Showing papers in "European Journal of Information Systems in 2009"
TL;DR: An Integrated Protection Motivation and Deterrence model of security policy compliance under the umbrella of Taylor-Todd's Decomposed Theory of Planned Behaviour is developed and it is found that employees in the sample underestimate the probability of security breaches.
Abstract: Enterprises establish computer security policies to ensure the security of information resources; however, if employees and end-users of organisational information systems (IS) are not keen or are ...
1,111 citations
TL;DR: The need to understand and address the various risks to the security of the IS on which the authors depend is as alarming and challenging as the need to understanding and addressing the various risk factors.
Abstract: Modern global economic and political conditions, technological infrastructure, and socio-cultural developments all contribute to an increasingly turbulent and dynamic environment for organizations, which maintain information systems (IS) for use in business, government, and other domains. As our institutions (economic, political, military, legal, social) become increasingly global and inter-connected; as we rely more on automated control systems to provide us with energy and services; and as we establish internet-based mechanisms for coordinating this global interaction, we introduce greater vulnerability to our systems and processes. This increased dependence on cyberspace also inflates our vulnerability – isolation is no longer an option. Perhaps no aspect of this phenomenon is as alarming and challenging as the need to understand and address the various risks to the security of the IS on which we depend.
377 citations
TL;DR: A model to explain individual information security precaution-taking behavior is built and it is found that the acts of specifying policies and evaluating behaviors are effective in convincing individuals that security policies are mandatory.
Abstract: Information security has become increasingly important to organizations. Despite the prevalence of technical security measures, individual employees remain the key link – and frequently the weakest...
363 citations
TL;DR: It is demonstrated that threat and coping appraisal successfully predict SMB executives’ anti-malware software adoption intention, leading to SMB adoption.
Abstract: This study presents an empirical investigation of factors affecting small- and medium-sized business (SMB) executives’ decision to adopt anti-malware software for their organizations. A research model was developed by adopting and expanding the protection motivation theory from health psychology, which has successfully been used to investigate the effect of threat and coping appraisal on protective actions. A questionnaire-based field survey with 239 U.S. SMB executives was conducted, and the data were analyzed using partial least squares (PLS). This study demonstrates that threat and coping appraisal successfully predict SMB executives’ anti-malware software adoption intention, leading to SMB adoption. In addition, considerable variance in adoption intention and actual SMB adoption is addressed by social influence from key stakeholders and situation-specific variables, such as IT budget and vendor support. Further, the generalizability of the model was tested using industry type and IS expertise. The adoption intention of IS experts and IT intensive industries was mainly affected by threat appraisal and social influence, while that of non-IS experts and non-IT intensive industries was significantly influenced by coping appraisal and IT budget. Vendor support was a key facilitator of the anti-malware adoption for IS experts and IT intensive industry groups, while IT budget was for non-IS expert and non-IT intensive industry groups. Key implications for theory and practice are discussed.
315 citations
TL;DR: The proposed theoretical model is a theoretical model that explains non-compliance in terms of moral reasoning and values and integrates two well-known psychological theories: the Theory of Cognitive Moral Development by Kohlberg and the theory of Motivational Types of Values by Schwartz.
Abstract: It is widely agreed that employee non-adherence to information security policies poses a major problem for organizations. Previous research has pointed to the potential of theories of moral reasoning to better understand this problem. However, we find no empirical studies that examine the influence of moral reasoning on compliance with information security policies. We address this research gap by proposing a theoretical model that explains non-compliance in terms of moral reasoning and values. The model integrates two well-known psychological theories: the Theory of Cognitive Moral Development by Kohlberg and the Theory of Motivational Types of Values by Schwartz. Our empirical findings largely support the proposed model and suggest implications for practice and research on how to improve information security policy compliance.
279 citations
TL;DR: Agile research has lagged behind practice, as is often the case with new and emerging phenomena in Information Systems Development (ISD).
Abstract: Agile systems development methods emerged as a response to the inability of previous plan-driven approaches to handle rapidly changing environments (Highsmith, 2002). Originating from the so-called...
278 citations
TL;DR: This study proposes a model to understand the extent to which trust mediates the effects of vendor-specific factors on customers’ intention to repurchase from an online vendor, and finds that trust fully mediating the relationships between perceived reputation, perceived capability of order fulfillment, and repurchasing intention.
Abstract: Although e-commerce adoption and customers’ initial purchasing behavior have been well studied in the literature, repeat purchase intention and its antecedents remain understudied. This study proposes a model to understand the extent to which trust mediates the effects of vendor-specific factors on customers’ intention to repurchase from an online vendor. The model was tested and validated in two different country settings. We found that trust fully mediates the relationships between perceived reputation, perceived capability of order fulfillment, and repurchasing intention, and partially mediates the relationship between perceived website quality and repurchasing intention in both countries. Moreover, multi-group analysis reveals no significant between-country differences of the model with regards to the antecedents and outcomes of trust, except the effect of reputation on trust. Academic and practical implications and future research are discussed.
235 citations
TL;DR: This work examines how the structure of agile methods, projects, and organizations affect the adaptation of agile methodologies, and describes the various sources of structure that affect appropriation of agile practices and their characteristics.
Abstract: Agile development methodologies such as Extreme Programming are becoming increasingly popular due to their focus on managing time to market constraints and the ability to accommodate changes during the software development life cycle. However, such methodologies need to be adapted to suit the needs of different contexts. Past literature has paid little attention to examine the adaptation of agile methodologies. Using adaptive structuration theory as a lens to analyze data from a multisite case study, we examine how the structure of agile methods, projects, and organizations affect the adaptation of agile methodologies. We describe the various sources of structure that affect appropriation of agile practices, the set of appropriated practices and their characteristics, and their link to process outcomes. Based on our findings, we provide prescriptions for adapting agile development methodologies. We also discuss how adapted agile practices can address several challenges faced by agile development teams.
233 citations
TL;DR: The findings show that both research and interventions directed at increasing the retention of women must be flexible enough to respond to the variation that exists among women and within IT workplaces.
Abstract: The challenge of meeting the demand for information technology (IT) workers is addressed by examining three important organizational factors that affect women's retention in the IT field. Much of t...
164 citations
TL;DR: It is argued that decision making in software development is not characterised by a sequence of isolated or exclusive decisions; rather, decisions are inter-related, with each decision leading to further decisions, the chain of which often spans the entire duration of a project.
Abstract: Decision making in traditional software development lies with the project manager. In contrast, Agile software development teams are empowered to make decisions, while the role of project manager has changed from one of command and control (i.e. to make decisions and ensure they are implemented) to one of a facilitator. This article argues that decision making in software development is not characterised by a sequence of isolated or exclusive decisions; rather, decisions are inter-related, with each decision leading to further decisions, the chain of which often spans the entire duration of a project. Over this extended period, there are several potential factors that can negatively affect the efficacy of decision making by Agile teams. One of the findings of this exploratory longitudinal study is that the high level of empowerment of a cohesive software development team undertaking an Agile project may be one of these negative factors, as empowered, cohesive teams can exhibit problems such as gro...
136 citations
TL;DR: A contingency model for creating value from RFID supply chain projects in logistics and manufacturing environments is developed and an analysis of longitudinal real-world case data from a Canadian third-party logistics service firm's seven-layer supply chain RFID projects reveals the differential costs for the focal firm and the up-stream manufacturing as a key barrier to realizing the full RFID benefits at the supply chain level.
Abstract: In the growing literature on RFID and other network technologies, the importance of organizational transformation at the supply chain level has been recognized. However, the literature lacks concep...
TL;DR: It appears that PMO tools are difficult to implement unless a project management culture has been established, and ‘light’ PMOs were more likely to be implemented successfully.
Abstract: With the ongoing challenge of successfully managing information technology (IT) projects, organizations are recognizing the need for greater project management discipline. For many organiza...
TL;DR: It is found that collective ownership and coding standards play a role in improving software project technical quality, with collective ownership attenuating the relationship and coding Standards strengthening the relationship.
Abstract: Software development is a complex undertaking that continues to present software project teams with numerous challenges. Software project teams are adopting extreme programming (XP) practices in order to overcome the challenges of software development in an increasingly dynamic environment. The ability to coordinate software developers' efforts is critical in such conditions. Expertise coordination has been identified as an important emergent process through which software project teams manage non-routine challenges in software development. However, the extent to which XP enables software project teams to coordinate expertise is unknown. Drawing on the agile development and expertise coordination literatures, we examine the role of collective ownership and coding standards as processes and practices that govern coordination in software project teams. We examine the relationship between collective ownership, coding standards, expertise coordination, and software project technical quality in a field study of 56 software project teams comprising 509 software developers. We found that collective ownership and coding standards play a role in improving software project technical quality. We also found that collective ownership and coding standards moderated the relationship between expertise coordination and software project technical quality, with collective ownership attenuating the relationship and coding standards strengthening the relationship. Theoretical and practical implications of the findings are discussed.
TL;DR: This study study widely differing patterns of adherence to XP practices within an organization, and tease out the various issues and challenges posed by the adoption of XP.
Abstract: Extreme programming (XP), arguably the most popular agile development methodology, is increasingly finding favor among software developers. Its adoption and acceptance require significant changes in work habits inculcated by traditional approaches that emphasize planning, prediction, and control. Given the growing interest in XP, it is surprising that there is a paucity of research articles that examine the factors that facilitate or hinder its adoption and eventual acceptance. This study aims to fill this void. Using a case study approach, we provide insights into individual, team, technological, task, and environmental factors that expedite or impede the organization-wide acceptance of XP. In particular, we study widely differing patterns of adherence to XP practices within an organization, and tease out the various issues and challenges posed by the adoption of XP. Based on our findings, we evolve factors and discuss their implications on the acceptance of XP practices.
TL;DR: A case study of an RFID project at Galeria Kaufhof, a subsidiary of Metro Group and one of the largest department store chains in Europe, which encompasses a variety of RFID applications at the intersection of store logistics and customer service.
Abstract: This contribution is concerned with the business value of Radio Frequency Identification (RFID) technology in retail. We present a case study of an RFID project at Galeria Kaufhof, a subsidiary of ...
TL;DR: This paper proposes that interference between different passwords is one of the major challenges to multiple-password recall and that interference alleviation methods can significantly improve multiple- password recall and demonstrates the potential merit of practices targeting multiple- passwords interference.
Abstract: As one of the most common authentication methods, passwords help secure information by granting access only to authorized parties. To be effective, passwords should be strong, secret, and memorable. While password strength can be enforced by automated information technology policies, users frequently jeopardize secrecy to improve memorability. The password memorability problem is exacerbated by the number of different passwords a user is required to remember. While short-term memory theories have been applied to individual-password management problems, the relationship between memory and the multiple-password problem has not been examined. This paper treats the multiple-password management crisis as a search and retrieval problem involving human beings’ long-term memory. We propose that interference between different passwords is one of the major challenges to multiple-password recall and that interference alleviation methods can significantly improve multiple-password recall. A lab experiment was conducted to examine the effectiveness of two interference alleviation methods: the list reduction method and the unique identifier method. While both methods improve multiple-password recall performance, the list reduction method leads to statistically significant improvement. The results demonstrate the potential merit of practices targeting multiple-password interference. By introducing long-term memory theory to multiple-password memorability issues, this study presents implications benefiting users and serves as the potential starting point for future research.
TL;DR: Hypotheses are constructed relying on the use of the resource-based view and transaction-cost economics to analyse influences on relationship specificity of four types of IOS-related resources: business processes, human knowledge, organizational domain knowledge and IOS infrastructure.
Abstract: Trust can have imperative influences on the use of interorganizational systems (IOSs) Management, sociology and psychology literature distinguish different types of trust and attribute distinctive impacts to these types However, little is known regarding the influences of different types of trust on IOSs usage This paper focuses on how trust based on partner competence and trust based on partner openness influence the use of IOS-related resources Hypotheses are constructed relying on the use of the resource-based view and transaction-cost economics to analyse influences on relationship specificity of four types of IOS-related resources: business processes, human knowledge, organizational domain knowledge and IOS infrastructure Three case studies are conducted on interorganizational relationships employing IOSs Competence-trust is found to positively influence the use of human-knowledge resources, resources related to interlinkage of business processes and organizational domain knowledge resources Openness-trust is found to positively influence use of human-knowledge resources and organizational domain-knowledge resources
TL;DR: This work uses the Analytic Hierarchy Process to unearth, from the perspectives of two stakeholder groups of distributed software development projects, managers, and technical staff members, as to which agility facets facilitate (and to what degree) on-time completion of projects and effective collaboration in distributed ISD teams.
Abstract: Recent studies have sought to identify different types/facets of agility that can potentially contribute to distributed Information Systems Development (ISD) project success. However, prior research has not attempted to assess the relative importance of the various types of agility with respect to different ISD success measures. We believe that such an assessment is critical, since this information can enable organizations to direct scarce organizational resources to the types of agility that are most relevant. To this end, we use the Analytic Hierarchy Process to unearth, from the perspectives of two stakeholder groups of distributed software development projects, managers, and technical staff members, as to which agility facets facilitate (and to what degree) on-time completion of projects and effective collaboration in distributed ISD teams. Furthermore, noting that there is a need for an overall set of prioritized agility facets (by integrating managerial and technically oriented perspectives), we present three ways to aggregate the preferences of the two groups.
TL;DR: It is argued that during the certification process, managers should place more emphasis on the identification of frame incongruence and undertake early intervention to align frames in order to achieve overall security effectiveness in the organization.
Abstract: Although several studies have discussed the framework and value of information systems (IS) security standards and certification, there has been relatively little empirical research on how differen...
TL;DR: This work purport to raise awareness by identifying and discussing critical issues such as ownership transfer, privacy/security, computing bottleneck, read error, and cost-benefit issuessuch as opportunity cost, risk of obsolescence, information sharing, and inter-operability standards.
Abstract: Radio-Frequency Identification (RFID) tags are gaining widespread popularity throughout the supply chain from raw material acquisition, manufacturing, transportation, warehousing, retailing to the ...
TL;DR: The findings suggest that NII have the capacity to contribute to country development, both directly (via impacts on socio-economic development) and indirectly (via its impacts on governance, which in turn influences socio- economic development).
Abstract: There is growing interest in the role and contribution of national information infrastructure (NII) to the quality of governance and the socio-economic development of nation states. In this paper, ...
TL;DR: It is argued that during HIS design activities, it is essential to articulate and identify which aspects can be standardized without constraining important local flexibility and which aspects require local reconfiguration to function in a particular work context.
Abstract: In this paper, we propose an approach to balance the legitimate and yet conflicting perspectives between standardization and reconfiguration embedded within hospital information systems (HIS) desig...
TL;DR: The study's results empirically demonstrate that joint IT competence is a key driver of user satisfaction in enterprise-level IS implementations and shows that partner-based leadership between the IS department and user stakeholders also influences user satisfaction with IS implementations.
Abstract: Enterprise-level information systems (IS) are fundamental to businesses. Unfortunately, implementing these large-scale systems is a complex and risky endeavor. As a result, these initiatives must tap the expertise and active involvement of both the IS department and the enterprise's functional areas. Past studies focusing on IS implementation teams consistently identify the IS department as the source of technical expertise and leadership, while functional department team members are typically relegated to the role of business experts. However, unlike the past, many business professionals are knowledgeable about information technology (IT) and are increasingly capable of contributing to IS implementations from a technical perspective as well as a business perspective. This study examines how IT competence held by both the IS department and the user department stakeholders contributes to user satisfaction with the enterprise-level system implementation. Specifically, this research introduces a theoretically grounded construct, joint IT competence, which emerges when the IS department and user department stakeholders integrate their individually held IT competences. The study's results empirically demonstrate that joint IT competence is a key driver of user satisfaction in enterprise-level IS implementations. Although not as significant as joint IT competence, results show that partner-based leadership between the IS department and user stakeholders also influences user satisfaction with IS implementations.
TL;DR: Simulation results suggest that a mixed strategy for requirements prioritization seems to work best in all but cost for typical levels of dynamism on average, and a step-by-step method is proposed to implement a more sophisticated ‘hybrid’ approach that modulates development iteration size to maximize the expected CB for each iteration.
Abstract: In this paper, we address the efficacy and pragmatics of mixing two primary strategies for requirements prioritization in order to incorporate the benefits of both plan-based (PB) and agile develop...
TL;DR: It was found that college undergraduates with positive attitudes towards IT careers and high perceived behavioral control regarding IT majors had a greater intention of pursuing IT majors and males were more likely to choose IT than females.
Abstract: In this paper, we study factors that may influence college undergraduates’ decisions to pursue a major in information technology (IT). We develop and test a theoretical model based on social cognitive career theory and the theory of planned behavior. Data were collected through a multi-section survey given to college undergraduates at four large universities in the southeastern United States. We found that college undergraduates with positive attitudes towards IT careers and high perceived behavioral control (PBC) regarding IT majors had a greater intention of pursuing IT majors. The study also found positive links between self-evaluating outcome expectations (SEOE) and attitudes towards an IT career. In addition, males were more likely to choose IT than females, as they scored higher on computer self-efficacy, SEOE, attitudes towards IT careers, and PBC. Future research may wish to explore this disparity and may also explore factors influencing outcome expectations and attitudes. Practical recommendations include educational and media outreach efforts aimed at emphasizing the vitality of the IT job market and the interpersonal aspects of IT.
TL;DR: A framework that combines the benefit evaluation steps of identification, forecasting and assessment is introduced and six types of RFID benefits are derived that support the systematic identification of benefits, as well as the selection of forecast and assessment methods.
Abstract: As with all information technologies, there is a necessity to determine the profitability of investments in Radio Frequency Identification (RFID) ex ante. A particularly important aspect is the cha...
TL;DR: In this article, the authors developed and empirically tested a model that focuses on consumer attitudes towards technology-based services, based on the pre-prototype user acceptance framework and using RFID as a focal technology, the proposed model includes a hierarchy of three distinct consumer attitudes: towards general service concept, towards the general technology based service application and towards the RFID-enabled service.
Abstract: The introduction of emerging technologies in retailing and their infusion in the service encounter necessitates research to better understand consumer attitudes towards the usage of technology in service delivery systems. The capability of Radio Frequency Identification (RFID) technology to automatically and uniquely identify products makes this technology promising as an enabler of innovative consumer services. However there is limited research on how consumers perceive the RFID-enabled service systems. The authors develop and empirically test a model that focuses on consumer attitudes towards technology-based services. Based on the pre-prototype user acceptance framework and using RFID as a focal technology, the proposed model includes a hierarchy of three distinct consumer attitudes: towards the general service concept, towards the general technology-based service application and towards the RFID-enabled service. Perceived system characteristics as well as personality traits are included in the model. The partial least squares method of structural equation modelling is used to analyse 575 questionnaires collected in two consumer surveys in Greece (n=173) and Ireland (N=402). The results of the study show that consumer attitude towards RFID-enabled services in retailing can be modelled as a confluence of multiple attitudes. The results also indicate that perceived system-related factors – such as performance and effort expectancy – as well as individual traits – such as technology anxiety and information privacy concern – affect consumer attitude towards technology-based and RFID-enabled services, respectively.
TL;DR: This paper explores how MMC has been used during three software development projects to manage method tailoring with the intention to promote agile goals and values and reports on lessons learned with regard to maintaining coherency with the overall goals of the original method.
Abstract: The Method for Method Configuration (MMC) has been proposed as a method engineering approach to tailoring information systems development methods. This meta-method has been used on a variety of methods, but none of these studies have focused on the ability to manage method tailoring with the intention to promote specific values and goals, such as agile ones. This paper explores how MMC has been used during three software development projects to manage method tailoring with the intention to promote agile goals and values. Through content examples of method configurations we have shown that it is possible to use MMC and its conceptual framework on eXtreme Programming and we report on lessons learned with regard to maintaining coherency with the overall goals of the original method.
TL;DR: This work collects data from 17 cases worldwide in which smart cards and mobile devices have been adopted in the public transport industry over the last decade and demonstrates that service providers that use more sophisticated mobile ticketing technologies are more likely to adopt advanced strategies to create value and achieve higher performance gains.
Abstract: Using the process-oriented view and resource-based theory, we investigate how mobile ticketing technologies can successfully enable revenue management. We collect data from 17 cases worldwide in wh...
TL;DR: In this paper, the authors developed a comprehensive model to understand the factors and processes that influence turnover behavior for prospective (nascent) IT entrepreneurs, by proposing two new constructs, namely readiness to quit (to start a business) and necessary configuration to quit, which are incorporated into a conceptual framework describing how specific dimensions of RTQ change over time, either gradually or suddenly, in response to specific events.
Abstract: This paper addresses an untapped, though important, type of information technology (IT) personnel turnover: IT entrepreneurship. We develop a comprehensive model to understand the factors and processes that influence turnover behaviour for prospective (nascent) IT entrepreneurs. To do this, we review three streams of research: first, the unfolding model of voluntary turnover that specifies six stages in a process model of employee turnover; second, the entrepreneurship literature (focusing on differences between nascent entrepreneurs and non-entrepreneurs), and third, attributes of the IT personnel and IT industry. We use Image Theory as the ‘glue’ to merge these streams of research together. We do so by proposing two new constructs – readiness to quit (to start a business) (RTQ) and necessary configuration to quit (NCQ), which we incorporate into a conceptual framework describing how specific dimensions of RTQ change over time, either gradually or suddenly, in response to specific events. Based on Image Theory, we describe the process by which nascent entrepreneurs conduct a compatibility test to assess the fit between their current RTQ and the set of NCQs. If there is a fit, then the nascent entrepreneur is ready to quit his or her current job. We illustrate our model using a sample vignette involving a former IT employee who became an entrepreneur, and we provide suggestions for researchers and practitioners, based on our model and the constructs that we introduce. Although we develop our model in the context of IT turnover and entrepreneurship, RTQ and NCQ, as well as the conceptual framework, can also be applied to other types of voluntary IT turnover (e.g., accepting a position in another company).