Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed.
In recent years, several organizations have implemented nonmandatory information and communication systems that escape the conventional behavioral logic of understanding acceptance and usage from a normative perspective of compliance with the beliefs of others. Because voluntary systems require users' volitional behavior, researchers have traced recent implementation failures to a lack of user commitment. However, gaps in our understanding of volitional usage behavior and user commitment have made it difficult to advance theory, research, and practice on this issue. To validate a proposed research model, cross-sectional, between-subjects, and within-subjects field data were collected from 714 users at the time of initial adoption and after six months of extended use. The model explained between 44.1 percent and 58.5 percent of the variance in adoption and usage behavior based upon direct effects of user commitment. Findings suggest that user commitment plays a critical role in the volitional acceptance and usage of such systems. Affective commitment--that is, internalization and identification based upon personal norms--exhibits a sustained positive influence on usage behavior. In contrast, continuance commitment--that is, compliance based upon social norms--shows a sustained negative influence from initial adoption to extended use. Theory development based upon Kelman's social influence framework offers new empirical insights about system users' commitment and how it affects volitional usage behavior.
From a broad perspective, our research can be viewed as investigating the fit of technology to task, the user's view of the fit between technology and task, and the relative importance of each to problem-solving or decision-making performance. The technology investigated in this research is the mode of information presentation. Although there has been a considerable amount of research into problem solving using graphs and tables, until recently the circumstances in which each is more effective have been largely unresolved. Recent research has suggested that performance benefits accrue when cognitive fit occurs, i.e., when factors such as the problem representation and problem solving tools match the characteristics of the task. In this paper, we investigate the effects of the basic paradigm of cognitive fit and extensions to the paradigm in a laboratory experiment that examined the nature of subjects' mental representations as well as problem-solving performance. The experiment, using 128 MBA students in two identical, repeated measures designs, produced the following results: • Performance improved markedly for symbolic tasks when the problem representation matched the task • Performance effects also resulted from matching specific problem-solving skills to the problem representation and the task, and to a lesser extent when the skills matched the task alone. • The incremental effects of matching skills to the problem representation and/or the task were small compared with the primary effects of cognitive fit-that of matching problem representation to task. • A large proportion of problem solvers have insight into the concept of supporting tasks with certain types of problem representation and vice versa. • Participants preferred to use tables rather than graphs; they also preferred to solve symbolic rather than spatial problems. • Finally, the problem representation more significantly influenced the mental representation than did task conceptualization. This research suggests that providing decision support systems to satisfy individual managers' desires will not have a large effect on either the efficiency or the effectiveness of problem solving. Designers should, instead, concentrate on determining the characteristics of the tasks that problem solvers must address, and on supporting those tasks with the appropriate problem representations and support tools. Sufficient evidence now exists to suggest that the notion of cognitive fit may be one aspect ofa general theory of problem solving. Suggestions are made for extending the notion of fit to more complex problem-solving environments.