Insiders' protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors

MIS Quarterly: Management Information Systems

Volumn 37, Issue 4, 2013, Pages 1189-1210

  Posey, Clay ^a   Roberts, Tom L ^b   Lowry, Paul Benjamin ^c   Bennett, Rebecca J ^b   Courtney, James F ^b  

^a UNIVERSITY OF ALABAMA   (United States)

^b LOUISIANA TECH UNIVERSITY   (United States)

^c CITY UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

Behavioral information security; Cluster analysis; Multidimensional scaling; Protection motivated behaviors; Systematics; Taxonomy; Theory of diversity

Indexed keywords

CLUSTER ANALYSIS; SECURITY OF DATA; SECURITY SYSTEMS;

BEHAVIORAL INFORMATION SECURITY; MULTI-DIMENSIONAL SCALING; PROTECTION-MOTIVATED BEHAVIORS; SYSTEMATICS; THEORY OF DIVERSITY;

TAXONOMIES;

EID: 84887697195     PISSN: 02767783     EISSN: 21629730     Source Type: Journal    
DOI: 10.25300/MISQ/2013/37.4.09     Document Type: Article

References (139)

1. Albrechtsen, E., and Hovden, J. 2009. "The Information Security Digital Divide Between Information Security Managers and Users," Computers & Security (28:6), pp. 476-490.
2. Anderson, C. L., and Agarwal, R. 2010. "Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions," MIS Quarterly (34:3), pp. 613-643.
3. Anderson, L. W., and Krathwohl, D. R. 2001. A Taxonomy for Learning, Teaching, and Assessing: A Revision of Bloom's Taxonomy of Educational Objectives, Boston, MA: Allyn & Bacon.
4. Awad, N. F., and Ragowsky, A. 2008. "Establishing Trust in Electronic Commerce Through Online Word of Mouth: An Examination Across Genders," Journal of Management Information Systems (24:4), pp. 101-121.
5. Aytes, K., and Connolly, T. 2004. "Computer Security and Risky Computing Practices: A Rational Choice Perspective," Journal of Organizational and End User Computing (16:3), pp. 22-40.
6. Backhouse, J., and Dhillon, G. 1995. "Managing Computer Crime: A Research Outlook," Computers & Security (14:7), pp. 645-651.
7. Baskerville, R., and Wood-Harper, A. T. 1998. "Diversity in Information Systems Action Research Methods," European Journal of Information Systems (7:2), pp. 90-107.
8. Beck, K. H. 1984. "The Effects of Risk Probability, Outcome Severity, Efficacy of Protection and Access to Protection on Decision Making: A Further Test of Protection Motivation Theory," Social Behavior and Personality (12:2), pp. 121-125.
9. Beck, K. H., and Feldman, R. H. 1983. "Information Seeking among Safety and Health managers," The Journal of Psychology (115:1), pp. 23-31.
10. Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., and Boss, R. W. 2009. "If Someone Is Watching, I'll Do What I'm Asked: Mandatoriness, Control, and Information Security," European Journal of Information Systems (18:2), pp. 151-164.
11. Bulgurcu, B., Cavusoglu, H., and Benbasat, I. 2009. "Effects of Individual and Organization Based Beliefs and the Moderating Role of Work Experience on Insiders' Good Security Behaviors," in Proceedings of the IEEE International Conference on Computational Science and Engineering, Vancouver, BC, Canada, August 29-31, pp. 476-481.
12. Bulgurcu, B., Cavusoglu, H., and Benbasat, I. 2010. "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly (34:3), pp. 523-548.
13. Cattell, R. B. 1966. "The Scree Test for the Number of Factors," Multivariate Behavioral Research (1:2), pp. 245-276.
14. Cavusoglu, H., Mishra, B., and Raghunathan, S. 2004. "The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers," International Journal of Electronic Commerce (9:1), pp. 70-104.
15. Chen, W., and Hirschheim, R. 2004. "A Paradigmatic and Methodological Examination of Information Systems Research from 1991 to 2001," Information Systems Journal (14:3), pp. 197-235.
16. Choobineh, J., Dhillon, G., Grimaila, M. R., and Rees, J. 2007. "Management of Information Security: Challenges and Research Directions," Communications of the Association for Information Systems (20:1), pp. 958-971.
17. Chung, W., Chen, H., and Nunamaker Jr., J. F. 2005. "A Visual Framework for Knowledge Discovery on the Web: An Empirical Study of Business Intelligence Exploration," Journal of Management Information Systems (21:4), pp. 57-84.
18. Churchill, G. A. 1979. "A Paradigm for Developing Better Measures of Marketing Constructs," Journal of Marketing Research (16:1), pp. 64-73.
19. Crossler, R. E. 2009. Protection Motivation Theory: Understanding the Determinants of Individual Security Behavior, unpublished Ph.D. Dissrtation, Accounting and Information Systems, Virginia Tech University, Blacksburg, VA.
20. CSO Magazine. 2011. "2011 CyberSecurity Watch Survey: Organizations Need More Skilled Cyber Professionals to Stay Secure," January 31 (http://www.marketwire.com/press-release/2011-CyberSecurity-Watch-Survey- Organizations-Need-More-Skilled-Cyber-Professionals-1387863.htm).
21. D'Arcy, J., and Hovav, A. 2007. "Deterring Internal Information Systems Misuse," Communications of the ACM (50:10), pp. 113-117.
22. D'Arcy, J., Hovav, A., and Galletta, D. 2009. "User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research (20:1), pp. 79-98.
23. Dhillon, G. 2001. "Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns," Computers & Security (20:2), pp. 165-172.
24. Dhillon, G., and Backhouse, J. 2000. "Information System Security Management in the New Millennium," Communications of the ACM (43:7), pp. 125-128.
25. Dhillon, G., and Torkzadeh, G. 2006. "Value-Focused Assessment of Information System Security in Organizations," Information Systems Journal (16:3), pp. 293-314.
26. Dillon, W. R., and Goldstein, M. 1984. Multivariate Analysis: Methods and Applications, New York: Wiley.
27. Dinev, T., Goo, J., Hu, Q., and Nam, K. 2009. "User Behavior Towards Protective Information Technologies: The Role of National Cultural Differences," Information Systems Journal (19:4), pp. 391-412.
28. Dinev, T., and Hu, Q. 2007. "The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies," Journal of the Association for Information Systems (8:1), pp. 386-408.
29. Doty, D. H., and Glick, W. H. 1994. "Typologies as a Unique Form of Theory Building: Toward Improved Understanding and Modeling," Academy of Management Review (19:2), pp. 230-251.
30. Earl, M. 2001. "Knowledge Management Strategies: Toward a Taxonomy," Journal of Management Information Systems (18:1), pp. 215-233.
31. Eom, S. B. 1996. "Mapping the Intellectual Structure of Research in Decision Support Systems through Author Cocitation Analysis (1971-1993)," Decision Support Systems (16:4), pp. 315-338.
32. Fagnot, I. J. 2008. "Behavioral Information Security," in Encyclopedia of Cyber Warfare and Cyber Terrorism, L. J. Janczewski and A. M. Colarik (eds.), Hershey, PA: Idea Group Inc., pp. 199-205.
33. Fiedler, K. D., Grover, V., and Teng, J. T. C. 1996. "An Empirically Derived Taxonomy of Information Technology Structure and its Relationship to Organizational Structure," Journal of Management Information Systems (13:1), pp. 9-34.
34. Floyd, D. L., Prentice-Dunn, S., and Rogers, R. W. 2000. "A Meta- Analysis of Research on Protection Motivation Theory," Journal of Applied Social Psychology (30:2), pp. 407-429.
35. Flynn, M. F., Lyman, R. D., and Prentice-Dunn, S. 1995. "Protection Motivation Theory and Adherence to Medical Treatment Regimens for Muscular Dystrophy," Journal of Social and Clinical Psychology (14:1), pp. 61-75.
36. Gibney, R., Zagenczyk, T. J., and Masters, M. F. 2009. "The Negative Aspects of Social Exchange: An Introduction to Perceived Organizational Obstruction," Group & Organization Management (34:6), pp. 665-697.
37. Goode, S., and Gregor, S. 2009. "Rethinking Organisational Size in IS Research: Meaning, Measurement and Redevelopment," European Journal of Information Systems (18:1), pp. 4-25.
38. Green, P. E., and Carmone, F. J. 1970. Multidimensional Scaling and Related Techniques in Marketing Analysis, Boston, MA: Allyn and Bacon.
39. Gregor, S. 2006. "The Nature of Theory in Information Systems," MIS Quarterly (30:3), pp. 611-642.
40. Hair, J. F., Black, W. C., Babin, B. J., and Anderson, R. E. 2009. Multivariate Data Analysis (7th ed.), Upper Saddle River, NJ: Pearson Education.
41. Hamill, J. T., Deckro, R. F., and Kloeber, J. M. 2005. "Evaluating Information Assurance Strategies," Decision Support Systems (39:3), pp. 463-484.
42. Hanisch, K. A., and Hulin, C. L. 1991. "General Attitudes and Organizational Withdrawal: An Evaluation of a Causal Model," Journal of Vocational Behavior (39:1), pp. 110-128.
43. Hanisch, K. A., Hulin, C. L., and Roznowski, M. 1998. "The Importance of Individuals' Repertoires of Behaviors: The Scientific Appropriateness of Studying Multiple Behaviors and General Attitudes," Journal of Organizational Behavior (19:5), pp. 463-480.
44. Herath, T., and Rao, H. R. 2009a. "Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness," Decision Support Systems (47:2), pp. 154-165.
45. Herath, T., and Rao, H. R. 2009b. "Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations," European Journal of Information Systems (28:2), pp. 106-125.
46. Hooijberg, R. 1996. "A Multidirectional Approach Toward Leadership: An Extension of the Concept of Behavioral Complexity," Human Relations (49:7), pp. 917-946.
47. Hu, Q., Xu, Z., Dinev, T., and Ling, H. 2011. "Does Deterrence Work in Reducing Information Security Policy Abuse by Employees?," Communications of the ACM (54:6), pp. 54-60.
48. Huang, Z., Chen, H., Guo, F., Xu, J. J., Wu, S., and Chen, W. H. 2006. "Expertise Visualization: An Implementation and Study Based on Cognitive Fit Theory," Decision Support Systems (42:3), pp. 1539-1557.
49. Im, G. P., and Baskerville, R. L. 2005. "A Longitudinal Study of Information System Threat Categories: The Enduring Problem of Human Error," The DATA BASE for Advances in Information Systems (36:4), pp. 68-79.
50. ITRC. 2012. "2012 ITRC Breach Reports," Identity Theft Resource Center, San Diego, CA.
51. Johnston, A. C., and Warkentin, M. E. 2010. "Fear Appeals and Information Security Behaviors: An Empirical Study," MIS Quarterly (34:2), pp. 549-566.
52. Junglas, I. A., Johnson, N. A., and Spitzmuller, C. 2008. "Personality Traits and Concern for Privacy: An Empirical Study in the Context of Location-Based Services," European Journal of Information Systems (17:4), pp. 387-402.
53. Kerlinger, F. N., and Lee, H. B. 2000. Foundations of Behavioral Research (4th ed.), South Melbourne, Australia: Wadsworth.
54. Kotulic, A. G., and Clark, J. G. 2004. "Why There Aren't More Information Security Research Studies," Information & Management (41:5), pp. 597-607.
55. Kroll Advisory Solutions. 2011. "2011 Kroll Global Fraud Report," in Fraud, Forensics & Compliance, Kroll Advisory Solutions, New York, NY.
56. Kruskal, J. B. 1977. "The Relationship Between Multidimensional Scaling and Clustering," in Classification and Clustering, J. V. Ryzin (ed.), New York: Academic Press, pp. 17-44.
57. Kruskal, J. B., and Wish, M. 1978. Multidimensional Scaling, Beverly Hills, CA: Sage Publications.
58. Lacity, M. C., and Janson, M. A. 1994. "Understanding Qualitative Data: A Framework of Text Analysis Methods," Journal of Management Information Systems (11:2), pp. 137-155.
59. Landry, M., and Banville, C. 1992. "A Disciplined Methodological Pluralism for MIS Research," Accounting, Management and Information Technologies (2:2), pp. 77-97.
60. Larsen, K. R. T. 2003. "A Taxonomy of Antecedents of Information Systems Success: Variable Analysis Studies," Journal of Management Information Systems (20:2), pp. 169-246.
61. Lee, A. S., and Baskerville, R. L. 2003. "Generalizing Generalizability in Information Systems Research," Information Systems Research (14:3), pp. 221-243.
62. Lee, Y., and Kozar, K. A. 2008. "An Empirical Investigation of Anti-Spyware Software Adoption: A Multitheoretical Perspective," Information & Management (45:2), pp. 109-119.
63. Lee, Y., and Larsen, K. R. 2009. "Threat or Coping Appraisal: Determinants of SMB Executives' Decision to Adopt Anti- Malware Software," European Journal of Information Systems (18:2), pp. 177-187.
64. Liang, H., and Xue, Y. 2009. "Avoidance of Information Technology Threats: A Theoretical Perspective," MIS Quarterly (33:1), pp. 71-90.
65. Lincoln, Y. S., and Guba, E. G. 1985. Naturalistic Inquiry, Thousand Oaks, CA: Sage Publications.
66. MacKenzie, S. B., Podsakoff, P. M., and Ahearne, M. 1998. "Some Possible Antecedents and Consequences of In-Role and Extra- Role Salesperson Performance," Journal of Marketing (62:3), pp. 87-98.
67. Mason, R. O., and Mitroff, I. I. 1973. "A Program for Research on Management Information Systems," Management Science (19:5), pp. 475-487.
68. Matook, S., and Vessey, I. 2008. "Types of Business-to-Business E-Marketplaces: The Role of a Theory-Based, Domain-Specific Model," Journal of Electronic Commerce Research (9:4), pp. 260-279.
69. Mayr, E. 1969. Principles of Systematic Zoology, New York: McGraw-Hill.
70. McKelvey, B. 1978. "Organizational Systematics: Taxonomic Lessons from Biology," Management Science (24:13), pp. 1428-1440.
71. McKelvey, B. 1982. Organizational Systematics: Taxonomy, Evolution, Classification, Berkeley, CA: University of California Press.
72. McKinney, E., and Yoos, C. 2010. "Information About Information: A Taxonomy of Views," MIS Quarterly (34:2), pp. 329-344.
73. McNeely, B. L., and Meglino, B. M. 1994. "The Role of Dispositional and Situational Antecedents in Prosocial Organizational Behavior: An Examination of the Intended Beneficiaries of Prosocial Behavior," Journal of Applied Psychology (79:6), pp. 836-844.
74. McQuaid, M. J., Ong, T. H., Chen, H., and Nunamaker Jr., J. F. 1999. "Multidimensional Scaling for Group Memory Visualization," Decision Support Systems (27:1-2), pp. 163-176.
75. Miceli, M. P., Near, J. P., and Dworkin, T. M. 2008. Whistle- Blowing in Organizations, New York: Routledge.
76. Miles, M. B., and Huberman, A. M. 1994. Qualitative Data Analysis: An Expanded Sourcebook (2nd ed.), Newbury Park, CA: Sage Publications.
77. Milne, S., Sheeran, P., and Orbell, S. 2000. "Prediction and Intervention in Health-Related Behavior: A Meta-Analytic Review of Protection Motivation Theory," Journal of Applied Social Psychology (30:1), pp. 106-143.
78. Mingers, J. 2001. "Combining IS Research Methods: Towards a Pluralist Methodology," Information Systems Research (12:3), pp. 240-259.
79. Moore, A. P., Cappelli, D. M., and Trzeciak, R. F. 2008. "The 'Big Picture' of Insider IT Sabotage across U.S. Critical Infrastructures," CMU/SEI-2008-TR-009, Software Engineering Institute: Carnegie Mellon University, Pittsburgh, PA.
80. Morrison, E. W. 1994. "Role Definitions and Organizational Citizenship Behavior: The Importance of the Employee's Perspective," Academy of Management Journal (37:6), pp. 1543-1567.
81. Myers, M. D., and Newman, M. 2007. "The Qualitative Interview in IS Research: Examining the Craft," Information and Organization (17:1), pp. 2-26.
82. Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., and Vance, A. 2009. "What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? An Empirical Study," European Journal of Information Systems (18:2), pp. 126-139.
83. Near, J. P., Dworkin, T. M., and Miceli, J. P. 1993. "Explaining the Whistle-Blowing Process: Suggestions from Power Theory and Justice Theory," Organization Science (4:3), pp. 393-411.
84. Ng, B. Y., Kankanhalli, A., and Xu, Y. 2009. "Studying Users' Computer Security Behavior: A Health Belief Perspective," Decision Support Systems (46:4), pp. 815-825.
85. Organ, D. W. 1988. Organizational Citizenship Behavior: The Good Soldier Syndrome, Lexington, MA: Lexington Books.
86. Organ, D. W., Podsakoff, P. M., and MacKenzie, S. B. 2006. Organizational Citizenship Behaviors: Its Nature, Antecedents, and Consequences, Thousand Oaks, CA: Sage Publications.
87. Orlikowski, W. J., and Baroudi, J. J. 1991. "Studying Information Technology in Organizations: Research Approaches and Assumptions," Information Systems Research (2:1), pp. 1-28.
88. Oz, E. 1992. "Ethical Standards for Information Systems Professionals: A Case for a Unified Code," MIS Quarterly (16:4), pp. 423-433.
89. Padgett, D., and Mulvey, M.S. 2007. "Differentiation via Technology: Strategic Positioning of Services Following the Introduction of Disruptive Technology," Journal of Retailing (83:4), pp. 375-391.
90. Pedhazur, E. J., and Schmelkin, L. P. 1991. Measurement, Design, and Analysis: An Integrated Approach, Hillsdale, NJ: Lawrence Erlbaum Associates.
91. Peterson, D. 2011. "Deltek: Cybersecurity Spending Should Grow," Washington Post, Business Section, December 11.
92. Posey, C., Lowry, P. B., Roberts, T. L., and Ellis, T. S. 2010. "The Online Community Self-Disclosure Model: The Case of Working Professionals in France and the UK Who Use Online Communities," European Journal of Information Systems (19:2), pp. 181-195.
93. Price, S. M. 2007. "Operations Security," in Official (ISC)2 Guide to the CISSP CBK, H. F. Tipton and K. Henry (eds.), Boca Raton, FL: Auerbach, pp. 633-681.
94. Priem, R. L., Love, L. G., and Shaffer, M. A. 2002. "Executives' Perceptions of Uncertainty Sources: A Numerical Taxonomy and Underlying Dimensions," Journal of Management (28:6), pp. 725-746.
95. PWC. 2011. "The 14th Annual Global State of Information Security Survey," PriceWaterhouseCoopers, New York, NY.
96. Rabinowitz, G. B. 1975. "An Introduction to Nonmetric Multidimensional Scaling," American Journal of Political Science (19:2), pp. 343-390.
97. Rehg, M. T., Miceli, M. P., Near, J. P., and Scotter, J. R. V. 2008. "Antecedents and Outcomes of Retaliation Against Whistleblowers: Gender Differences and Power Relationships," Organization Science (19:2), pp. 221-240.
98. Rice, R. E. 1994. "Relating Electronic Mail Use and Network Structure to R&D Work Networks and Performance," Journal of Management Information Systems (11:1), pp. 9-29.
99. Robinson, S. L., and Bennett, R. J. 1995. "A Typology of Deviant Workplace Behaviors: A Multidimensional Scaling Study," Academy of Management Journal (38:2), pp. 555-572.
100. Rogers, R. W. 1975. "A Protection Motivation Theory of Fear Appeals and Attitude Change," The Journal of Psychology (91:1), pp. 93-114.
101. Rogers, R. W. 1983. "Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation," in Social Psychophysiology: A Sourcebook, J. T. Cacioppo and R. E. Petty (eds.), New York: Guilford, pp. 153-176.
102. Rogers, R. W., and Prentice-Dunn, S. 1997. "Protection Motivation Theory," in Handbook of Health Behavior Research I: Personal and Social Determinants, D. S. Gochman (ed.), New York: Plenum Press, pp. 113-132.
103. Ross, H. H. 1974. Biological Systematics, Reading, MA: Addison- Wesley.
104. Rubin, H. J., and Rubin, I. S. 2005. Qualitative Interviewing: The Art of Hearing Data (2nd ed.), Thousand Oaks, CA: Sage Publications.
105. Scerri, E. R. 2007. The Periodic Table: Its Story and Its Significance, New York: Oxford University Press.
106. Schiffman, S. S., Reynolds, M. L., and Young, F. W. 1981. Introduction to Multidimensional Scaling: Theory, Methods, and Applications, New York: Academic Press.
107. Schneier, B. 2000. Secrets and Lies: Digital Security in a Networked World, New York: John Wiley & Sons, Inc.
108. Shang, J., Basil, D. Z., and Wymer, W. 2010. "Using Social Marketing to Enhance Hotel Reuse Programs," Journal of Business Research (63:2), pp. 166-172.
109. Shaw, E., Ruby, K. G., and Post, J. M. 1998. "The Insider Threat to Information Systems: The Psychology of the Dangerous Insider," Security Awareness Bulletin (2-98), pp. 1-10.
110. Shoemaker, R. A. 1981. "Changes in Taxonomy and Nomenclature of Important Genera of Plant Pathogens," Annual Review of Phytopathology (19:1), pp. 297-307.
111. Sibley, C. G., and Monroe, B. L. 1990. Distribution and Taxonomy of Birds of the World, New Haven, CT: Yale University Press.
112. Siponen, M., Pahnila, S., and Mahmood, A. 2007. "Employees' Adherence to Information Security Policies: An Empirical Study," in New Approaches for Security, Privacy and Trust in Complex Environments, H. Venter, M. Eloff, L. Labuschagne, J. Eloff and R. von Solms (eds.), Boston: Springer, pp. 133-144.
113. Siponen, M., and Vance, A. 2010. "Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations," MIS Quarterly (34:3), pp. 487-502.
114. Sircar, S., Nerur, S. P., and Mahapatra, R. 2001. "Revolution or Evolution? A Comparison of Object-Oriented and Structured Systems Development Methods," MIS Quarterly (25:4), pp. 457-471.
115. Son, J. Y., and Kim, S. S. 2008. "Internet Users' Information Privacy-Protective Responses: A Taxonomy and a Nomological Model," MIS Quarterly (32:3), pp. 503-529.
116. Spears, J. L., and Barki, H. 2010. "User Participation in IS Security Risk Management," MIS Quarterly (34:3), pp. 503-522.
117. Stanton, J. M., and Stam, K. R. 2006. The Visible Employee: Using Workplace Monitoring and Surveillance to Protect Information Assets-Without Compromising Employee Privacy or Trust, Medford, NJ: Information Today, Inc.
118. Stanton, J. M., Stam, K. R., Mastrangelo, P., and Jolton, J. A. 2005. "Analysis of End User Security Behaviors," Computers & Security (24:2), pp. 124-133.
119. Stanton, J. M., Stam, K. R., Mastrangelo, P. M., and Jolton, J. A. 2006. "Behavioral Information Security: An Overview, Results, and Research Agenda," in Human-Computer Interaction and Management Information Systems: Foundations, P. Zhang and D. F. Galletta (eds.), Armonk, NY: M. E. Sharpe, pp. 262-280.
120. Straub, D. W. 1990. "Effective IS Security," Information Systems Research (1:3), pp. 255-276.
121. Straub, D. W., Boudreau, M. C., and Gefen, D. 2004. "Validation Guidelines for IS Positivist Research," Communications of the Association for Information Systems (13:1), pp. 380-427.
122. Straub, D. W., and Collins, R. W. 1990. "Key Information Liability Issues Facing Managers: Software Piracy, Proprietary Databases, and Individual Rights to Privacy," MIS Quarterly (14:2), pp. 143-156.
123. Tan, F. B., and Hunter, M. G. 2002. "The Repertory Grid Technique: A Method for the Study of Cognition in Information Systems," MIS Quarterly (26:1), pp. 39-57.
124. Timm, N. H. 2002. "Cluster Analysis and Multidimensional Scaling," in Applied Multivariate Analysis, N. H. Timm (ed.), New York: Springer, pp. 515-555.
125. Tojib, D. R., and Sugianto, L. 2006. "Content Validity of Instruments in IS Research," Journal of Information Technology Theory and Application (8:3), pp. 31-56.
126. Ulrich, D., and McKelvey, B. 1990. "General Organizational Classification: An Empirical Test Using the United States and Japanese Electronics Industries," Organization Science (1:1), pp. 99-118.
127. Van Dyne, L., Cummings, L. L., and Parks, J. M. 1995. "Extra- Role Behaviors: In Pursuit of Construct and Definitional Clarity (A Bridge Over Muddied Waters)," in Research in Organizational Behavior (Volume 17), L. L. Cummings and B. M. Staw (eds.), Greenwich, CT: JAI Press, pp. 215-285.
128. Van Niekerk, J. F., and von Solms, R. 2010. "Information Security Culture: A Management Perspective " Computers & Security (29:4), pp. 476-486.
129. Veriphyr. 2011. "Veriphyr Survey Finds More than 70 Percent of Healthcare Providers Suffered Privacy Breach in Past 12 Months," Press Release, August 31, Veriphyr, Los Altos, CA.
130. Vroom, C., and von Solms, R. 2004. "Towards Information Security Behavioural Compliance," Computers & Security (23:3), pp. 191-198.
131. Walsham, G. 1996. "Ethical Theory, Codes of Ethics and IS Practice," Information Systems Journal (6:1), pp. 69-81.
132. Warkentin, M., and Willison, R. 2009. "Behavioral and Policy Issues in Information Systems Security: The Insider Threat," European Journal of Information Systems (18:2), pp. 101-105.
133. Whitman, M. E. 2003. "Enemy at the Gate: Threats to Information Security," Communications of the ACM (46:8), pp. 91-95.
134. Willison, R., and Siponen, M. 2009. "Overcoming the Insider: Reducing Employee Computer Crime through Situational Crime Prevention," Communications of the ACM (52:9), pp. 133-137.
135. Woon, I. M. Y., Low, R. T., and Tan, G. W. 2005. "A Protection Motivation Theory Approach to Home Wireless Security," in Proceedings of the 26th International Conference on Information Systems, Las Vegas, NV, December 11-14, pp. 367-380.
136. Workman, M., Bommer, W. H., and Straub, D. W. 2008. "Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test," Computers in Human Behavior (24:6), pp. 2799-2816.
137. Wright, G., and Ayton, P. 1987. "Eliciting and Modelling Expert Knowledge," Decision Support Systems (3:1), pp. 13-26.
138. Wu, Z., Steward, M., and Hartley, J. 2010. "Wearing Many Hats: Supply Managers' Behavioral Complexity and its Impact on Supplier Relationships," Journal of Business Research (63:8), pp. 817-823.
139. Zafar, H., and Clark, J. G. 2009. "Current State of Information Security Research in IS," Communications of the Association for Information Systems (24:1), pp. 557-596.