Information Privacy

MISQ logoResearch Curation

MISQ Research Curation Teams are invited by the Editor-in-Chief to develop a curation in close collaboration with the EIC and Research Curations Editor. Each curation undergoes an iterative development process before it is released. As a living document, each curation will be updated as new, relevant publications appear in MISQ.

Last updated: May 2017
Download the PDF: MISQ Information Privacy Curation pdf
View the Infographic

Information Privacy Research Curation Team:
Aleš Popovič (University of Ljubljana)
H. Jeff Smith (Miami University)
James Y.L. Thong (Hong Kong University of Science and Technology)
Sunil Wattal (Temple University)

1. Focus of the Research Curation

This curation highlights the 22 articles with a primary focus on information privacy that have been published in MIS Quarterly (see Table 1). Almost all of the definitions of information privacy in these articles have relied on the concept of a data subject’s control of information about himself or herself, and we embrace such a definition here: “the ability of the individual to personally control information about one’s self” (Awad and Krishnan 2006; Smith et al 1996). Note that Bélanger and Crossler (2011) offered definitions of information privacy concerns (distinct from, but obviously related to, definitions of information privacy itself) at the group, organizational, and societal levels.

Note that we distinguish information privacy, the focus of this curation, from physical privacy, which is associated with physical access and boundaries thereto. The articles deal with methodological approaches, theoretical issues, and qualitative or quantitative research. The goal of this curation is to offer a starting point for future research on information privacy. Although some articles that mention privacy as a derivative construct appear in the other curations (e.g., security), for scoping purposes, this curation highlights those publications in which information privacy is considered to be the central focus in the proposed model, hypotheses, or overall study. The curation, furthermore, excludes articles in which information privacy is used as part of another construct or in which information privacy is used as a synonym for other associated concepts.

2. Progression of Research in MIS Quarterly

Temporally, the first two papers in this curation (Mason 1986; Straub Jr and Collins 1990) are best viewed as “motivation” regarding the topic of information privacy as it fits in the information systems discipline, but the responses to calls for privacy-related research emerged somewhat slowly in the pages of MIS Quarterly. The first empirical study to focus primarily on privacy was Culnan (1993), which was followed by what has since proven to be an enabling event for many empirical studies: Smith et al. (1996), which validated the “concern for information privacy” instrument. Only one other privacy-focused paper appeared during the 1990s: Webster (1998) provided empirical evidence regarding employees’ unawareness of privacy controls and the manner in which their privacy concerns drove their wariness regarding videoconferencing.

The next collection of papers on information privacy appeared between 2006 and 2009. These papers examined privacy in the online context. Awad and Krishnan (2006) found that online consumers who value information transparency are less willing to be profiled online for personalized services/advertisement by websites. Hui et al. (2007) conducted a field experiment to investigate the values of two types of privacy assurance mechanisms (i.e., privacy statement vs. privacy seals) in encouraging online disclosure of personal information. Pavlou et al. (2007) found information privacy concerns to be one of the four antecedents to perceived uncertainty in online buyer-seller relationships. Son and Kim (2008) examined the effects of information privacy concerns on six types of user responses to information privacy threats. Angst and Agarwal (2009) found that an individual’s concern for information privacy can interact with argument framing and issue involvement to influence attitude toward use of electronic health records, and allowing their personal information to be digitized. Finally, Culnan and Williams (2009) argued that firms should combine a concern for the law with an emphasis on organizational privacy programs to enhance firms’ privacy behavior.

In the next collection of papers, three specifically examined the state of information privacy research to date Smith et al. (2011) provided an interdisciplinary review of privacy-related research to facilitate a more cohesive treatment of the topic. Bélanger and Crossler (2011) provided important insights about information privacy research in IS field regarding the nature of the information privacy concept, the contributions of existing research, and sampling involved. Pavlou (2011) assessed the state of the IS literature on information privacy and identified promising research directions for advancing IS research on information privacy. Ayyagari et al. (2011) surveyed over 600 working professionals and found that individuals’ perception of invasion of privacy did not significantly relate to strain at work. Lee et al. (2011) found that privacy protection can work as a competition-mitigating mechanism by generating asymmetry in the consumer segments to which firms offer personalization, enhancing the profit extraction abilities of the firms.

The literature following the publication of three review articles on information privacy in 2011 attempted to expand the frontiers of research in this area. Hong and Thong (2013) analyzed the information privacy construct and its factor structure to resolve discrepancies between various conceptualizations of Internet Privacy Concerns (IPC) in prior literature. Sutanto et al. (2013) examined the personalization-privacy tradeoff in the context of smartphone applications and examined the impact of privacy on process and content gratification. Kane et al. (2014) explored privacy in the context of online social networks and suggested how the unique characteristics of these social networks present challenges and opportunities for privacy research. Li and Sarkar (2014) discussed the inherent risks of using regression to analyze data and how privacy can be compromised by these analytics techniques. They propose a new method called digression to take privacy into cognizance while building a regression model. Kohli et al. (2016) suggested that privacy concerns are a key factor in the adoption of Electronic Health Record (EHR) systems and that traditional concepts in privacy such as privacy calculus and psychological ownership need to be re-examined in the context of health care data. Menon and Sarkar (2016) discussed methods to improve the accuracy of shared database while maintaining privacy at the same time when the shared databases are excessively large (tens or hundreds of millions of records).

In reviewing the progression of research on information privacy in MIS Quarterly, we observe that a diversity of methodological approaches have been used, including conceptual papers (Culnan and Williams 2009; Kane et al. 2014; Kohli and Tan 2016; Mason 1986; Straub Jr and Collins 1990), literature reviews (Bélanger and Crossler 2011; Pavlou 2011; Smith et al. 2011), case studies (Webster 1998), surveys (Awad and Krishnan 2006; Culnan 1993; Hong and Thong 2013; Pavlou et al. 2007; Smith et al. 1996; Son and Kim 2008), experiments (Angst and Agarwal 2009; Hui et al. 2007; Sutanto et al. 2013), mathematical modeling (Lee et al. 2011), algorithms (Li and Sarkar 2014; Menon and Sarkar 2016), and a combination of methodologies (Ayyagari et al. 2011).

3. Thematic Advances in Knowledge

We roughly identified four main themes from the studies listed in Table 1: (1) conceptual papers that include literature reviews, research agendas, and instrument development; (2) papers that investigate the antecedents of privacy; (3) papers that examine the consequences of privacy; and (4) privacy protection methods and programs. Note that some papers may be classified in more than one theme. Below, we discuss each of these themes.

First, a number of articles are best classified as conceptual papers, which fall into three categories. The first group comprise literature reviews, all of which appeared in the December 2011 issue of MIS Quarterly. Bélanger and Crossler (2011) reviewed previous work in the information systems discipline and provided a multilevel framework for empirical studies. Smith et al. (2011) provided an interdisciplinary review and highlighted three major themes in previous research, one of which centered on an “antecedents – privacy concerns – outcomes” framework. In that same issue, Pavlou (2011) provided an integrative overview of the Bélanger and Crossler (2011) and Smith et al. (2011) papers. The second group of conceptual papers provides forward-looking research agendas. In the first paper to focus specifically on information privacy in MIS Quarterly, Mason (1986) provided a “call to arms” for future research by detailing “four ethical issues of the information age.” Some three decades later, Kane et al. (2014) called out a research agenda for social media, with information privacy an important component thereof, and Kohli and Tan (2016), in their focus on electronic health records, highlighted a research question associated with information privacy. The third group of conceptual papers develops and validates measurement instruments that can be used by other researchers who conduct empirical studies. Smith et al. (1996) offered the Concern for Information Privacy (CFIP) instrument, which they developed through a process that entailed bounding the construct and testing draft versions of the instrument, which measured four dimensions of concern. Hong and Thong (2013) extended the CFIP instrument by creating and validating the Internet Privacy Concerns instrument, which included two additional dimensions of information privacy concern and was subjected to extensive nomological validation.

A second theme is antecedents of information privacy. This set of MIS Quarterly articles deals with factors that amplify or suppress an individual’s perceptions about information privacy. Pavlou et al. (2007) showed that a set of personal beliefs – trust, website informativeness, and social presence – mitigate a buyer’s information privacy concerns when engaging in online exchange relationships with sellers. Ayyagari et al. (2011) explored how intrusive features of ICTs – presenteeism (i.e. the degree to which the technology enables users to be reachable) and anonymity (i.e. the degree to which an individual perceives that the use of ICTs is not identifiable, or cannot be tracked) – affect an individual’s perception of privacy invasion. They found that an individual’s perception of technology presenteeism is positively related to perceived invasion of privacy whereas an individual’s perception of technology anonymity lessens the perceived invasion of privacy. Sutanto et al. (2013) showed that an IT solution delivering a personalized service while avoiding disclosing users’ personal information to third parties, reduces users’ perceptions that their information privacy is being infringed upon, thus mitigating the personalization–privacy paradox and increasing both process and content gratification.

The third theme focuses on the consequences of information privacy. These consequences include reduced effectiveness of direct marketing, resistance toward new technologies, and slowing participation in e-commerce. In the case of direct marketing, Culnan (1993) found that people who are less sensitive about secondary use of personal information have more positive attitudes toward shopping by mail. In the case of new technology, Webster (1998) found that wary users of desktop videoconferencing in an organization are concerned about loss of personal privacy, and possible video monitoring by their superiors. The majority of studies are in the domain of e-commerce. Pavlou et al. (2007) found that information privacy concerns lead to higher perceived uncertainty resulting in reduced purchase intentions and actual purchases of books and prescription drugs filling online. Son and Kim (2008) examined how online users may respond to privacy threats from online companies. They concluded that those with high information privacy concerns are more likely to refuse to provide their information, instigate removal of their information from the company database, spread negative word-of-mouth, and complain directly to the online company or indirectly to 3rd party organizations. Hong and Thong (2013) found that online users with high information privacy concerns will have lower trust in how websites handle personal information and perceive a higher risk in providing personal information to websites. There are also studies that address the privacy-personalization paradox. Awad and Krishnan (2006) found that online customers who desire greater information transparency are less willing to be profiled by companies. Sutanto et al. (2013) proposed a personalized, privacy-safe solution implemented on smartphones. They found that (compared to the non-personalized application), while personalized (privacy-safe or not) increased application usage, it was only when it was privacy-safe that users saved product messages more frequently. Lee et al. (2011) explored the motivation of firms for privacy protection and its impact on competition and social welfare in the context of product and price personalization.

The fourth theme focuses on privacy protection, which falls into two categories. The first category focuses on a series of social and organizational processes which seek to preserve the privacy rights of individuals. Straub Jr and Collins (1990) emphasized the importance of protecting privacy and recommend steps to be taken by managers to protect privacy. Hui et al. (2007) examined the use of privacy statements and privacy seals, and their impact on individuals’ willingness to provide information. Culnan and Williams (2009) suggested that firms should protect consumer privacy by creating a culture and implement governance process for privacy with the involvement of top management. The second category is comprised of emerging work on building systems that are designed to better preserve individual privacy. This includes work on algorithms and techniques which handle data analysis and sharing in a manner that does not compromise individual privacy. Li and Sarkar (2014) discussed the inherent risks to privacy through the use of regression trees which can reveal sensitive data. They proposed a new method called digression which takes privacy into cognizance while building a regression model. Menon and Sarkar (2016) discussed methods to sanitize data for privacy by building scalable algorithms to share data between organizations when the shared databases are excessively large (tens or hundreds of millions of records).

Conclusion

This curation illustrates the breadth of research on information privacy over the past 40 years in MIS Quarterly. We hope that these articles will provide a foundation for further research on the critical issue of information privacy in a digitally-enabled world.

Please cite this curation as follows: Popovic, A., Smith, H.J., Thong, J.Y.L., and Wattal, S. “Information Privacy,” in MIS Quarterly Research Curations, Ashley Bush and Arun Rai, Eds., http://misq.org/research-curations, April 30, 2017.

Table 1. MIS Quarterly Papers on Information Privacy

ID Author(s) Title Year Vol. Iss.
1 Richard O. Mason Four Ethical Issues of the Information Age 1986 10 1
2 Detmar W. Straub, Jr., and Rosann Webb Collins Key Information Liability Issues Facing Managers: Software Piracy, Proprietary Databases, and Individual Rights to Privacy 1990 14 2
3 Mary J. Culnan “How Did They Get My Name?”: An Exploratory Investigation of Consumer Attitudes Toward Secondary Information Use 1993 17 3
4 H. Jeff Smith, Sandra J. Milberg, and Sandra J. Burke Information Privacy: Measuring Individuals’ Concerns About Organizational Practices 1996 20 2
5 Jane Webster Desktop Videoconferencing: Experiences of Complete users, Wary Users, and Non-Users 1998 22 3
6 Naveen Farag Awad and M. S. Krishnan The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to be Profiled Online for Personalization 2006 30 1
7 Kai-Lung Hui, Hock Hai Teo, and Sang-Yong Tom Lee The Value of Privacy Assurance: An Exploratory Field Experiment 2007 31 1
8 Paul A. Pavlou, Huigang Liang, and Yajiong Xue Understanding and Mitigating Uncertainty in Online Exchange Relationships: A Principal-Agent Perspective 2007 31 1
9 Jai-Yeol Son and Sung S. Kim Internet Users’ Information Privacy-Protective Responses: A Taxonomy and a Nomological Model 2008 32 3
10 Corey M. Angst and Ritu Agarwal Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion 2009 33 2
11 Mary J. Culnan and Cynthia Clark Williams How Ethics Can Enhance Organizational Privacy: Lessons from the ChoicePoint and TJX Data Breaches 2009 33 4
12 Dong-Joo Lee, Jae-Hyeon Ahn, and Youngsok Bang Managing Consumer Privacy Concerns in Personalization: A Strategic Analysis of Privacy Protection 2011 35 2
13 Ramakrishna Ayyagari, Varun Grover, and Russell Purvis Technostress: Technological Antecedents and Implications 2011 35 4
14 Paul A. Pavlou State of the Information Privacy Literature: Where Are We Now and Where Should We Go? 2011 35 4
15 H. Jeff Smith, Tamara Dinev, and Heng Xu Information Privacy Research: An Interdisciplinary Review 2011 35 4
16 France Belanger and Robert E. Crossler Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems 2011 35 4
17 Weiyin Hong and James Y. L. Thong Internet Privacy Concerns: An Integrated Conceptualization and Four Empirical Studies 2013 37 1
18 Juliana Sutanto, Elia Palme, Chuan-Hoo Tan, and Chee Wei Phang Addressing the Personalization-Privacy Paradox: An Empirical Assessment from a Field Experiment on Smartphone Users 2013 37 4
19 Gerald C. Kane, Maryam Alavi, Giuseppe (Joe) Labianca, and Stephen P. Borgatti What’s Different about Social Media Networks? A Framework and Research Agenda 2014 38 1
20 Xiao-Bai Li and Sumit Sarkar Digression and Value Concatenation to Enable Privacy-Preserving Regression 2014 38 3
21 Rajiv Kohli and Sharon Swee-Lin Tan Electronic Health Records: How Can IS Researchers Contribute to Transforming Healthcare? 2016 40 3
22 Syam Menon and Sumit Sarkar Privacy and Big Data: Scalable Approaches to Sanitize Large Transactional Databases for Sharing 2016 40 4

Acknowledgement: We thank Jie Tang for providing research assistantship on this curation. She helped to go through 40 years of MIS Quarterly papers, count the number of times “privacy” was mentioned and highlight where it was mentioned in each paper, and summarize the main findings. All errors remain with the curation team.

Figure 1. Information Privacy Infographic

MISQ Information Privacy Curation - Infographic 21 Apr 2017

Trust

MISQ logoResearch Curation

MISQ Research Curation Teams are invited by the Editor-in-Chief to develop a curation in close collaboration with the EIC and Research Curations Editor. Each curation undergoes an iterative development process before it is released. As a living document, each curation will be updated as new, relevant publications appear in MISQ.

Last updated: October 2016
Download the PDF: Trust Research Curation pdf
View the Infographic

Trust Research Curation Team:
Matthias Söllner (Universities of St. Gallen and Kassel)
Izak Benbasat (University of British Columbia)
David Gefen (Drexel University)
Jan Marco Leimeister (Universities of St. Gallen and Kassel)
Paul A. Pavlou (Temple University)

Trust is the enabler of social interaction. Although the origins of research on trust traditionally lie outside the Information Systems (IS) domain, the importance of trust for IS research rapidly grew in the late 1990s, and it is still growing with the increasing ubiquity and advancement of technology in organizations, virtual teams, online markets, and user-technology interactions. Theoretically, the central role of trust is tied to the growing social change that Information and Communication Technology (ICT) has always created, a trend increased by the introduction of electronic commerce, and with it the need to interact and commerce with total strangers. This trend is mirrored in major IS research fields, such as virtual teams and technology acceptance, and thus also naturally in the pages of MIS Quarterly. The importance of trust for IS research and its impact on the IS literature are also reflected by the fact that a trust-related paper (Gefen et al. 2003) is among the most highly cited articles published in MIS Quarterly, together with papers on TAM, knowledge management, and design science. Besides, two trust-related papers have won the MIS Quarterly Paper of the Year Award in 1998 (Kumar et al. 1998) and 2009, respectively (Cyr et al. 2009), and a Special Issue on trust was published in 2010 (Benbasat et al. 2010). Coupled with the facts that we have identified 33 papers relevant for this curation, and that these papers account for about 20,000 total citations, it is perhaps safe to argue that trust is one of the popular and well-cited areas of research in the IS literature, especially during the last 20 years.

Focus of the Research Curation

This curation adopts a broad definition of trust based on Gefen et al. (2003) who combined the theoretical background of trust as a behavioral antecedent from the sociology literature along with its antecedent beliefs about the trustworthiness of another party. This was suggested by philosophers as early as Aristotle and also highlighted in management research. According to that definition, trust is a willingness of one party (the trustor) to rely on another party (the trustee), i.e., about setting aside concerns the trustor has about the trustee’s taking advantage of the situation in cases that involve risk and potential loss to the trustor. This willingness to rely is based on assessments about the trustee’s characteristics, mainly about ability (competence), benevolence, and integrity.

This curation highlights all 33 articles published in MIS Quarterly that focus on the study of trust (see Table 1 at the end of this curation). Since the goal of this curation is to provide a starting point for future research on trust, it focuses on papers in which trust plays an important role in the proposed model, hypotheses, or overall study. Thus, the curation excludes articles in which trust is merely used as part of another construct (e.g., Mithas et al. 2008) or in which trust is used as a synonym for other kindred concepts, such as friendship in peer-to-peer lending (e.g., Liu et al. 2015). Due to the large number of articles on trust, the curation, furthermore, excludes articles that deal with related topics such as risk, privacy and security.

Progression of Research in MIS Quarterly

Early research on trust in MIS Quarterly, starting mainly just before 2000, was closely tied to research in the broader management literature. Perhaps because of those origins, trust research in MIS Quarterly initially concentrated on trust relationships where an ICT is a conduit to traditional trust-based relationships, such as buyer-seller relationships in electronic commerce, or where trust is a defining characteristic of the software development process, such as outsourcing relationships among organizations. Representative topics of this initial period include studies of how ICT affects the performance of work teams (e.g., Piccoli and Ives 2003; Paul and McDaniel Jr. 2004), how online markets and channels change the way transactions take place among consumers and businesses online (e.g., Ba and Pavlou 2002; Gefen et al. 2003), and how groups collaborate in virtual settings (Nelson and Cooprider 1996). Parallel to that stream, also early on, there was conceptual research on how to increase trust in technology (Gregor and Benbasat 1999). Importantly, right from this initial period on, research tied trust directly to key constructs used in MIS theories, which is probably why trust became a key theme in MIS research. Representative of this integration of trust into the heart of existing theories utilized in MIS are Gefen et al. (2003) who integrated trust into TAM, and Pavlou and Feygenson (2006) who added trust into the theory of planned behavior.

The study of trust in MIS Quarterly evolved toward the mid-2000s, showing an increase in research on trust between organizations, especially in the context of IT/IS outsourcing. Trust was shown to be a key construct in successful IT/IS outsourcing relationships (Ågerfalk and Fitzgerald 2008; Gefen et al. 2008; Goo et al. 2009; and Rai et al. 2009).

Also beginning in the mid-2000s and lasting until today, there has been an increase in research on trust and the IT artifact as well as a more nuanced look into the construct of trust. This period saw a shift from understanding the importance of trust toward more interest in how to design trustworthy systems (e.g., Komiak and Benbasat 2006) and better understand how cultural and gender differences affect the relationships between trust and other constructs (e.g., Cyr et al. 2009; Sia et al. 2009; Riedl et al. 2010). Another stream of research in this period includes the application of neuroscience methods to better measure trust constructs (Dimoka 2010; Riedl et al. 2010) and to investigate whether trust and distrust are distinct constructs (Dimoka 2010).

The richness and diversity of the study of trust is reflected in the many methodologies used to study trust (please see Table 1 for details). These methodologies include theoretical reasoning (e.g., Gregor and Benbasat 1999), literature reviews (e.g., Xiao and Benbasat 2007), a single case study (Kumar et al. 1998) or many case studies (e.g., Watson-Manheim and Bélanger 2007), different experimental approaches (e.g., Ba and  Pavlou 2002; Piccoli and Ives 2003; Sia et al. 2009), surveys and field studies (e.g., Gefen et al. 2003; Paul and McDaniel Jr. 2004; Kankanhalli et al. 2005; Kanawattanachai and Yoo 2007), fMRI (e.g., Riedl et al. 2010), archival data (e.g., Gefen et al. 2008; Burtch et al. 2014), as well as combinations of these approaches, e.g., a lab experiment including qualitative interviews, quantitative surveys and eye-tracking methods (Cyr et al. 2009), or lab and fMRI experiments (Dimoka 2010).

Thematic Advances in Knowledge

Four overarching clusters of trust-based relationships were investigated in the studies listed in Table 1: (1) between people or between groups, (2) between people and organizations, (3) between organizations, and (4) between people and technology. Within each of these clusters, different research themes were investigated.

The first cluster of studies focuses on trust relationships between people or between groups. These studies can be further divided into studies that focus on trust within virtual teams (Nelson and Cooprider 1996; Piccoli and Ives 2003; Paul and McDaniel Jr. 2004; Kankanhalli et al. 2005; Stewart and Gosain 2006; Watson-Manheim and Bélanger 2007; Kanawattanachai and Yoo 2007; Iacovou et al. 2009; Thomas and Bostrom 2010), and studies focusing on trust in buyer-seller-like relationships in online markets (Ba and Pavlou 2002; Dimoka 2010; Riedl et al. 2010; Burtch et al. 2014; Ou et al. 2014). With regards to trust in virtual teams, multiple studies have shown the importance of trust among team members as an antecedent of team success. Nelson and Cooprider (1996), for example, showed that mutual trust between members of the IS group and line groups of an organization increases shared knowledge, and thus performance. Paul and McDaniel Jr. (2004) showed a direct positive effect of trust among team members on team performance in telemedicine, while Iacovou et al. (2009) showed that the absence of trust between IS project managers and executives can lead to biases in their communication. With regard to online markets, research shows that feedback mechanisms have an impact on how buyers rate the trustworthiness of sellers and that buyers were willing to pay price premiums to sellers they trust more (Ba and Pavlou 2002).

The second cluster focuses on trust relationship between people and organizations. These studies focus mainly on (potential) customer trust in internet businesses (Gefen et al. 2003; Pavlou and Fygenson 2006; Pavlou et al. 2007; Sia et al. 2009; Fang et al. 2014), with one study focusing on trust in web-based channels in general (Choudhury and Karahanna 2008). Choudhury and Karahanna (2008) showed that informational trust is a driver of the relative advantages of web-based channels. Research also embedded trust into well-established models of human behavior, such as the technology acceptance model (Gefen et al. 2003) and the theory of planned behavior (Pavlou and Fygenson 2006), showing that trust in web vendors drives online shopping behavior.

The third cluster focuses on trust relationships between organizations. These studies can be divided into studies focusing on IT/IS outsourcing (Ågerfalk and Fitzgerald 2008; Gefen et al. 2008, Goo et al. 2009; Rai et al. 2009), and studies focusing on trust in other forms of inter-firm relationships (Kumar et al. 1998; Klein and Rai 2009). Comparable to the results about virtual teams, research on IT/IS outsourcing highlights the necessity of trust as a basis for a mutually beneficial outsourcing relationship across different types of outsourcing, such as open sourcing (Ågerfalk and Fitzgerald 2008), IT outsourcing (Goo et al. 2009), and IS offshoring (Rai et al. 2009). Furthermore, Gefen et al. (2008) showed that trust influences what type of contract is used in software development outsourcing. Research also showed that trust can often reduce the positive effects of new systems, leading to acceptance problems (Kumar et al. 1998), and that trust is an important antecedent of strategic information flows within inter-firm logistics relationships (Klein and Rai 2009).

The fourth cluster focuses on trust relationships between people and technology. These studies can be divided into studies focusing on trust in systems, such as recommendation systems or decision-support systems (Gregor and Benbasat 1999; Komiak and Benbasat 2006; Xiao and Benbasat 2007; Han et al. 2015) and studies focusing on trust in websites (Cyr et al. 2009; Xiao and Benbasat 2011). Also in this cluster is the study of trust in the nation-wide initiative to introduce identity smart cards in Nigeria (McGrath 2016). Studies focusing on user trust in systems showed the importance of trust in the context of using or relying on those systems (e.g., Komiak and Benbasat 2006; Han et al. 2015). Research in this stream also provided insights into how systems should be designed so that their users perceive them as being more trustworthy. In that regard, Gregor and Benbasat (1999) conceptualized the importance of suitable explanations to increase trust in systems. Komiak and Benbasat (2006) highlighted the need for personalization of systems to increase user trust. Cyr et al. (2009) showed how user trust across different cultures can be influenced by varying image appeals and perceived social presence in the context of building trust in websites. Finally, Xiao and Benbasat (2011) propose that people perceive potential deception on an e-commerce website differently depending on whether they interact with a trusted website or not.

Conclusion

The extensive research on trust and the broad range of methodological approaches in MIS Quarterly shows the centrality and complexity of trust in contexts of interest to the MIS community. It is our intent that this curation will contribute to the continued interest and development of the study of trust in the MIS discipline through this curation.

MIS Quarterly References beyond the Papers Included in Table 1

Benbasat, I., Gefen, D., and Pavlou, P. A. 2010. “Introduction to the Special Issue on Novel Perspectives on Trust in Information Systems,” MIS Quarterly (34:2), pp. 367–371.

Liu, D., Brass, D. J., Lu, Y., and Chen, D. 2015. “Friendship in Online Peer-to-Peer Lending: Pipes, Prisms, and Relational Herding,” MIS Quarterly (39:3), 729-A4.

Mithas, S., Jones, J. L., and Mitchell, W. 2008. “Buyer Intention to Use Internet-Enabled Reverse Auctions: The Role of Asset Specificity, Product Specialization and Non-Contractibility,” MIS Quarterly (32:4), pp. 705–724.

Please cite this curation as follows: Söllner, M., Benbasat, I., Gefen, D., Leimeister, J. M., Pavlou, P. A. “Trust,” in MIS Quarterly Research Curations, Ashley Bush and Arun Rai, Eds., http://misq.org/research-curations, October 31, 2016.

Please feel free to contact Matthias Söllner (matthias.soellner@unisg.ch) if you have comments on or questions regarding this curation.

Table 1. MIS Quarterly Papers on Trust

ID Author(s) Title Year
Vol. (I.)
Trust relationship
(Cluster-#)
Methodological approach(es) Key trust-related insights
1 Kay M. Nelson and Jay G. Cooprider The Contribution of Shared Knowledge to IS Group Performance 1996
20 (4)
IS groups and line customers (1) Cross-sectional field study (DC) & path analysis (DA) Mutual trust impacts shared knowledge which impacts IS performance
2 Kuldeep Kumar, Han G. van Dissel and Paola Bielli The Merchant of Prato – Revisited: Toward a Third Rationality of Information Systems 1998
22 (2)
Organizations of the Prato textile district (3) Single case study including interviews and archival data Existence of trust made a new IS irrelevant, and lead to its failure
3 Shirley Gregor and Izak Benbasat Explanations from Intelligent Systems: Theoretical Foundations and Implications for Practice 1999
23 (4)
Users and intelligent systems (4) Theoretical reasoning Explanations that conform to Toulmin’s model of argumentation should lead to greater trust
4 Sulin Ba and Paul A. Pavlou Evidence of the Effect of Trust Building Technology in Electronic Markets: Price Premiums and Buyer Behavior 2002
26 (3)
Buyers and sellers on electronic (auction) markets (1) Online field experiment and field data (DC) & regression analysis (DA) Properly designed feedback mechanisms can influence trust, and trust impacts buyers’ willingness to pay price premiums
5 David Gefen, Elena Karahanna and Detmar W. Straub Trust and TAM in Online Shopping: An Integrated Model 2003
27 (1)
Consumers and online vendors (2) Field study (DC) & CBSEM (DA) Trust impacts perceived usefulness and intended use
6 Gabriele Piccoli and Ives Blake Trust and the Unintended Effects of Behavior Control in Virtual Teams 2003
27 (3)
Between members of temporary virtual student teams (1) Longitudinal experiment (DC) & Case and statistical analyses (DA) Behavior control mechanisms for traditional teams have a negative effect on trust in virtual teams
7 David L. Paul and Reuben R. McDaniel Jr. A Field Study of the Effect of Interpersonal Trust on Virtual Collaborative Relationship Performance 2004
28 (2)
Between different physicians in virtual telemedicine teams (1) Interviews (DC) & case analysis and POSAC (DA) Interpersonal trust among physicians increases team performance
8 Atreyi Kankanhalli, Bernard C. Tan and Kwok-Kee Wei Contributing Knowledge to Electronic Knowledge Repositories: An Empirical Investigation 2005
29 (1)
Between users of an electronic know-ledge repository (1) Survey (DC) & moderated multiple regression analysis (DA) If there is no generalized trust among users, codification effort hinders system usage
9 Paul A. Pavlou and Mendel Fygenson Understanding and Predicting Electronic Commerce Adoption: An Extension of the Theory of Planned Behavior 2006
30 (1)
Consumers and web vendors (2) Longitudinal study (DC) & PLS (DA) Trusting beliefs influence both, the attitude to getting info and the attitude to purchasing from a vendor
10 Katherine J. Stewart and Sanjay Gosain The Impact of Ideology on Effectiveness in Open Source Software Development Teams 2006
30 (2)
Between members of large OSS development teams (1) Two surveys and archival data (DC) & PLS (DA) Cognitive trust impacts affective trust and affective trust influences both, team size and team effort
11 Sherrie Y. X. Komiak and Izak Benbasat The Effects of Personalization and Familiarity on Trust and Adoption of Recommendation Agents 2006
30 (4)
Users and recommendation agents (4) Online experiment (DC) & PLS (DA) Personalization and familiarity impact cognitive trust which impacts emotional trust that has an impact on intention to adopt
12 Paul A. Pavlou, Huigang Liang and Yaijong Xue Understanding and Mitigating Uncertainty in Online Exchange Relationships: A Principal-Agent Perspective 2007
31 (1)
Consumers and web vendors (2) Two surveys (DC) & PLS (DA) Trust mitigates uncertainty antecedents
13 Bo Xiao and Izak Benbasat E-Commerce Product Recommendation Agents: Use, Characteristics, and Impact 2007
31 (1)
Users and recommendation agents (4) Literature review Different configurations of recommendation agents are proposed to influence trust
14 Mary Beth Watson-Manheim and France Bélanger Communication Media Repertoires: Dealing with the Multiplicity of Media Choices 2007
31 (2)
Between members of virtual sales teams (1) Multiple case study including interviews and archival data Low trust can lead to decreased communication effectiveness, frustration, and wasted effort and resources
15 Prasert Kanawattanachai and Youngjin Yoo The Impact of Knowledge Coordination on Virtual Team Performance over Time 2007
31 (4)
Between members of virtual student teams (1) Three surveys and archival data (DC) & PLS (DA) Cognition-based trust impacts task-knowledge coordination across all time periods
16 Vivek Choudhury and Elena Karahanna The Relative Advantage of Electronic Channels: A Multidimensional View 2008
32 (1)
Consumers and web channels in general (2) Survey (DC) & PLS (DA) Informational trust impacts the relative advantage of web-based channels
17 Pär J. Ågerfalk and Brian Fitzgerald Outsourcing to an Unknown Workforce: Exploring Opensourcing as a Global Sourcing Strategy 2008
32 (2)
Commercial companies and open source communities (3) Multiple qualitative sources and survey (DC) & coding techniques and Mann-Whitney tests and regression (DA) Trust is a key requirement for building a successful opensourcing relationship
18 David Gefen, Simon Wyss and Yossi Lichtenstein Business Familiarity as Risk Mitigation in Software Development Outsourcing Contracts 2008
32 (3)
Between organizations in software development outsourcing (3) Archival data (DC) & multiple linear and logistic regressions (DA) Trust reflected in business familiarity leads to more time and materials outsourcing contracts
19 Jahyun Goo, Rajiv Kishore, H. R. Rao and Kichan Nam The Role of Service Level Agreements in Relational Management of Information Technology Outsourcing: An Empirical Study 2009
33 (1)
Between organizations in IT outsourcing relationships (3) Survey (DC) & PLS (DA) Harmonious conflict resolution and mutual dependence impact trust and in interaction they impact commitment
20 Choon Ling Sia, Kai H. Lim, Kwok Leung, Matthew K. O. Lee, Wayne Wie Huang and Izak Benbasat Web Strategies to Promote Internet Shopping: Is Cultural Customization Needed? 2009
33 (3)
Consumers and web vendors (2) Lab experiment (DC) & standard and multigroup PLS (DA) The way trust in web vendors via their websites can be built differs across cultures (here Australia versus Hong Kong)
21 Dianne Cyr, Milena Head, Hector Larios and Bing Pan Exploring Human Images in Website Design: A Multi-Method Approach 2009
33 (3)
Users and e-commerce websites (4) lab experiment including eye-tracking, survey, and interviews (DC) & coding-based theory building, PLS, eye-tracking analysis (DA) Image appeal and perceived social presence impact trust, and human figures with facial features foster the highest level of trust among all cultures
22 Arun Rai, Likoebe M. Maruping and Viswanath Venkatesh Offshore Information Systems Project Success: The Role of Social Embeddedness and Cultural Characteristics 2009
33 (3)
Between organizations in IS offshore relationships (3) longitudinal field study (DC) & random coefficient modeling (DA) Client trust leads to lower cost overruns and higher satisfaction
23 Richard Klein and Arun Rai Interfirm Strategic Information Flows in Logistics Supply Chain Relationships 2009
33 (4)
Between organi-zations in logistics supply chain relationships (3) Interviews and survey (DC) & PLS (DA) Trust impacts strategic information sharing
24 Charalambos L. Iacovou, Ronald L. Thompson and H. Jeff Smith Selective Status Reporting in Information Systems Projects: A Dyadic-Level Investigation 2009
33 (4)
IS project managers and executives (1) Survey (DC) & PLS (DA) Executive’s knowledge and communication impact trust in executive which has a negative impact on optimistic biasing
25 Dominic M. Thomas and Robert P. Bostrom Vital Signs for Virtual Teams: An Empirically Developed Trigger Model for Technology Adaptation Interventions 2010
34 (1)
Between members of virtual teams (1) Critical incident technique including interviews and survey (DC) &  interpretive content analysis (DA) Lack of trust among team members as one trigger of technology adaptations
26 Angelika Dimoka What Does the Brain Tell Us About Trust and Distrust? Evidence from a Functional Neuroimaging Study 2010
34 (2)
Buyers and sellers on electronic (auction) markets (1) Lab and fMRI experiment (DC) & EFA, CFA, regression and fMRI analysis (DA) Trust and distrust are different, since different regions of the brain are active, and both affect price premiums as expected
27 René Riedl, Marco Hubert and Peter Kenning Are There Neural Gender Differences in Online Trust? An fMRI Study on the Perceived Trustworthiness of eBay Offers 2010
34 (2)
Buyers and sellers on electronic (auction) markets (1) fMRI experiment (DC) & fMRI analysis and general linear modeling (DA) Assessment of trustworthiness differs across genders (different brain regions active), women activate more regions
28 Bo Xiao and Izak Benbasat Product-Related Deception in E-Commerce: A Theoretical Perspective 2011
35 (1)
Users and e-commerce websites (4) Theoretical reasoning Anomalies should less likely be attributed to deception by users with high prior or calculative-based trust
29 Carol Xiaojuan Ou, Paul A. Pavlou and Robert M. Davison Swift Guanxi in Online Marketplaces: The Role of Computer-Mediated Communication Technologies 2014
38 (1)
Buyers and sellers on electronic (auction) markets (1) Longitudinal field study including surveys and archival data (DC) & PLS (DA) Interactivity and presence impact trust, and trust impacts swift guanxi and repurchase intention
30 Yulin Fang, Israr Qureshi, Heshan Sun, Patrick McCole, Elaine Ramsey and Kai H. Lim Trust, Satisfaction, and Online Repurchase Intention: The Moderating Role of Perceived Effectiveness of E-Commerce Institutional Mechanisms 2014
38 (2)
Consumers and web vendor (2) Survey (DC) & PLS (DA) PEEIM moderators the relationships between satisfaction and trust as well as trust and repurchase intention
31 Gordon Burtch, Anindya Gose and Sunil Wattal Cultural Differences and Geography as Determinants of Online Prosocial Lending 2014
38 (3)
Borrowers and lenders on peer-to-peer lending platforms (1) Archival data (DC) & Poisson pseudo-maximum likelihood estimator (DA) Trust is a key mechanism in lending decision, and third party trust mechanisms can help to overcome culture-related lender concerns
32 Wencui Han, Serkan Ada, Raj Sharman and H. Raghav Rao Campus Emergency Notification Systems: An Examination of Factors Affecting Compliance with Alerts 2015
39 (4)
Students and campus emergency notification systems (4) Survey and focus group (DC) & logistic regression analysis (DA) Information quality trust is the only factor that impacts intention to comply across all five scenarios
33 Kathy McGrath Identity Verification and Societal Challenges: Explaining the Gap between Service Provision and Development Outcomes 2016
40 (2)
Nigerian citizens and identity smart cards (4) Comparative case study analysis Workable combination of trust and distrust needs to be in place when aiming to introduce identity smart cards
Legend: CBSEM = covariance-based structural equation modeling; CFA = confirmatory factor analysis; DA = data analysis; DC = data collection; EFA = exploratory factor analysis; OSS = open source software; PEEIM = Perceived Effectiveness of E-Commerce Institutional Mechanisms; PLS = partial least square; POSAC = partial order scalogram analysis with base coordinates

Figure 1. Trust Infographic

infographic_misq-trust-research-curation_oct-2016

Securing Digital Assets

MISQ logo

Research Curation

MISQ Research Curation Teams are invited by the Editor-in-Chief to develop a curation in close collaboration with the EIC and Research Curations Editor. Each curation undergoes an iterative development process before it is released. As a living document, each curation will be updated as new, relevant publications appear in MISQ.

Last updated: May 2016
Download the PDF: MISQ Curation Securing Digital Assets May 2016
View the Infographic

Securing Digital Assets Research Curation Team:
Kai-Lung Hui (Hong Kong University of Science and Technology)
Anthony Vance (Brigham Young University)
Dmitry Zhdanov (University of Connecticut)

The security of digital assets has grown from being the concern of a few technologists to an issue that impacts society at large in virtually every sector, including government, business, and healthcare. This general trend is mirrored in the pages of MIS Quarterly. Although the importance of securing digital assets was recognized as early as the journal’s second year of publication (Halloran et al. 1978), research on security was relatively sparse until the last decade which has seen a marked increase of published articles on the topic.

1. Focus of the Research Curation

This curation highlights 32 articles published in MIS Quarterly that focus on the issue of securing digital assets (see Table 1). For scoping purposes, we do not cover closely related topics, such as disaster recovery or privacy, or include articles that feature security as a component instead of the focus of the study (e.g., “security” as a single construct of a larger model).

2. Progression of Research in MISQ

The early works on security tend to be exploratory, focusing more on uncovering new concerns and threats to digital assets. The contexts and applications vary widely, including system development and prototyping, cryptographic data protection, threat and risk management, end-user computing, electronic data interchange and inter-organizational systems, and online exchanges (Halloran et al. 1978; Murray 1979; Leitheiser and Wetherbe 1986; Post and Diltz 1986; White and Christy 1987; Hansen and Hill 1989; Loch et al. 1992; Baskerville and Stage 1996; Kumar and van Dissel 1996). For example, Boockholdt (1989) identified the emergence of new security concerns, i.e., control and backup, arising from the migration of mainframe to personal computing. Straub and Nance (1990) found that purposeful detection of security abuse were not often used, and perpetrators were not systematically disciplined. These novel findings highlight the importance of security threats to digital assets and their corresponding solutions.

By contrast, the recent published works in securing digital assets are more normative in nature. For example, Abbasi et al. (2010) developed a system to automatically detect fake websites. Johnston and Warkentin (2010) and Johnston et al. (2015) showed that fear appeals can be used to improve users’ compliance with security recommendations. Vance et al. (2015) showed that user interface design can be used to increase users’ accountability, and in turn, decrease noncompliant behavior. Each of these studies provide specific guidance on the actual design and management of information security.

In reviewing the progression of research on the security of digital assets in MIS Quarterly, it is interesting to observe not just what has been studied, but how. A diversity of methodological approaches have been applied, including action research (Baskerville and Stage 1996; Straub and Welke 1998; Puhakainen and Siponnen 2010; Smith et al. 2010), design science (Baskerville and Stage 1996; Abbasi et al. 2010), economic modeling (e.g., Galbreth and Shor 2010; Chen et al. 2011; Gupta and Zhdanov 2012; Dey et al. 2014), applied econometrics (Li et al. 2012; Ransbotham et al. 2012; Kim and Kim 2014; Kwon and Johnson 2014; Wang et al. 2015), factorial survey (Vance et al. 2015), field survey (e.g., Johnston and Warkentin 2010), interpretive case study (Backhouse et al. 2006), and mixed methods (Spears and Barki 2010). These approaches demonstrate the multifaceted nature of information security, one that has engaged the behavioral, design, and economic paradigms of IS to uncover the interaction between people, technology, and policy.

3. Thematic Advances in Knowledge

Four themes emerge from the studies listed in Table 1: (1) behavioral compliance, (2) risk management, (3) investments in securing digital assets, and (4) market effects of securing digital assets. These four themes span different units of analysis (from individual users to organizations to markets). Below, we discuss each of these research themes.

First, a major theme of research on securing digital assets appearing in MIS Quarterly is behavioral compliance, in which a user is encouraged to adopt a protective security practice, or to avoid a harmful one. Such studies have drawn on a wide range of theories from criminology and psychology, including general deterrence (Straub and Nance 1990; Harrington 1996), coping (Liang and Xue 2009), neutralization (Siponen and Vance 2010), planned behavior (Bulgurcu et al. 2010), fear appeals and protection motivation (Johnston and Warkentin 2010; Johnston et al. 2015; Boss et al. 2015; Liang and Xue 2009; Anderson and Agarwal 2010; Posey et al. 2013; Boss et al. 2015; Chen and Zahedi 2016), accountability (Vance et al. 2015), routine activity (Wang et al. 2015) and cognitive information processing and training (Puhakainen and Siponen 2010). These reference theories provide a solid foundation to holistically assess the psychological state of individuals when they appraise security threats, benefits of protection, and imposed costs of security solutions. This set of studies have affirmatively shown that the attitude and behavior towards information security is multi-dimensional. People may generally fear security threats or the consequences of misuse and noncompliance, but at the same time they may rationalize or defend poor security behavior by invoking, for example, neutralization techniques, expressive/instrumental criminal motivations, or perceptions of organizational injustice (Willison and Warkentin 2013). The consensus in these studies is that people, including home and organizational users, can be motivated or trained to engage in beneficial security practices and avoid harmful ones once we understand psychological drivers of these behaviors.

A second theme is risk management. Arguably, the nature of risk management is normative, and this is well reflected in this set of MIS Quarterly articles, which provide several practical frameworks and tools, including a probabilistic loss assessment technique based on the stochastic dominance concept in statistics (Post and Diltz 1986), a comprehensive classification of risk factors and the risk mitigation process (Baskerville and Stage 1996), a security risk planning model with security awareness education and countermeasure matrix (Straub and Welke 1998), user participation as an additional security control to enhance security awareness and alignment between IS security risk management and the business environment (Spears and Barki 2010), and the use of diversification strategies to reduce the risks of correlated failures in software deployment (Chen et al. 2011). These frameworks and tools provide a convenient starting point for practitioners to strengthen organizational risk management of digital assets.

A third theme is the investments in securing digital assets. This set of MIS Quarterly articles substantiates its tangible benefits. For example, Gordon et al. (2010) showed that voluntary disclosure of information security issues is positively associated with the market value of a firm. Li et al. (2012) found that information technology controls directly affect the quality of information produced by the system. Ransbotham et al. (2012) demonstrated that vulnerability disclosure leads to reduced vulnerability exploitation risks and attempts. Kwon and Johnson (2014) showed that security investment reduces security failure rates, particularly when the investment is proactive. Taken together, these studies complete the “missing link” in information security research—theoretical or normative study of information security protection will be less meaningful if the protection does not lead to tangible benefits. These studies illustrate that it does.

A fourth theme is market effects of securing digital assets, which examines how the nature of information security is transformed when placed inside a market. Galbreth and Shor (2010) showed that software firms can benefit from malicious hacking because such malicious hacking nurtures a monopoly. It highlights the existence of a peculiar indirect externality due to strategic hacking. Chen et al. (2011) showed that homogeneous software design can lead to correlated failures because, by nature, the same attack can be applied to all software using the same design. There is again a peculiar negative externality due to security attacks. Gupta and Zhdanov (2012) studied the outsourcing of information security protection to managed security service providers (MSSP). It accounts for both positive and negative externalities in such outsourcing, and formally characterizes when a for-profit entity or consortium would arise. Kim and Kim (2014) showed that there is a positive “knowledge externality” in the malware resolution process. This set of MIS Quarterly articles expand our understanding of how security attacks and protection may interact beyond the organizational boundary. They also describe novel security externalities (due to strategic hacking, knowledge sharing, etc.) while also suggesting appropriate regulations and policies to address these emergent challenges.

Conclusion

This curation shows the breadth of coverage on the topic of securing digital assets, both thematically and methodologically. It also illustrates the rich phenomena and problems in this area. Finally, the contributions made by these articles provide a solid foundation for future research on the vitally important topic of securing digital assets.

Table 1. MIS Quarterly Papers on Securing Digital Assets.

ID Author(s) Title Year Vol. Issue
1 J. L. Boockholdt Implementing Security and Integrity in Micro-Mainframe Networks 1989 13 2
2 Detmar W. Straub, Jr., and William D. Nance Discovering and Disciplining Computer Abuse in Organizations: A Field Study 1990 14 1
3 Karen D. Loch, Houston H. Carr, and Merrill E. Warkentin Threats to Information Systems: Today’s Reality, Yesterday’s Understanding 1992 16 2
4 Susan J. Harrington The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions 1996 20 3
5 Richard Baskerville and Jan Stage Controlling Prototype Development Through Risk Analysis 1996 20 4
6 Detmar W. Straub and Richard J. Welke Coping With Systems Risk: Security Planning Models for Management Decision Making 1998 22 4
7 James Backhouse, Carol W. Hsu, and Leiser Silva Circuits of Power in Creating de jure Standards: Shaping an International Information Systems Security Standard 2006 30 SI
8 Huigang Liang and Yajiong Xue Avoidance of Information Technology Threats: A Theoretical Perspective 2009 33 1
9 Ahmed Abbasi, Zhu Zhang, David Zimbra, Hsinchun Chen, Jay F. Nunamaker Jr. Detecting Fake Websites: The Contribution of Statistical Learning Theory 2010 34 3
10 Stephen Smith, Donald Winchester, Deborah Bunker, Rodger Jaimeson Circuits of Power: A Study of Mandated Compliance to an Information Systems Security De Jure Standard in a Government Organization 2010 34 3
11 Mikko Siponen and Anthony Vance Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations 2010 34 3
12 Janine L. Spears and Henri Barki User Participation in Information Systems Security Risk Management 2010 34 3
13 Burcu Bulgurcu, Hasan Cavusoglu, Izak Benbasat Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness 2010 34 3
14 Allen C. Johnston and Merrill Warkentin Fear Appeals and Information Security Behaviors: An Empirical Study 2010 34 3
15 Lawrence A. Gordon, Martin P. Loeb, and Tashfeen Sohail Market Value of Voluntary Disclosures Concerning Information Security 2010 34 3
16 Michael R. Galbreth and Mikhael Shor The Impact of Malicious Agents on the Enterprise Software Industry 2010 34 3
17 Catherine L. Anderson and Ritu Agarwal Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions 2010 34 3
18 Petri Puhakainen and Mikko Siponen Improving Employees’ Compliance Through Information Systems Security Training: An Action Research Study 2010 34 4
19 Pei-yu Chen, Gaurav Kataria, and Ramayya Krishnan Correlated Failures, Diversification, and Information Security Risk Management 2011 35 2
20 Chan Li, Gary F. Peters, Vernon J. Richardson, and Marcia Weidenmier Watson The Consequences of Information Technology Control Weaknesses on Management Information Systems: The Case of Sarbanes-Oxley Internal Control Reports 2012 36 1
21 Sam Ransbotham, Sabyaschi Mitra, and Jon Ramsey Are Markets for Vulnerabilities Effective? 2012 36 1
22 Alok Gupta and Dmitry Zhdanov Growth and Sustainability of Managed Security Services Networks: An Economic Perspective 2012 36 4
23 Robert Willison and Merrill Warkentin Beyond Deterrence: An Expanded View of Employee Computer Abuse 2013 37 1
24 Clay Posey, Tom L. Roberts, Paul Benjamin Lowry, Rebecca J. Bennett, and James F. Courtney Insiders’ Protection of Organizational Information Assets: Development of a Systematics-Based Taxonomy and Theory of Diversity for Protection-Motivated Behaviors 2013 37 4
25 Juhee Kwon and M. Eric Johnson Proactive Versus Reactive Security Investments in the Healthcare Sector 2014 38 2
26 Debabrata Dey, Atanu Lahiri, and Guoying Zhang Quality Competition and Market Segmentation in the Security Software Market 2014 38 2
27 Seung Hyun Kim and Byung Cho Kim Differential Effects of Prior Experience on the Malware Resolution Process 2014 38 3
28 Jingguo Wang, Manish Gupta, and H. Raghav Rao Insider Threats in a Financial Institution: Analysis of Attack-Proneness of Information Systems Applications 2015 39 1
29 Allen C. Johnston, Merrill Warkentin, and Mikko Siponen An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric 2015 39 1
30 Scott R. Boss, Dennis F. Galletta, Paul Benjamin Lowry, Gregory D. Moody, and Peter Polak What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors 2015 39 4
31 Anthony Vance, Paul Lowry, Dennis Eggett Increasing Accountability Through User-Interface Design Artifacts: A New Approach To Addressing The Problem Of Access-Policy Violations 2015 39 2
32 Yan Chen and Fatemeh Mariam Zahedi Individuals’ Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China 2016 40 1

Figure 1. Securing Digital Assets Infographic

MISQ Curation Securing Digital Assets Infographic May 2016

Please cite this curation as follows: Hui, K.L., Vance, A., Zhdanov, D. “Securing Digital Assets,” in MIS Quarterly Research Curations, Ashley Bush and Arun Rai, Eds., http://misq.org/research-curations, May 27, 2016.