Faculty Research

Search Publications

Subhead goes here lipsum dolor set amet, nulla aliquiam proin.

Search Publications

[clear]
Publication Type Publication Type
Discipline Discipline
Author Author
Year Published Year Published
Filter & Sort Results: 93

Sort by

Apply
Cancel
Showing results for: ""
Results:
Conference
BIS

“Identifying potentially risky insider on-compliance using machine learning to assess multiple protection motivation behaviors”

Cybersecurity researchers have made significant steps to understand the mechanisms of security policy compliance and unify theories of security behavior. However, due partly to the limitations of traditional variance model statistical methods, these studies by necessity typically focus on a single security policy issue. By contrast, new machine learning algorithms frequently employed by data scientists offer great promise as a new statistical approach for examining robust individualized interpretations of policy and can also identify potentially risky behaviors. This study proposes to explore cybersecurity training impediments of multiple protection motivation behaviors in ransomware prevention training. It demonstrates the feasibility of using machine learning with survey items from the cybersecurity research to predict non-compliance. It also illustrates a potentially novel method to statistically validate research theory through higher levels of ML prediction. This study is a work in progress and we seek feedback on its design and relevance.
Details

2019 WISP2021: 2021 Workshop on Information Security and Privacy (WISP) Michael Curry Byron Marshall Robert Crossler

Academic Journal
BIS

“Improving IT Assessment with IT Artifact Affordance Perception Priming”

Accurately assessing organizational information technology (IT) is important for accounting professionals, but also difficult. Both auditors and the professionals from whom they gather data are expected to make nuanced judgments regarding the adequacy and effectiveness of controls that protect key systems. IT artifacts (policies, procedures, and systems) are assessed in an audit because they “afford” relevant action possibilities but perception preferences shade the results of even systematic and well-tested assessment tools. This study of 246 business students makes two important contributions. First we demonstrate that a tendency to focus on either artifact or organizational imperative systematically reduces the power of well-regarded IT measurements. Second, we demonstrate that priming is an effective intervention strategy to increase the predictive power of constructs from the familiar technology acceptance model (TAM).
Details

17-28 pages 2015 Michael Curry Byron Marshall Peter Kawalek View on: Google Scholar

Academic Journal
BIS

“InfoSec Process Action Model (IPAM): Targeting Insider's Weak Password Behavior”

The possibility of noncompliant behavior is a challenge for cybersecurity professionals and their auditors as they try to estimate residual control risk. Building on the recently proposed InfoSec Process Action Model (IPAM), this work explores how nontechnical assessments and interventions can indicate and reduce the likelihood of risky individual behavior. The multi-stage approach seeks to bridge the well-known gap between intent and action. In a strong password creation experiment involving 229 participants, IPAM constructs resulted in a marked increase in R2 for initiating compliance behavior with control expectations from 47 percent to 60 percent. Importantly, the model constructs offer measurable indications despite practical limitations on organizations' ability to assess problematic individual password behavior. A threefold increase in one measure of strong password behavior suggested the process positively impacted individual cybersecurity behavior. The results suggest that the process-nuanced IPAM approach is promising both for assessing and impacting security compliance behavior.
Details

201-225 pages 2019 American Accounting Association Michael Curry Byron Marshall John Correia Robert Crossler View on: Google Scholar

Academic Journal
BIS

“InfoSec Process Action Model (IPAM): Systematically Addressing Individual Security Behavior”

While much of the extant InfoSec research relies on single assessment models that predict intent to act, this article proposes a multi-stage InfoSec Process Action Model (IPAM) that can positively change individual InfoSec behavior. We believe that this model will allow InfoSec researchers to focus more directly on the process which leads to action and develop better interventions that address problematic security behaviors. Building on successful healthcare efforts which resulted in smoking cessation, regular exercise and a healthier diet, among others, IPAM is a hybrid, predictive, process approach to behavioral InfoSec improvement. IPAM formulates the motivational antecedents of intent as separate from the volitional drivers of behavior. Singular fear appeals often seen in InfoSec research are replaced by more nuanced treatments appropriately differentiated to support behavioral change as part of a process; phase-appropriate measures of self-efficacy are employed to more usefully assess the likelihood that a participant will act on good intentions; and decisional balance –assessment of pro and con perceptions – is monitored over time. These notions better align InfoSec research to both leading security practice and to successful comparators in healthcare. We believe IPAM can both help InfoSec research models better explain actual behavior and better inform practical security-behavior improvement initiatives.
Details

2018 Data Base for Advances in Information Systems Michael Curry Byron Marshall Robert Crossler John Correia View on: Google Scholar

Academic Journal
BIS

“IT Artifact Bias: How exogenous predilections influence organizational information system paradigms”

Efforts in IS research have long sought to bridge the gap between the information technology (IT) function and strategic business interests. Efforts in IS research have long sought to bridge the gap between the information technology (IT) function and the strategic business interests. People perceive affordances (possibilities for action) in information technology artifacts differently as cognitive structures (schema) which bias individual focus. This study explores how an individual’s tendency to perceive the ‘trees’ in an IT ‘forest’ (artifact preference), affects their assessment of efforts to achieve more effective IT outcomes. The effect is demonstrated using a relatively simple IT success model. Further, in a sample of 120 survey responses supported by ten semi-structured interviews we demonstrate that job role and organizational IT complexity systematically impact artifact perception. A better understanding of IT artifact bias promises to help organizations better assess information systems.
Details

427-436 pages 2014 Michael Curry Byron Marshall Peter Kawalek View on: Google Scholar

Conference
BIS

“IT Governance Norms and IT Success”

The checklists included in well-known IT governance frameworks may be a good fit for
large organizations that face regulatory pressure and a need for large-scale coordination
but may be less appropriate for smaller organizations. Core IT governance principles
embedded in the structure of CobiT, ITIL, and ISO2000 can be expressed as a set of IT
governance norms including business alignment, a risk/control perspective, systematic
measurement, accountability, and continuous improvement. In this study, we model IT
effectiveness and willingness to comply with best practices as effects of adopting these
norms. We propose a set of survey items tailored to help assess the constructs in this
model then partially validate them using principal components analysis. Survey
responses (n=86) reveal a significant connection between evidence of norm adoption in
organizations and IT success. This norms-based paradigm may be useful in bringing
some of the benefits of IT governance to the smaller organizations that are thought to
drive economic growth and employment.
Details

2010 2nd annual Pre‐ICIS Workshop on Accounting Information Systems Byron Marshall Michael Curry Rene Reitsma View on: Google Scholar