Critical discourse analysis as a review methodology: An empirical example

Communications of the Association for Information Systems

Volumn 37, Issue , 2015, Pages 257-285

  Wall, Jeffrey D ^a   Stahl, Bernd Carsten ^b   Salam, A F ^c  

^a MICHIGAN TECHNOLOGICAL UNIVERSITY   (United States)

^b DE MONTFORT UNIVERSITY   (United Kingdom)

^c UNIVERSITY OF NORTH CAROLINA AT GREENSBORO   (United States)

Author keywords

Critical discourse analysis; Ideological hegemony; Information security; Literature review; Security behavior; Theory and review

Indexed keywords

SECURITY OF DATA;

BEHAVIORAL INFORMATION SECURITY; CRITICAL DISCOURSE ANALYSIS; EPISTEMOLOGICAL BELIEFS; IDEOLOGICAL HEGEMONY; LITERATURE REVIEWS; SCIENTIFIC DISCOURSE; SCIENTIFIC PROGRESS; SECURITY BEHAVIOR;

BEHAVIORAL RESEARCH;

EID: 84940370178     PISSN: 15293181     EISSN: None     Source Type: Journal    
DOI: 10.17705/1cais.03711     Document Type: Article

References (100)

1. Akers, R. L. (1985). Deviant behavior: A social learning approach. Belmont, CA: Wadsworth.
2. Aksulu, A., & Wade, M. (2010). A comprehensive review and synthesis of open source research. Journal of the Association for Information Systems, 11(11), 576-656.
3. Alcadipani, R., & Hassard, J. (2010). Actor-network theory, organizations and critique: Towards a politics of organizing. Organization, 17(4), 419-435.
4. Alvesson, M., & Sandberg, J. (2011). Generating research questions through problematization. Academy of Management Review, 36(2), 247-271.
5. Bagozzi, R. P. (2011). Measurement and meaning in information systems and organizational research: Methodological and philosophical foundations. MIS Quarterly, 35(2), 261-292.
6. Barofsky, I. (1978). Compliance, adherence and the therapeutic alliance: Steps in the development of selfcare. Social Science and Medicine, 12(5), 369-376.
7. Belanger, F., & Crossler, R. E. (2011). Privacy in the digital age: A review of information privacy research in information systems. MIS Quarterly, 35(4), 1017-1041.
8. Blake, C., & Pratt, W. (2006). Collaborative information synthesis II: Recommendations for information systems to support synthesis activities. Journal of the American Society for Information Science and Technology, 57(14), 1888-1895.
9. Boell, S. K., & Cecez-Kecmanovic, D. (2014). A hermeneutic approach to conducting literature reviews and literature searches. Communications of AIS, 34(1), 257-286.
10. Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, W. R. (2009). If someone is watching, I'll do what I'm asked: Manditoriness, control, and information security. European Journal of Information Systems, 18, 151-164.
11. Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-527.
12. Cecez-Kecmanovic, D. (2001). Doing critical IS research: The question of methodology. In E. M. Trauth (Ed.), Qualitative research in IS: Issues and trends. Hershey, PA: Idea Group Publishing.
13. Chen, Y., Ramamurthy, K. R., & Wen, K.-W. (2012). Organizations’ information security policy compliance: Stick or carrot approach? Journal of Management Information Systems, 29(3), 157-188.
14. Clark, J. G., Au, Y. A., Walz, D. B., & Warren, J. (2011). Assessing researcher publication productivity in the leading information systems journals: A 2005-2009 update. Communications of the Association for Information Systems, 29, 459-504.
15. Cohen, S. (2002). Folk devils and moral panics: The creation of the mods and rockers (3rd ed.). London: Routledge.
16. Corbin, J., & Strauss, A. (1990). Grounded theory method: Procedures, canons, and evaluative criteria. Qualitative Sociology, 13, 3-21.
17. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90-101.
18. Cukier, W., Ngwenyama, O., Bauer, R., & Middleton, C. (2009). A critical analysis of media discourse on information technology: Preliminary results of a proposed method for critical discourse analysis. Information Systems Journal, 19(2), 175-196.
19. D'Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79-98.
20. Dant, T. (1991). Knowledge, ideology and discourse: A sociological perspective. New York, NY: Routledge.
21. Deci, E. L., Koestner, R., & Ryan, R. M. (1999). A meta-analytic review of experiments examining the effects of extrinsic rewards on intrinsic motivation. Psychological Bulletin, 125(6), 627-668.
22. DeLone, W. H., & McLean, E. R. (1992). Information systems success: The quest for the dependent variable. Information Systems Research, 3(1), 60-95.
23. Denzin, N. K., & Lincoln, Y. S. (2005). The discipline and practice of qualitative research. In N. K. Denzin, & Y. S. Lincoln (Eds.), The Sage handbook of qualitative research (pp. 1-33). Thousand Oaks, CA: Sage
24. Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research: Towards socioorganizational perspectives. Information Systems Journal, 11(2), 127-153.
25. Dinev, T., Goo, J., Hu, Q., & Nam, K. (2009). User behaviour towards protective information technologies: The role of national cultural differences. Information Systems Journal, 19(4), 391-412.
26. Dinev, T., & Hu, Q. (2007). The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems, 8(7), 386-408.
27. Dracup, A., & Meleis, A. (1982). Compliance: An interactionist approach. Nursing Research, 31(1), 31-36.
28. Duane, A., & Finnegan, P. (2003). Managing empowerment and control in an intranet environment. Information Systems Journal, 13, 133-158.
29. Fairclough, N., Mulderrig, J., & Wodak, R. (1997). Critical discourse analysis. In T. A. van Dijk (Ed.), Discourse studies: A multidisciplinary introduction (pp. 357-378). London: SAGE Publications.
30. Fleck, L. (1979). Genesis and development of a scientific fact. Chicago, IL: University of Chicago Press.
31. Foucault, M. (1970). The order of things: An archaeology of the human sciences. New York, NY: Random House.
32. Foucault, M. (1988). Madness and civilization: A history of insanity in the age of reason. New York, NY: Vintage.
33. Freeden, M. (2003). Ideology: A very short introduction. Oxford: Oxford University Press.
34. Glass, G. V., McGaw, B., & Smith, M. L. (1981). Meta-analysis in social research. Beverly Hills, CA: Sage.
35. Guo, K. H. (2013). Security-related behavior in using information systems in the workplace: A review and synthesis. Computers & Security, 32, 242-251.
36. Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203-236.
37. Habermas, J. (1984). The theory of communicative action. Boston, MA: Beacon Press.
38. Habermas, J. (2006). Political communication in media society: Does democracy still enjoy an epistemic dimension? The impact of normative theory on empirical research. Communication Theory, 16(4), 411-426.
39. Hawkes, D. (2003). Ideology (2nd ed.). London: Routledge.
40. Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., & Rao, H. R. (2012). Security services as coping mechanisms: An investigation into user intention to adopt an email authentication service. Information Systems Journal, 24(1), 61-48.
41. Herath, T., & Rao, H. R. (2009a). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
42. Herath, T., & Rao, H. R. (2009b). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18, 106-125.
43. Ho, S. M. (2009). Simulating insider threats with online games. Paper presented at the Workshop on Information Security and Privacy, Phoenix, AZ.
44. Hovav, A., & D'Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. And South Korea. Information & Management, 49(2), 99-110.
45. Introna, L. (1997). Management, information and power: A narrative of the involved manager. London: MacMillan.
46. Introna, L. D. (2003). Disciplining information systems: Truth and its regimes. European Journal of Information Systems, 12(3), 235-240.
47. Jasperson, J., Butler, B. S., Carte, T. A., Croes, H. J. P., Saunders, C. S., & Zheng, W. (2002). Power and information technology research: A metatriangulation review. MIS Quarterly, 26(4), 397-459.
48. Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549-566.
49. Joseph, D., Ng, K.-Y., Koh, C., & Ang, S. (2007). Turnover of information technology professionals: A narrative review, meta-analytic structural equation modeling, and model development. MIS Quarterly, 31(3), 547-577.
50. Karyda, M., Kiountouzis, E., & Kokolakis, S. (2005). Information systems security policies: A contextual perspective. Computers & Security, 24(3), 246-260.
51. Kelly, M. (Ed.). (1994). Critique and power: Recasting the Foucault. Habermas debate. Cambridge, MA: MIT Press.
52. King, M. (2009). Clarifying the Foucault-Habermas debate: Morality, ethics, and “normative foundations”. Philosophy & Social Criticism, 35(3), 287-314.
53. King, W. R., & He, J. (2005). Understanding the role and methods of meta-analysis in IS research. Communications of the AIS, 16, 665-686
54. Klein, H. K., & Myers, M. D. (1999). A set of principles for conducting and evaluating interpretive field studies in information systems. MIS Quarterly, 23(1), 67-94.
55. Knights, D., & Morgan, G. (1991). Corporate strategy, organizations, and subjectivity: A critique. Organization Studies, 12(2), 251-273.
56. Kolkowska, E., & Dhillon, G. (2013). Organizational power and information security rule compliance. Computers & Security, 33, 3-11.
57. Kuhn, T. S. (2012). The structure of scientific revolutions (4th ed.). Chicago, IL: University of Chicago Press.
58. Lange, D. (2008). A multidimensional conceptualization of organizational corruption control. Academy of Management Review, 33(3), 710-729.
59. Leidner, D., & Kayworth, T. (2006). A review of culture in information systems research: Toward a theory of information technology culture conflict. MIS Quarterly, 30(2), 357-399.
60. Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635-645.
61. Liginlal, D., Sim, I., Khansa, L., & Fearn, P. (2012). HIPAA privacy rule compliance: An interpretive study using Norman’s action theory. Computers & Security, 31(2), 206-220.
62. Lincoln, Y. S., Lynham, S. A., & Guba, E. G. (2011). Paradigmatic controversies, contradictions, and emerging confluences, revisited. In N. K. Denzin & Y. S. Lincoln (Eds.), The Sage handbook of qualitative research (pp. 97-128). Thousand Oaks, CA: Sage.
63. Lowry, P. B., Moody, G., Galletta, D., & Vance, A. (2012). The drivers in the use of online whistle-blowing reporting systems. Journal of Management Information Systems, 30(1), 153-189.
64. MacKenzie, S. B., Podsakoff, P. M., & Podsakoff, N. P. (2011). Construct measurement and validation procedures in MIS and behavioral research: Integrating new and existing techniques. MIS Quarterly, 35(2), 293-334.
65. Markus, M. L., & Saunders, C. (2007). Editor's comments: Looking for a few good concepts and theories for the information systems field. MIS Quarterly, 31(1), 3-4.
66. Maxwell, J. A. (2013). Qualitative research design: An interactive approach. Los Angeles, CA: Sage.
67. Myers, M. D., & Klein, H. K. (2011). A set of principles for conducting critical research in information systems. MIS Quarterly, 35(1), 17-36.
68. Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., & Vance, A. (2009). What levels of moral reasoning and values explain adherence to information security rules? An empirical study. European Journal of Information Systems, 18(2), 126-139.
69. Ng, B.-Y., Kankanhalli, A., & Xu, Y. C. (2009). Studying users' computer security behavior: A health belief perspective. Decision Support Systems, 46(4), 815-825.
70. Orlikowski, W. J., & Baroudi, J. J. (1991). Studying information technology in organizations: Research approaches and assumptions. Information Systems Research, 2(1), 1-28.
71. Orlikowski, W. J., & Iacono, C. S. (2001). Research commentary: Desperately seeking the "IT" in IT research--a Call to theorizing the IT artifact. Information Systems Research, 12(2), 121-134.
72. Philippe, D., & Durand, R. (2011). The impact of norm-conforming behaviors on firm reputation. Strategic Management Journal, 32(9), 969-993.
73. Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y., & Podsakoff, N. P. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879-903.
74. Posey, C., Bennett, R. J., Roberts, T. L., & Lowry, P. B. (2011). When computer monitoring backfires: Privacy invasions and organizational injustice as precursors to computer abuse. Journal of Information Systems Security, 7(1), 24-47.
75. Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., & Courtney, J. (2013). Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189-1210.
76. Puhakainen, P., & Siponen, M. (2010). Improving employees' compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757-778.
77. Rezgui, Y., & Marks, A. (2008). Information security awareness in higher education: An exploratory study. Computers & Security, 27(7), 421-253.
78. Roberts, N., Galluch, P. S., Dinger, M., & Grover, V. (2012). Absorptive capacity and information systems research: Review, synthesis, and directions for future research. MIS Quarterly, 36(2), 625-648.
79. Ryan, R. M., & Deci, E. L. (1985). Intrinsic motivation and self-determination in human behavior. New York, NY: Plenum Press.
80. Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487-A412.
81. Siponen, M., Willison, R., & Baskerville, R. (2008). Power and practice in information systems security research. Paper presented at the 29th International Conference on Information Systems, Paris, France.
82. Smith, C. A., Organ, D. W., & Near, J. P. (1983). Organizational citizenship behavior: Its nature and antecedents. Journal of Applied Psychology, 68(4), 653-663.
83. Smith, J. H., Dinev, T., & Xu, H. (2011). Information privacy research: An interdisciplinary review. MIS Quarterly, 35(4), 989-1015.
84. Son, J.-Y. (2011). Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Information & Management, 48, 296-302.
85. Spears, J. L., & H. Barki (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503-522.
86. Stahl, B. C. (2008). Information systems: Critical perspectives. London: Routledge.
87. Stahl, B. C., Doherty, N. F., & Shaw, M. (2012). Information security policies in the UK healthcare sector: A critical evaluation. Information Systems Journal, 22(1), 77-94.
88. Straub, D. W. (2009). Editor's comments: Why top journals accept your paper. MIS Quarterly, 33(3), 3-10.
89. Sutherland, E. H. (1947). Principles of criminology (4th ed.). Philadelphia, PA: J. B. Lippincott.
90. Trice, H. (1993). Occupational subcultures in the workplace. Ithaca, NY: ILR Press.
91. Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49, 190-198.
92. Wade, M., & Hulland, J. (2004). The resource-based view and information systems research: Review, extension, and suggestions for future research. MIS Quarterly, 28(1), 107-142.
93. Wall, J. D., Palvia, P., & Lowry, P. B. (2013). Control-related motivations and information security policy compliance: The role of autonomy and efficacy. Journal of Information Privacy and Security, 9(4), 52-79.
94. Walsham, G. (2006). Doing interpretive research. European Journal of Information Systems, 15(3), 320-330.
95. Warkentin, M., Johnston, A. C., & Shropshire, J. (2011). The Influence of the informal social learning environment on information privacy policy compliance efficacy and intention. European Journal of Information Systems, 20, 267-284.
96. Weber, R. (2003). Editor's comments: Theoretically speaking. MIS Quarterly, 27(3), 3-7.
97. Webster, J., & Watson, R. T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, 26(2), 8-23.
98. Whittle, A., & Spicer, A. (2008). Is actor network theory critique? Organization Studies, 29(4), 611-629.
99. Willison, R., & Warkentin, M. (2013). Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37(1), 1-20.
100. Xue, Y., Liang, H., & Wu, L. (2011). Punishment, justice, and compliance in Mandatory IT settings. Information Systems Research, 22(2), 400-414.