scispace - formally typeset
Search or ask a question
Author

Markus Neumann

Bio: Markus Neumann is an academic researcher. The author has contributed to research in topics: Information security awareness & Security awareness. The author has an hindex of 4, co-authored 10 publications receiving 223 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: In this article, a meta-model that explains employees' information systems security behavior is introduced by assembling the core constructs of the used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT), and Technology Acceptance Model (TAM).
Abstract: Purpose – This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for future research are worked out by analyzing and synthesizing existing literature. Design/methodology/approach – This paper presents the results of a literature review comprising 113 publications. The literature review was designed to identify applied theories and to understand the cognitive determinants in the research field. A meta-model that explains employees’ IS security behavior is introduced by assembling the core constructs of the used theories. Findings – The paper identified 54 used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM). By synthesizing results of empirically tested research models, a survey of factors proven to have a significant influence on empl...

162 citations

Proceedings ArticleDOI
07 Jan 2013
TL;DR: A theory-based literature review of the extant approaches used within employees' information security awareness and behavior research over the past decade is presented, focusing on the four main behavioral theories.
Abstract: Today's organizations are highly dependent on information management and processes. Information security is one of the top issues for researchers and practitioners. In literature, there is consent that employees are the weakest link in IS security. A variety of researchers discuss explanations for employees' security related awareness and behavior. This paper presents a theory-based literature review of the extant approaches used within employees' information security awareness and behavior research over the past decade. In total, 113 publications were identified and analyzed. The information security research community covers 54 different theories. Focusing on the four main behavioral theories, a state-of-the-art overview of employees' security awareness and behavior research over the past decade is given. From there, gaps in existing research are uncovered and implications and recommendations for future research are discussed. The literature review might also be useful for practitioners that need information about behavioral factors that are critical to the success of a organization's security awareness.

94 citations

Proceedings Article
01 Jan 2012
TL;DR: After approximately one decade of ECM research, this paper provides an in-depth review of the body of academic research: the ECM domain, its evolution, and main topics are characterized.
Abstract: Managing information and content on an enterprise-wide scale is challenging. Enterprise content management (ECM) can be considered as an integrated approach to information management. While this concept received much attention from practitioners, ECM research is still an emerging field of IS research. Most authors that deal with ECM claim that there is little scholarly literature available. After approximately one decade of ECM research, this paper provides an in-depth review of the body of academic research: the ECM domain, its evolution, and main topics are characterized. An established ECM research framework is adopted, refined, and explained with its associated elements and working definitions. On this basis, 68 articles are reviewed, classified, and concepts are derived. Prior research is synthesized and findings are integrated in a conceptcentric way. Further, implications for research and practice, including future trends, are drawn.

24 citations

Proceedings Article
01 Jan 2012
TL;DR: The 7W Framework for content assessment contains a collection of metadata (attributes, typical attribute values) to create customized content surveys and proposes a document map, able to integrate the ECM perspectives and provides decision support.
Abstract: Nowadays, documents can be scattered across a company in different versions, formats, and languages, and even on different systems. Not only is the resulting content chaos inefficient, it brings with it a number of risks. However, information that is contained in unstructured documents is increasingly becoming a key business resource. Enterprise content management (ECM) is used to manage unstructured content on an enterprise-wide scale. Despite the practical importance of ECM, research is still at an immature state and the process perspective is widely neglected. We suggest a process-oriented approach to identifying, assessing, documenting, classifying and visualizing enterprise content. Within a globally operating engineering company, we check to what extent the applicability of the designed research artifact can be assumed. We give process-oriented guidelines to identify and document enterprise content. Our 7W Framework (7WF) for content assessment contains a collection of metadata (attributes, typical attribute values) to create customized content surveys. Different visual representations of content are proposed, including a document map. Combining business processes and the content of an enterprise, the document map is able to integrate the ECM perspectives and provides decision support. Technical requirements can be derived from it and indepth analysis of business-critical content is enabled.

4 citations

Journal Article
TL;DR: Das Ergebnis der durchgefuhrten, zweistufigen empirischen Untersuchung ist eine bedingte Praxisrelevanz und eine eingeschrankte praktische Anwendbarkeit, welches auf dem Modell von DeLone und McLean basiert.
Abstract: ZUSAMMENFASSUNG) Weitgehend unbestritten besteht ein wertschopfendes Potenzial von Informationssystemen. Die Messung und Bestimmung von Wirkungszusammenhangen gilt jedoch als Herausforderung. Das Modell zur Erfolgsmessung von Informationssystemen von DeLone und McLean leistet dabei einen Beitrag, ist in der Forschung verbreitet und wird umfassend diskutiert. Die Praxisrelevanz ist dagegen nur unzureichend untersucht. Die Wirtschaftsinformatik als angewandte Forschungsdisziplin fordert den Nachweis des praktischen Nutzens der wissenschaftlichen Artefakte. Die Zielsetzung dieses Aufsatzes ist die Prufung der Praxisrelevanz sowie der praktischen Anwendbarkeit des Modells von DeLone und McLean. Das Ergebnis der durchgefuhrten, zweistufigen empirischen Untersuchung ist eine bedingte Praxisrelevanz und eine eingeschrankte praktische Anwendbarkeit. Aufbauend auf diesen Ergebnissen wird ein mit einem Praxispartner gemeinsam erarbeitetes Konzept fur die IS-Erfolgsmessung in der Praxis prasentiert, welches auf dem Modell von DeLone und McLean basiert.

4 citations


Cited by
More filters
Journal ArticleDOI

2,707 citations

Journal ArticleDOI
TL;DR: A research framework is outlined that synthesizes the construct linkages within the current literature and identifies a series of gaps and draw on additional theoretical perspectives to propose a revised framework that can be used as a basis for future research.
Abstract: A major stream of research within the field of information systems security examines the use of organizational policies that specify how users of information and technology resources should behave ...

134 citations

Journal ArticleDOI
TL;DR: This is the first systematic literature review on threat modeling to the best of the authors' knowledge and can be used for researchers and practitioners who want to know the state-of-the-art threat modeling methods.

120 citations

Journal ArticleDOI
TL;DR: A model of employee compliance with information security policy (ISP) is presented that explicates stable, cognitive beliefs regarding the consequences of compliance and noncompliance as well as state‐based affective constructs, namely, positive and negative mood states and episodic, security‐related work‐impediment events.
Abstract: We present a model of employee compliance with information security policy (ISP) that (1) explicates stable, cognitive beliefs regarding the consequences of compliance and noncompliance as well as state-based affective constructs, namely, positive and negative mood states and episodic, security-related work-impediment events, and (2) provides an expanded conceptualisation of moral considerations and normative influences regarding employees' ISP compliance. Because affect is central to this theorisation, we ensure that the model captures and explains differences in day-to-day affective constructs to account for the often fleeting nature of affective states. We test our multilevel model using an experience-sampling methodology design, in which employees completed daily surveys over a 2-week period, followed by a hierarchal linear modelling statistical assessment. Our contribution to theory is a unique account of ISP compliance that integrates affective factors with constructs from rational choice theory and theory of planned behaviour and that diverges from prior conceptualisations of ISP compliance as a purely stable and reason-based phenomenon. For practitioners, our results suggest that a combination of cognitive and affective influences may produce discrete episodes of ISP compliance that do not coincide with prior behavioural trends.

106 citations

Journal ArticleDOI
TL;DR: The paper contributes to IS compliance research by offering a comparative and holistic view on ISA program design practices and identifies influences on users' perceptions centering on IS risks, responsibilities, ISP importance and knowledge, and neutralization behaviors.

79 citations