End users are said to be "the weakest link" in information systems (IS) security management in the workplace. They often knowingly engage in certain insecure uses of IS and violate security policies without malicious intentions. Few studies, however, have examined end user motivation to engage in such behavior. To fill this research gap, in the present study we propose and test empirically a nonmalicious security violation (NMSV) model with data from a survey of end users at work. The results suggest that utilitarian outcomes (relative advantage for job performance, perceived security risk), normative outcomes (workgroup norms), and self-identity outcomes (perceived identity match) are key determinants of end user intentions to engage in NMSVs. In contrast, the influences of attitudes toward security policy and perceived sanctions are not significant. This study makes several significant contributions to research on security-related behavior by (1) highlighting the importance of job performance goals and security risk perceptions on shaping user attitudes, (2) demonstrating the effect of workgroup norms on both user attitudes and behavioral intentions, (3) introducing and testing the effect of perceived identity match on user attitudes and behavioral intentions, and (4) identifying nonlinear relationships between constructs. This study also informs security management practices on the importance of linking security and business objectives, obtaining user buy-in of security measures, and cultivating a culture of secure behavior at local workgroup levels in organizations.
To compete in a highly dynamic marketplace, firms must frequently adapt and align their competitive strategies and information systems. The dominant literature on the strategic fit of a firm's information systems focuses primarily on high-level measures of the strategic fit of a firm's overall IS portfolio and the impact of fit on business performance. This paper addresses the need for a more fine-grained approach for assessing the specific areas of misfit between a firm's competitive strategies and IS capabilities. We describe the design and evaluation of a multilevel strategic fit (MSF) measurement model that enables researchers and practitioners to measure the strategic fit of a firm's information systems at both an overall and a detailed level. The steps in the model include identifying the relevant IS capabilities according to the type of system; measuring the current level of support for each capability using a capabilities instrument; identifying the ideal level of support for each capability using an adaptation of Conant et al.'s (1990) instrument to assess strategic archetype; and comparing the ideal and realized level of support for each capability. Evidence from a multiple case study analysis indicates that the fine-grained assessment of strategic fit can strengthen the validity, utility, and ease of corroboration of the strategic fit measurement outputs. The paper also demonstrates how an iterative design science research approach, with its emphasis on evaluating the utility of prototype artifacts, is well suited to developing field-tested and theoretically grounded measurement models and instruments that are accessible to practitioners. This focus on practical utility in turn provides researchers with results that can be more readily corroborated, thus improving the quality and usefulness of the research findings.
High-quality customer service is an integral part of any successful enterprise, but providing it can be a challenge for online merchants, especially when customers are complaining about each other. This study examines how justice and trust affect user acceptance of e-customer services by conducting an online experiment involving 380 participants. The results suggest that trust in the e-customer service fully mediates the effects of trust in the service representative and procedural justice on intentions to reuse the e-customer service. Furthermore, the effect of distributive justice on trust in the e-customer service was fully mediated by trust in the e-service representative. Finally, the effect of informational justice on user intentions to reuse the e-customer service was partially mediated by trust in the service representative and trust in the e-customer service. Theoretical and practical implications are further discussed.