Intervention Effect Rates as a Path to Research Relevance : Information Systems Security Example

In the current information systems security (ISS) research, new theory contributions are especially valued. This research typically reflects the following formula: Suggest a new theory (or set of constructs) of ISS and show that it is empirically supported, then suggest another new theory (or set of constructs with some linkages) and show that it is empirically supported, and so on. Despite the merits of this approach, it leaves out many important scientific aspects. For example, after more than 30 years of ISS research, (1) we know little about the conditions and situations to which new theories (or constructs) do not apply; (2) we do not know which new theories are more effective than oth…

A Design Theory for Secure Information Systems Design Methods

Many alternative methods for designing secure information systems (SIS) have been proposed to ensure system security. However, within all the literature on SIS methods, there exists little theoretically grounded work that addresses the fundamental requirements and goals of SIS design. This paper first uses design theory to develop a SIS design theory framework that defines six requirements for SIS design methods, and second, shows how known SIS design methods fail to satisfy these requirements. Third, the paper describes a SIS design method that does address these requirements and reports two empirical studies that demonstrate the validity of the proposed framework. peerReviewed

Introduction to the Minitrack on Advances in Design Science Research