The dramatic increase in social media use has challenged traditional social structures and shifted a great deal of interpersonal communication from the physical world to cyberspace. Much of this social media communication has been positive: Anyone around the world who has access to the Internet has the potential to communicate with and attract a massive global audience. Unfortunately, such ubiquitous communication can be also used for negative purposes such as cyberbullying, which is the focus of this paper. Previous research on cyberbullying, consisting of 135 articles, has improved the understanding of why individualsÑmostly adolescentsÑengage in cyberbullying. However, our study addresses two key gaps in this literature: (1) how the information technology (IT) artifact fosters/inhibits cyberbullying and (2) why people are socialized to engage in cyberbullying. To address these gaps, we propose the social media cyberbullying model (SMCBM), which modifies Akers' [Akers RL (2011) Social Learning and Social Structure: A General Theory of Crime and Deviance, 2nd ed. (Transaction Publishers, New Brunswick, NJ)] social structure and social learning model. Because Akers developed his model for crimes in the physical world, we add a rich conceptualization of anonymity composed of five subconstructs as a key social media structural variable in the SMCBM to account for the IT artifact. We tested the SMCBM with 1,003 adults who have engaged in cyberbullying. The empirical findings support the SMCBM. Heavy social media use combined with anonymity facilitates the social learning process of cyberbullying in social media in a way that fosters cyberbullying. Our results indicate new directions for cyberbullying research and implications for anticyberbullying practices.
Fear appeals, which are used widely in information security campaigns, have become common tools in motivating individual compliance with information security policies and procedures. However, empirical assessments of the effectiveness of fear appeals have yielded mixed results, leading IS security scholars and practitioners to question the validity of the conventional fear appeal framework and the manner in which fear appeal behavioral modeling theories, such as protection motivation theory (PMT), have been applied to the study of information security phenomena. We contend that the conventional fear appeal rhetorical framework is inadequate when used in the context of information security threat warnings and that its primary behavioral modeling theory, PMT, has been misspecified in the extant information security research. Based on these arguments, we propose an enhanced fear appeal rhetorical framework that leverages sanctioning rhetoric as a secondary vector of threats to the human asset, thereby adding the dimension of personal-relevance threat, which is critically absent from previous fear appeal frameworks and PMT-grounded security studies. Following a hypothetical scenario research approach involving the employees of a Finnish city government, we validate the efficacy of the enhanced fear appeal framework and determine that informal sanction rhetoric effectively enhances conventional fear appeals, thus providing a significant positive influence on compliance intentions.
An introduction is presented for this issue which includes articles about information security in a digital economy, research methodology evaluation, and computer security.
Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior. In doing so, we propose a theoretical model in which the effects of neutralization techniques are tested alongside those of sanctions described by deterrence theory. Our empirical results highlight neutralization as an important factor to take into account with regard to developing and implementing organizational security policies and practices.
Employee noncompliance with information systems security policies is a key concern for organizations. If users do not comply with IS security policies, security solutions lose their efficacy. Of the different IS security policy compliance approaches, training is the most commonly suggested in the literature. Yet, few of the existing studies about training to promote IS policy compliance utilize theory to explain what learning principles affect user compliance with IS security policies, or offer empirical evidence of their practical effectiveness. Consequently, there is a need for IS security training approaches that are theory-based and empirically evaluated. Accordingly, we propose a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model. We then validate the training program for IS security policy compliance training through an action research project. The action research intervention suggests that the theory-based training achieved positive results and was practical to deploy. Moreover, the intervention suggests that information security training should utilize contents and methods that activate and motivate the learners to systematic cognitive processing of information they receive during the training. In addition, the action research study made clear that a continuous communication process was also required to improve user IS security policy compliance. The findings of this study offer new insights for scholars and practitioners involved in IS security policy compliance.