Information security (IS) threats are increasingly pervasive, and search engines are being used by the public as the primary tool for searching for relevant information. This research investigates the following two questions: (1) How can different IS threats be characterized and distinguished in terms of their risk characteristics? and (2) how are risk characteristics related to public searches for information on IS threats? Applying psychometric analysis, our analyses of survey data first show that unknown risk and dread risk are two underlying dimensions that can characterize different IS threats. Drawing broadly on the literature of information foraging theory, we examine the influence of risk characteristics on public searches for information on these threats. We utilize a search engine log to extract searches related to IS threats. We develop and estimate a system of equations with correlated individual-specific error terms using the Markov Chain Monte Carlo method. We find that the two risk characteristics exert differential impacts on information search behavior (including types of information sought, number of pages viewed, and length of query). The implications for IS research and practice are discussed.
This paper examines how an individual's disaster experience affects his or her perceptions of sociotechnical safety factors (risk, information assurance, resilience) and perceived usefulness of hospital information systems (HIS). This paper consists of two studies focusing on different aspects: a quasi-field experiment conducted with employees in three hospitals affected by a severe snowstorm (labeled a federal disaster) (N = 103), where we compare the perceptual factors in the context of the disaster experience (with versus without recall), and a comparative study between a first sample group (with disaster experience) and a second, contrast sample group (with no disaster experience) of hospital employees (N= 179) from two similar hospitals. The results show that the disaster experience changes the relationships among the perceptual factors that affect perceived usefulness. Individuals tend to perceive negative factors (such as risk) as having greater effects when they actually have direct experience in a disaster situation than in a normal situation. Positive factors (such as information assurance and resilience) have a lesser impact among individuals who have disaster experience (with versus without recall).
Post-analyses of major extreme events reveal that information sharing is critical for effective emergency response. The lack of consistent data standards for current emergency management practice, however, hinders efficient critical information flow among incident responders. In this paper, we adopt a third-generation activity theory guided approach to develop a data model that can be used in the response to fire-related extreme events. This data model prescribes the core data standards to reduce information inter operability barriers. The model is validated through a three-step approach including a request for comment (RFC) process, case application, and prototype system test. This study contributes to the literature in the area of interoperability and data modeling; it also informs practice in emergency response system design.
Recent extreme events show that Twitter, a micro-blogging service, is emerging as the dominant social reporting tool to spread information on social crises. It is elevating the online public community to the status of first responders who can collectively cope with social crises. However, at the same time, many warnings have been raised about the reliability of community intelligence obtained through social reporting by the amateur online community. Using rumor theory, this paper studies citizen-driven information processing through Twitter services using data from three social crises: the Mumbai terrorist attacks in 2008, the Toyota recall in 2010, and the Seattle café shooting incident in 2012. We approach social crises as communal efforts for community intelligence gathering and collective information processing to cope with and adapt to uncertain external situations. We explore two issues: (1) collective social reporting as an information processing mechanism to address crisis problems and gather community intelligence, and (2) the degeneration of social reporting into collective rumor mills. Our analysis reveals that information with no clear source provided was the most important, personal involvement next in importance, and anxiety the least yet still important rumor causing factor on Twitter under social crisis situations.
Blogs have emerged as an innovative tool for sharing information and knowledge, and they command significant interest from information technology (IT) users as well as providers. Our study establishes a research framework to provide an understanding of the factors affecting knowledge sharing among bloggers in online social networks. The research results indicate that bloggers' trust, strength of social ties, and reciprocity all have a positive effect on their knowledge-sharing behavior. Further, the impact of each factor on such behavior varies by gender. Our results provide evidence that offline expected social norms tend to persist in the online blogosphere and that gender differences need to be considered as a significant factor in understanding the IT usage behavior in the context of social capital theory. For IT managers and blog service providers, our results also highlight the importance of being gender aware in an effort to elicit participation from all constituent members for the successful adoption and usage of blogs as a knowledge-sharing mechanism.
An introduction is presented for this issue which includes articles about information security in a digital economy, research methodology evaluation, and computer security.
Trust and satisfaction are essential ingredients for successful business relationships in business-to-consumer electronic commerce. Yet there is little research on trust and satisfaction in e-commerce that takes a longitudinal approach. Drawing on three primary bodies of literature, the theory of reasoned action, the extended valence framework, and expectation-confirmation theory, this study synthesizes a model of consumer trust and satisfaction in the context of e-commerce. The model considers not only how consumers formulate their prepurchase decisions, but also how they form their long-term relationships with the same website vendor by comparing their prepurchase expectations to their actual purchase outcome. The results indicate that trust directly and indirectly affects a consumer's purchase decision in combination with perceived risk and perceived benefit, and also that trust has a longer term impact on consumer e-loyalty through satisfaction. Thus, this study extends our understanding of consumer Internet transaction behavior as a three-fold (prepurchase, purchase, and postpurchase) process, and it recognizes the crucial, multiple roles that trust plays in this process. Implications for theory and practice as well as limitations and future directions are discussed.
Information security investment has been getting increasing attention in recent years. Various methods have been proposed to determine the effective level of security investment. However, traditional expected value methods (such as annual loss expectancy) cannot fully characterize the information security risk confronted by organizations, considering some extremal yet perhaps relatively rare cases in which a security failure may be critical and cause high losses. In this research note we introduce the concept of value-at-risk to measure the risk of daily losses an organization faces due to security exploits and use extreme value analysis to quantitatively estimate the value at risk. We collect a set of internal daily activity data from a large financial institution in the northeast United States and then simulate its daily losses with information based on data snapshots and interviews with security managers at the institution. We illustrate our methods using these simulated daily losses. With this approach, decision makers can make a proper investment choice based on their own risk preference instead of pursuing a solution that minimizes only the expected cost.
An enterprise information portal (EIP) is viewed as a knowledge community. Activity theory provides a framework to study such a community: members of an EIP conduct specific tasks that are assigned through a division of labor. Each member of an enterprise information portal can undergo three distinct types of learning processes: learning-by-investment, learning-by-doing, and learning-from-others. Through these three types of learning processes, each member achieves specialized knowledge that is related to his or her own task. Cumulative knowledge resulting from the learning processes is considered in terms of two distinct attributes: depth and breadth of knowledge. This paper formulates a mathematical model and defines the goal of an EIP member as maximizing the net benefits of knowledge resulting from individual investment and effort. Numerical examples are provided to analyze patterns of optimal investment and effort plans as well as the resulting accumulated knowledge. The results provide useful managerial implications. In business conditions characterized by high interest rates or high internal rate of returns, it is preferable for members to delay spending their resources for learning. Intensive investment and efforts to obtain knowledge are preferable when the discount rate of costs is high, when knowledge is durable, when the value of knowledge is high, when the initial level of knowledge is high, when the productivity of the learning process is high, and when sufficient knowledge is transferred from other members. On the other hand, the size of the EIP has a positive or negative effect depending on the attribute of knowledge and the productivity of teaming processes. Further properties of the optimal decisions and learning processes are analyzed and discussed.
This paper conducts a two-period dynamic analysis of sourcing mode choices for e-commerce projects implemented by large firms during 1999-2002. We differentiate e-commerce assets that are the focus of a sourcing decision in terms of whether they are in the growth or maturity stages. We also consider hybrid governance mechanisms, such as minority equity arrangements, as a potential sourcing mode in addition to the conventional distinction between insourcing (i.e.. hierarchical governance) and outsourcing (i.e., market governance). The rapid evolution in e-commerce technologies and their markets during this period allows us to test whether asset maturity plays any role in sourcing decisions. Results indicate that when the strategic intent of an e-commerce project is more business focused during the growth phase, hybrid governance is preferred over hierarchical governance for sourcing of e-commerce assets. Strategic intent is found not to influence sourcing mode choices during the technology/market maturity phase. Hierarchical governance is the preferred sourcing mode during the growth phase, when task complexity is high. For managing task complexity, as technologies and their markets mature, both hierarchical and hybrid governance modes become preferable to the market governance mode.
This paper develops a perspective to modeling team processes by drawing on concepts from team theory, and the informational processing and organizational paradigms. In such a perspective, humans and their interactions in a team are modeled as objects in a computerized environment. The behavior of the objects are specified in terms of the executable programs. A simulation testbed is described. Various information structures for team decision making in an example financial domain are examined. Questions regarding the relationship between information structure (who (knows) what, when, and how (the information is used)) and team performance are studied for the example. Thus this study can be seen as a step in the translation of behavioral and normative viewpoints of team decision making into a computational framework. The results indicate that there are complex relationships between information structure and team performance. The conventional wisdom relating improved performance to more information is not always true. The experiments demonstrate several situations of team interaction where more information can lead to dysfunctional effects.
Outsourcing is the contracting of various information systems' sub- functions by user firms to outside information systems vendors. A critical factor in the outsourcing process is the bidding and vendor selection mechanism. This paper describes the process of outsourcing and identifies the various stages involved. Subsequently, considering that cost reduction is a driving force of outsourcing for user-firms, this paper proposes a bidding mechanism to reduce expected outsourcing costs in the final bidding and vendor selection process. The paper studies outsourcing contracts of routine and repetitive activities such as maintenance and operation of telecommunication networks. A realistic scenario is studied, wherein multiple vendors bid for such contracts and where one vendor has cost and expertise advantages over other vendors and as a result tends to inflate bids. A mixed integer programming model is formulated for a multiple vendor scenario. In general, the results suggest a prescription that calls for the use of "carrot and stick" policies by the user firm. Subsidies (the carrot) need to be used as incentives for bidders to announce their most competitive bids. In addition, penalties (the stick) have to be levied in order to pressure bidders not to bid high.