware and ArchitectureauthenticationbusinessSoftwareInternational Journal of Human-Computer Studies
researchProduct

An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric

2015

Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of fear appeals have yielded mixed results, leading IS security scholars and practitioners to question the validity of the conventional fear appeal framework and the manner in which fear appeal behavioral modeling theories, such as protection motivation theory (PMT), have been applied to the study of information security phenomena. We contend that the conventional fear appeal rhetorical framework is inadequate when used in the context of information security t…

Information Systems and Managementbusiness.industryContext (language use)Information securityPublic relationsSecurity studiesAsset (computer security)Fear appealAppeal to fearComputer Science ApplicationsManagement Information SystemsRhetorical questionSanctionsPsychologybusinessInformation SystemsMIS Quarterly
researchProduct

Why is the hypothetico-deductive (H-D) method in information systems not an H-D method?

2020

Abstract The hypothetico-deductive (H-D) method is reported to be common in information systems (IS). In IS, the H-D method is often presented as a Popperian, Hempelian, or natural science method. However, there are many fundamental differences between what Popper or Hempel actually say and what the alleged H-D method per Hempel or per Popper means in IS. To avoid possible misunderstanding and conceptual confusion about the basic philosophical concepts, we explain some of these differences, which are not mentioned in IS literature describing the H-D model. Due to these distinctive differences, the alleged H-D method per Hempel or per Popper in IS cannot be regarded as the H-D model per Hemp…

Organizational Behavior and Human Resource ManagementPhilosophy of sciencePhilosophy05 social sciences02 engineering and technologyLibrary and Information SciencesDevelopment theoryManagement Information SystemsEpistemology020204 information systemsManagement of Technology and Innovation0502 economics and business0202 electrical engineering electronic engineering information engineeringInformation systemmedicineNatural scienceLimit (mathematics)medicine.symptom050203 business & managementInformation SystemsQualitative researchConfusionInformation and Organization
researchProduct

New insights into the problem of software piracy: The effects of neutralization, shame, and moral beliefs

2012

Software piracy is a major economic concern for organizations. Previous research indicates that neutralization, a form of rationalization, can help explain software piracy intentions. However, a knowledge gap exists in our understanding of which neutralization techniques most influence software piracy intention. To address this gap, we developed a model that explains the effects of neutralization techniques on software piracy intention. We included different types of deterrents (formal sanctions, shame, and moral belief) in our model because individuals may use neutralization techniques to mitigate feelings of guilt and shame, which, subsequently, reduce the deterrent effect. Our empirical …

Information Systems and Managementbusiness.industrymedia_common.quotation_subjectRationalization (psychology)AppealShameComputingMilieux_LEGALASPECTSOFCOMPUTINGPublic relationsManagement Information SystemsSoftwareFeelingSanctionsSociologybusinessSocial psychologyInformation Systemsmedia_commonInformation & Management
researchProduct

Employees’ adherence to information security policies: An exploratory field study

2014

The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from the Protection Motivation Theory, the Theory of Reasoned Action, and the Cognitive Evaluation Theory. We validated the model by using a sample of 669 responses from four corporations in Finland. The SEM-based results showed that perceived severity of potential information security threats, employees' belief as to whether they can apply and adhere to information security policies, perceived vulnerability to potential security threats, employees…

ta113Cognitive evaluation theoryInformation Systems and Managementbusiness.industryInformation securityPublic relationsSecurity policyManagement Information SystemsThreatTheory of reasoned actionInformation security managementInformation security standardsSecurity managementBusinessMarketingInformation SystemsInformation & Management
researchProduct

Can individuals’ neutralization techniques be overcome? A field experiment on password policy

2020

Individuals’ lack of adherence to password security policy is a persistent problem for organizations. This problem is especially worrisome because passwords remain the primary authentication mechanism for information systems, and the number of passwords has been increasing. For these reasons, determining methods to improve individuals’ adherence to password-security policies constitutes an important issue for organizations. Extant research has shown that individuals use neutralization techniques, i.e., types of rationalizations, to disregard organizational information-security policies. What has not been determined from extant information security research is whether these neutralizations c…

PasswordAuthenticationPassword policyGeneral Computer Scienceinformation securitybusiness.industryComputer scienceInternet privacytietoturvapolitiikka020206 networking & telecommunicationsContext (language use)02 engineering and technologyInformation securityneutralizationsalasanatpasswordsAuthentication (law)Password strengthinformation security policy0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingtietoturvabusinesshenkilöstökoulutusLawComputers & Security
researchProduct

Unauthorized copying of software

2007

Computer users copy computer software - this is well-known. However, less well-known are the reasons why some computer users choose to make unauthorized copies of computer software. Furthermore, the relationship linking the theory and the practice is unknown, i.e., how the attitudes of ordinary end-users correspond with the theoretical views of computer ethics scholars. In order to fill this gap in the literature, we investigated the moral attitudes of 249 Finnish computing students towards the unauthorized copying of computer software, and we then asked how these results compared with the theoretical reasons offered by computer ethics scholars. The results shed a new light on students' mor…

CopyingComputingMilieux_THECOMPUTINGPROFESSIONbusiness.industryComputer scienceComputer ethicsPublic relationsIntellectual propertyComputer usersSoftwareEmpirical researchOrder (business)Computer softwareGeneral Earth and Planetary SciencesbusinessGeneral Environmental ScienceACM SIGCAS Computers and Society
researchProduct

Effects of sanctions, moral beliefs, and neutralization on information security policy violations across cultures

2020

Abstract A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies using this theory have produced mixed results. Past research has indicated that cultural differences may be one reason for these inconsistent findings and have hence called for cross-cultural research on deterrence in information security. To address this gap, we formulated a model including deterrence, moral beliefs, shame, and neutralization techniques and tested it with the employees from 48 countries working for a large multinational company.

Information Systems and Managementmedia_common.quotation_subjectPrincipal (computer security)030508 substance abuseShame02 engineering and technologyInformation securityManagement Information Systems03 medical and health sciencesMultinational corporation020204 information systemsCultural diversity0202 electrical engineering electronic engineering information engineeringSanctionsInformation security policyDeterrence theoryBusiness0305 other medical scienceInformation SystemsLaw and economicsmedia_commonInformation & Management
researchProduct

Short-Time Non-work-related Computing and Creative Performance

2014

It has been argued that non-work-related computing (NWRC) takes time away from work and, hence, decreases work productivity. On the other hand, it has also been claimed that short-time non-work-related computing (STNWRC) (a maximum of 15 minutes), has a positive impact on work productivity, including relief from boredom, higher creativity, and the underlying recovery mechanisms. To examine the impact of STNWRC on creative performance, we draw on Fredrickson's broaden-and-build theory, the concept of recovery with mental well-being and low cognitive effort. A 2 × 2 factorial experiment with 40 subjects was conducted. The results indicate that STNWRC has a positive effect on creative performa…

ta113media_common.quotation_subjectMental fatigueApplied psychologyCognitive effortBoredomCreativityWork relatedWork (electrical)Post-hoc analysismedicineOperations managementmedicine.symptomPsychologyProductivitymedia_common2014 47th Hawaii International Conference on System Sciences
researchProduct

End-user ethics teaching: issues and a solution based on universalization

2005

The ethical aspects of computing have gained increasing attention at the professional level of education in universities. As a result, several works have been produced relating to computer ethics education at this level. However, the ever-increasing role and usage of computer technology means that ethical education related to computing is also necessary for non-professional/non-major computing/information systems students. Due to the differences between professional and non-professional education in terms of substance, along with pragmatic reasons (e.g. lack of resources), the ordinary end-users need a different educational program. This paper first explores issues (i.e. challenges and prob…

Knowledge managementComputingMilieux_THECOMPUTINGPROFESSIONbusiness.industryEnd userComputer scienceComputer ethicsEducational technologyUniversalizationEnd-user computingInformation ethicsInformation systemEngineering ethicsbusinessEducational programProceedings of the 34th Annual Hawaii International Conference on System Sciences
researchProduct

Executives' Commitment to Information Security

2020

Two aspects of decision-making on information security spending, executives' varying preferences for how proposals should be presented and the framing of the proposals, are developed. The proposed model of executives' commitment to information security is an interaction model (in addition to the cost of a security solution, and the risk and the potential loss of a security threat) consisting of the interaction between an executive's preferred subordinate influence approach (PSIA), rational or inspirational, and the framing, positive or negative, of a security proposal. The interaction of these two constructs affects the executive's commitment to an information security proposal. The model i…

Security solutionComputer Networks and Communications05 social sciencesInformation securityCognitive biasManagement Information SystemsProspect theoryFraming (construction)0502 economics and businessResource allocationNormative050211 marketingBusinessMarketing050203 business & managementACM SIGMIS Database: the DATABASE for Advances in Information Systems
researchProduct

Attitudes to and factors affecting unauthorized copying of computer software in Finland

2005

Several quantitative studies have sought to determine the factors affecting the unauthorized copying of software, particularly in North America. However, we find no statistically reliable studies on the situation in Europe. In order to address this gap in the literature, we explored the attitudes to and factors affecting the unauthorized copying of computer software of 249 Finnish university students: nine hypotheses derived from the existing research on unauthorized copying of computer software or theories of ethics were tested. A quantitative questionnaire was used as the research instrument. The results shed new light on the characteristics of users and factors affecting the unauthorized…

CopyingInfluence factorbusiness.industryInternet privacyGeneral Social SciencesComputingMilieux_LEGALASPECTSOFCOMPUTINGHuman-Computer InteractionSoftwareArts and Humanities (miscellaneous)Computer softwareDevelopmental and Educational PsychologyPsychologybusinessSocial psychologyBehaviour & Information Technology
researchProduct

Protection Motivation Theory in Information Systems Security Research

2021

Protection motivation theory (PMT) is one of the most commonly used theories to examine information security behaviors. Our systematic review of the application of PMT in information systems (IS) security and the comparison with its application for decades in psychology identified five categories of important issues that have not yet been examined in IS security research. Discussing these issues in terms of why they are relevant and important for IS security, and to what extent IS research has not considered them, offers new research opportunities associated with the study of PMT and IS security threats. We suggest how future studies can approach each of the open issues to provide a new roa…

Future studiesKnowledge managementthreat messageliterature reviewkäyttäjätComputer Networks and CommunicationsuhatInformation systems securityasenteet02 engineering and technologyProtection Motivation TheoryManagement Information Systemssuojelumotivaaatioteoria020204 information systems0502 economics and business0202 electrical engineering electronic engineering information engineeringIs securityInformation systemRoad maptietoturvasuojelutietojärjestelmätbehavioral IS securitybusiness.industry05 social sciencesInformation securityIS security threatFear appealProtection motivation theoryfear appeal050211 marketingbusinessACM SIGMIS Database: the DATABASE for Advances in Information Systems
researchProduct

IS Security Policy Violations

2012

Employee violations of IS security policies are reported as a key concern for organizations. Although behavioral research on IS security has received increasing attention from IS scholars, little empirical research has examined this problem. To address this research gap, the authors test a model based on Rational Choice Theory RCT-a prominent criminological theory not yet applied in IS-which explains, in terms of a utilitarian calculation, an individual's decision to commit a violation. Empirical results show that the effects of informal sanctions, moral beliefs, and perceived benefits convincingly explain employee IS security policy violations, while the effect of formal sanctions is insig…

IS security policiesCritical security studiesStrategy and ManagementRational choice theoryIS security complianceCommitdeterrence theoryComputer Science ApplicationsTest (assessment)IS securityHuman-Computer InteractionEmpirical researchInformation security standardsrational choice theoryEconomicsIs securitySanctionsPositive economicsSocial psychologyJournal of Organizational and End User Computing
researchProduct

Understanding the inward emotion-focused coping strategies of individual users in response to mobile malware threats

2021

According to coping theory, individuals cope with information system threats by adopting either problem-focused coping (PFC) or emotion-focused coping (EFC). However, little is known about EFC in the information security (ISec) literature. Moreover, there is potential confusion regarding the meaning of some EFC strategies. Hence, ISec scholars and practitioners may (i) have a narrow view of EFC or (ii) confuse it with other concepts. In this study, we offer one response to this issue. We first address the ambiguity regarding EFC before differentiating five inward EFC strategies and assessing them empirically in the mobile malware context. To the best of our knowledge, this study is the firs…

Coping (psychology)vaikutuksetApplied psychologyuhatasenteetMobile malwareCoping theoryArts and Humanities (miscellaneous)tunteetDevelopmental and Educational PsychologyInformation systemtietoturvariskittietojärjestelmättorjuntaturvallisuusEmotion focusedprotection motivation theoryselviytyminenGeneral Social SciencestietoturvakäyttäytyminenHuman-Computer InteractionhaittaohjelmatProtection motivation theoryinformation security behaviourPsychologyinward emotion-focused copingcoping theory
researchProduct

Omission of Quality Software Development Practices : A Systematic Literature Review

2018

Software deficiencies are minimized by utilizing recommended software development and quality assurance practices. However, these recommended practices (i.e., quality practices) become ineffective if software professionals purposefully ignore them. Conducting a systematic literature review (n = 4,838), we discovered that only a small number of previous studies, within software engineering and information systems literature, have investigated the omission of quality practices. These studies explain the omission of quality practices mainly as a result of organizational decisions and trade-offs made under resource constraints or market pressure. However, our study indicates that different aspe…

General Computer ScienceComputer scienceProcess (engineering)korjausvelkamedia_common.quotation_subjectsoftware managementohjelmistotuotantoammattietiikka02 engineering and technologyTheoretical Computer Science020204 information systemsPhenomenon0202 electrical engineering electronic engineering information engineeringInformation systemQuality (business)informational systems developmentmedia_commontietojärjestelmätbusiness.industrySoftware development020207 software engineeringlaatulaadunvarmistusystematic literature reviewsohjelmistosuunnitteluSystematic reviewRisk analysis (engineering)technical debtTechnical debtbehavioral software engineeringbusinessohjelmistokehitysQuality assurance
researchProduct

Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures

2020

A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies using this theory have produced mixed results. Past research has indicated that cultural differences may be one reason for these inconsistent findings and have hence called for cross-cultural research on deterrence in information security. To address this gap, we formulated a model including deterrence, moral beliefs, shame, and neutralization techniques and tested it with the employees from 48 countries working for a large multinational company. peerReviewed

deterrencekansainväliset yrityksetinformation securityshameorganisaatiottietoturvapolitiikkaneutralizationrikkomuksetmoraalikulttuurienvälinen tutkimusnational culturekulttuurierotmoral beliefsinformation security policy violationstietoturvakansallinen kulttuuri
researchProduct