Faculty Research

Search Publications

Subhead goes here lipsum dolor set amet, nulla aliquiam proin.

Search Publications

[clear]
Publication Type Publication Type
Discipline Discipline
Author Author
Year Published Year Published
Filter & Sort Results: 93

Sort by

Apply
Cancel
Showing results for: ""
Results:
Conference
BIS

“Do Measures of Security Compliance Intent Equal Non-Compliance Scenario Agreement?”

To better protect organizations from the threat of insiders, IS security (ISS) research frequently emphasizes IS Security Policy (ISP) behavior. The effectiveness of an assessment model is typically analyzed either using short survey statements (behavior survey) or by using scenario agreement (prospective scenario) to measure current and prospective compliance (or non-compliance) behavior. However, a significant gap is the lack of statistical evidence to demonstrate that these two measures or dependent variables (DV) sufficiently agree with one another. We report on an effort to compare and contrast two assessment models which employed alternate styles of DVs and demonstrate that the primary construct from two different ISS behavioral theories had approximately the same effect size on either of the DVs. Our findings add support for substantial (but not overly correlated) synchronization between the two DV values, since we also observe that the prospective scenario non-compliance measure resulted in lower model fit while the behavior survey compliance measures fit both models with higher accuracy. We discuss our findings and recommend that for many studies there can be value in employing both DVs.
Details

2022 WISP2022: 2022 Workshop on Information Security and Privacy (WISP) Byron Marshall Forough Shadbad Michael Curry David Biros

Conference
BIS

“Does Using CobiT Improve IT Solution Proposals?”

The CobiT (Control Objectives for Information and related Technology) framework is designed to help organizations implement IT governance practices by systematically shaping identifiable IT processes to better leverage IT expenditures. The control structure advocated in CobiT embodies governance notions including business alignment, a risk/control perspective, systematic measurement, accountability, and continuous improvement. Despite the rise of internal control regulation, not all organizations have implemented systematic IT controls and many, notably small, organizations may never do so. This study explores whether exposing decision makers to CobiT positively affects the IT solutions they generate. We present a framework (drawn primarily from the structure of CobiT) for identifying normatively better IT plans as measured by application of governance principles. We report on 115 IT solution proposals created by business students. The proposals developed using CobiT more frequently took a risk/control approach, addressed the need for continuous improvement, referred to general IT processes, identified the people who should implement a solution, and proposed more measures of success. Thus, exposing decision makers to a systematic IT governance framework promises to help them generate more comprehensive solutions to IT challenges.
Details

2010 AAA Annual Meeting, IS Section Byron Marshall Michael Curry Rene Reitsma

Academic Journal
BIS

“EBizPort: Collecting and Analyzing Business Intelligence Information”

In this article, Marshall, McDonald, Chen, and Chung take a different approach to supporting search services to large and heterogeneous document collections. They propose development of a domain-specific collection by crawling the content of a small set of highly reputable sites, maintaining a local index of the content, and providing browsing and searching services on the specialized content. This resource, known as a vertical portal, has the potential of overcoming several problems associated with bias, update delay, reputation, and integration of scattered information. The article discusses the design of a vertical portal system's architecture called EbizPort, rationale behind its major components, and algorithms and techniques for building collections and search functions. Collection (or more broadly content) has an obvious relationship to the nature of the search interface, as it can impact the type of search functions that can be offered. Powerful search interface functions were built for EbizPort by exploiting the underlying content representation and a relatively narrow and well-defined domain focus. Particularly noteworthy are the innovative browsing functions, which include a summarizer, a categorizer, a visualizer, and a navigation side-bar. The article ends with a discussion of an evaluation study, which compared the EbizPort system with a baseline system called Brint. Results are presented on effectiveness and efficiency, usability and information quality, and quality of local collection and content retrieved from other sources (an extended search operation called meta-search service was also provided in the system). Overall, the authors find that EbizPort outperforms the baseline system, and it provides a viable way to support access to business information.
Details

873-891 pages 2004 Journal of the Association for Information Science and Technology Byron Marshall Dan McDonald Hsinchun Chen Wingyan Chung View on: Google Scholar

Academic Journal
BIS

“Evaluating IT Integration Risk Prior to Mergers and Acquisitions”

Integration of IT systems and IT management processes is one of the major challenges in the mergers and acquisitions (M&A) process that affects all aspects of the merged business and is, therefore, crucial to the overall success of the M&A process. The purpose of this article is to highlight various types of IT integration risks and the associated costs that must be considered and factored in with the predeal negotiations in each and every M&A. This is important, especially because of the huge costs involved in integrating incompatible systems and meeting the mandatory regulatory compliance requirements. The article suggests looking closely at technical, managerial and user/application level risk factors as part of the M&A pre-merger due diligence. This effort would also evaluate the potential real costs of IT integration post-merger and contribute to the overall M&A valuation. Some of this approach is already widely recommended by M&A advisors and major consulting firms. The article recommends going even further by creating a national M&A IT integration database that provides anonymous inventory of IT integration risk factors and costs before and after an M&A to better understand how IT integration risk impacts the valuation and success or failure of M&As.
Details

2016 ISACA Journal Deepak Khazanchi Vipin Arora

Academic Journal
BIS

“Extracting Gene Pathway Relations Using a Hybrid Grammar: The Arizona Relation Parser”

Motivation: Text-mining research in the biomedical domain has been motivated by the rapid growth of new research findings. Improving the accessibility of findings has potential to speed hypothesis generation.

Results: We present the Arizona Relation Parser that differs from other parsers in its use of a broad coverage syntax-semantic hybrid grammar. While syntax grammars have generally been tested over more documents, semantic grammars have outperformed them in precision and recall. We combined access to syntax and semantic information from a single grammar. The parser was trained using 40 PubMed abstracts and then tested using 100 unseen abstracts, half for precision and half for recall. Expert evaluation showed that the parser extracted biologically relevant relations with 89% precision. Recall of expert identified relations with semantic filtering was 35 and 61% before semantic filtering. Such results approach the higher-performing semantic parsers. However, the AZ parser was tested over a greater variety of writing styles and semantic content.
Details

3370-8 pages 2004 Bioinformatics Dan McDonald Hsinchun Chen Hua Su Byron Marshall View on: Google Scholar

Conference
BIS

“Fear Appeals Versus Priming in Ransomware Training”

Employee non-compliance is at the heart of many of today’s security incidents. Training programs often employ fear appeals to motivate individuals to follow policy and take action to reduce security risks. While the literature shows that fear appeals drive intent to comply, there is much less evidence of their impact after intention is formed. Building on IPAM – a process nuanced model for compliance training and assessment – this study contrasts the impact of fear appeals vs. self-efficacy priming on ransomware training. In our proposed study, a pool of students will participate in a three-step series of training events. Some participants will encounter enhanced fear appeals at each step while others will be presented with materials that include
priming signals intended to foster development of increased self-efficacy. Previously identified
drivers of behavior (intent, processed-nuanced forms of self-efficacy, and outcome expectations)
are measured so that the effect of the treatments can be contrasted. A scenario agreement
methodology is used to indicate behavior as a dependent variable. We expect to show that while
fear appeals are useful and help build intent to comply at the motivational stage, process-nuanced
self-efficacy treatments are expected have a stronger effect on behavior post-intentional.
Details

2018 Pre-ICIS Workshop on Information Security and Privacy (WISP 2018) Michael Curry Byron Marshall Rob Crossler John Correia View on: Google Scholar