Showing papers in "Management Information Systems Quarterly in 2010"

Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness

Abstract: Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the information security rules and regulations of the organization are the key to strengthening information security, understanding compliance behavior is crucial for organizations that want to leverage their human capital. This research identifies the antecedents of employee compliance with the information security policy (ISP) of an organization. Specifically, we investigate the rationality-based factors that drive an employee to comply with requirements of the ISP with regard to protecting the organization's information and technology resources. Drawing on the theory of planned behavior, we posit that, along with normative belief and self-efficacy, an employee's attitude toward compliance determines intention to comply with the ISP. As a key contribution, we posit that an employee's attitude is influenced by benefit of compliance, cost of compliance, and cost of noncompliance, which are beliefs about the overall assessment of consequences of compliance or noncompliance. We then postulate that these beliefs are shaped by the employee's outcome beliefs concerning the events that follow compliance or noncompliance: benefit of compliance is shaped by intrinsic benefit, safety of resources, and rewards, while cost of compliance is shaped by work impediment; and cost of noncompliance is shaped by intrinsic cost, vulnerability of resources, and sanctions. We also investigate the impact of information security awareness (ISA) on outcome beliefs and an employee's attitude toward compliance with the ISP. Our results show that an employee's intention to comply with the ISP is significantly influenced by attitude, normative beliefs, and self-efficacy to comply. Outcome beliefs significantly affect beliefs about overall assessment of consequences, and they, in turn, significantly affect an employee's attitude. Furthermore, ISA positively affects both attitude and outcome beliefs. As the importance of employees' following their organizations' information security rules and regulations increases, our study sheds light on the role of ISA and compliance-related beliefs in an organization's efforts to encourage compliance.

What makes a helpful online review? a study of customer reviews on amazon.com

Abstract: Customer reviews are increasingly available online for a wide range of products and services. They supplement other information provided by electronic storefronts such as product descriptions, reviews from experts, and personalized advice generated by automated recommendation systems. While researchers have demonstrated the benefits of the presence of customer reviews to an online retailer, a largely uninvestigated issue is what makes customer reviews helpful to a consumer in the process of making a purchase decision. Drawing on the paradigm of search and experience goods from information economics, we develop and test a model of customer review helpfulness. An analysis of 1,587 reviews from Amazon.com across six products indicated that review extremity, review depth, and product type affect the perceived helpfulness of the review. Product type moderates the effect of review extremity on the helpfulness of the review. For experience goods, reviews with extreme ratings are less helpful than reviews with moderate ratings. For both product types, review depth has a positive effect on the helpfulness of the review, but the product type moderates the effect of review depth on the helpfulness of the review. Review depth has a greater positive effect on the helpfulness of the review for search goods than for experience goods. We discuss the implications of our findings for both theory and practice.

Fear appeals and information security behaviors: an empirical study

Abstract: Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However, within the context of computer security and information assurance, it is not yet clear how these fear-inducing arguments, known as fear appeals, will ultimately impact the actions of end users. The purpose of this study is to investigate the influence of fear appeals on the compliance of end users with recommendations to enact specific individual computer security actions toward the mitigation of threats. An examination was performed that culminated in the development and testing of a conceptual model representing an infusion of technology adoption and fear appeal theories. Results of the study suggest that fear appeals do impact end user behavioral intentions to comply with recommended individual acts of security, but the impact is not uniform across all end users. It is determined in part by perceptions of self-efficacy, response efficacy, threat severity, and social influence. The findings of this research contribute to information systems security research, human-computer interaction, and organizational communication by revealing a new paradigm in which IT users form perceptions of the technology, not on the basis of performance gains, but on the basis of utility for threat mitigation.

Information systems innovation for environmental sustainability

Abstract: Human life is dependent upon the natural environment, which, most would agree, is rapidly degrading. Business enterprises are a dominant form of social organization and contribute to the worsening, and enhancement, of the natural environment. Scholars in the administrative sciences examine questions spanning organizations and the natural environment but have largely omitted the information systems perspective. We develop a research agenda on information systems innovation for environmental sustainability that demonstrates the critical role that IS can play in shaping beliefs about the environment, in enabling and transforming sustainable processes and practices in organizations, and in improving environmental and economic performance. The belief-action-outcome (BAO) framework and associated research agenda provide the basis for a new discourse on IS for environmental sustainability.

Information systems and environmentally sustainable development: energy informatics and new directions for the is community

Abstract: While many corporations and Information Systems units recognize that environmental sustainability is an urgent problem to address, the IS academic community has been slow to acknowledge the problem and take action We propose ways for the IS community to engage in the development of environmentally sustainable business practices Specifically, as IS researchers, educators, journal editors, and association leaders, we need to demonstrate how the transformative power of IS can be leveraged to create an ecologically sustainable society In this Issues and Opinions piece, we advocate a research agenda to establish a new subfield of energy informatics, which applies information systems thinking and skills to increase energy efficiency We also articulate how IS scholars can incorporate environmental sustainability as an underlying foundation in their teaching, and how IS leaders can embrace environmental sustainability in their core principles and foster changes that reduce the environmental impact of our community

Neutralization: new insights into the problem of employee systems security policy violations

Abstract: Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior. In doing so, we propose a theoretical model in which the effects of neutralization techniques are tested alongside those of sanctions described by deterrence theory. Our empirical results highlight neutralization as an important factor to take into account with regard to developing and implementing organizational security policies and practices.

Computing in everyday life: a call for research on experiential computing

Abstract: The information systems field emerged as a new discipline of artificial science as a result of intellectual efforts to understand the nature and consequences of computer and communication technology in modern organizations. As the rapid development of digital technology continues to make computers and computing a part of everyday experiences, we are once again in need of a new discipline of the artificial. In this essay, I argue that the IS community must expand its intellectual boundaries by embracing experiential computing as an emerging field of inquiry in order to fill this growing intellectual void. Experiential computing involves digitally mediated embodied experiences in everyday activities through everyday artifacts that have embedded computing capabilities. Experiential computing is enabled by the mediation of four dimensions of human experiences (time, space, actors, and artifacts) through digital technology. Drawing on a research framework that encompasses both behavioral and design sciences, six research opportunities that the IS research community can explore are suggested. Ultimately, I propose that the IS field return to its roots, the science of the artificial, by decisively expanding the scope of its inquiry and establishing a new domain of research on computing in everyday life experiences.

Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions

Abstract: Although firms are expending substantial resources to develop technology and processes that can help safeguard the security of their computing assets, increased attention is being focused on the role people play in maintaining a safe computing environment. Unlike employees in a work setting, home users are not subject to training, nor are they protected by a technical staff dedicated to keeping security software and hardware current. Thus, with over one billion people with access to the Internet, individual home computer users represent a significant point of weakness in achieving the security of the cyber infrastructure. We study the phenomenon of conscientious cybercitizens, defined as individuals who are motivated to take the necessary precautions under their direct control to secure their own computer and the Internet in a home setting. Using a multidisciplinary, phased approach, we develop a conceptual model of the conscientious cybercitizen. We present results from two studies-a survey and an experiment-conducted to understand the drivers of intentions to perform security-related behavior, and the interventions that can positively influence these drivers. In the first study, we use protection motivation theory as the underlying conceptual foundation and extend the theory by drawing upon the public goods literature and the concept of psychological ownership. Results from a survey of 594 home computer users from a wide range of demographic and socio-economic backgrounds suggest that a home computer user's intention to perform security-related behavior is influenced by a combination of cognitive, social, and psychological components. In the second study, we draw upon the concepts of goal framing and self-view to examine how the proximal drivers of intentions to perform security-related behavior identified in the first study can be influenced by appropriate messaging. An experiment with 101 subjects is used to test the research hypotheses. Overall, the two studies shed important new light on creating more conscientious cybercitizens. Theoretical and practical implications of the findings are discussed.

The other side of acceptance: studying the direct and indirect effects of emotions on information technology use

Abstract: Much ado has been made regarding user acceptance of new information technologies. However, research has been primarily based on cognitive models and little attention has been given to emotions. This paper argues that emotions are important drivers of behaviors and examines how emotions experienced early in the implementation of new IT applications relate to IT use. We develop a framework that classifies emotions into four distinct types: challenge, achievement, loss, and deterrence emotions. The direct and indirect rela tionships between four emotions (excitement, happiness, anger, and anxiety) and IT use were studied through a survey of 249 bank account managers. Our results indicate that excitement was positively related to IT use through task adaptation. Happiness was directly positively related to IT use and, surprisingly, was negatively associated with task adaptation, which is a facilitator of IT use. Anger was not related to IT use directly, but it was positively related to seeking social support, which in turn was positively related to IT use. Finally, anxiety was negatively related to IT use, both directly and indirectly through psychological distancing. Anxiety was also indirectly positively related to IT use through seeking social support, which countered the original negative effect of anxiety. Post hoc ANOVAs were conducted to compare IT usage of different groups of users experiencing similar emotions but relying on different adaptation behaviors. The paper shows that emotions felt by users early in the implementation of a new IT have important effects on IT use. As such, the paper provides a complementary perspective to understanding acceptance and antecedents of IT use. By showing the importance and complexity of the relationships between emotions and IT use, the paper calls for more research on the topic

The impact of information technology and transactive memory systems on knowledge sharing, application, and team performance: a field study

Abstract: In contemporary knowledge-based organizations, teams often play an essential role in leveraging knowledge resources. Organizations make significant investments in information technology to support knowledge management practices in teams. At the same time, recent studies show that the transactive memory system (TMS)-the specialized division of cognitive labor among team members that relates to the encoding, storage, and retrieval of knowledge-is an important factor that affects a team's performance. Yet little is known of how IT support for knowledge management practices in organizations affects the development of TMS. Furthermore, the precise role of TMS on knowledge sharing and knowledge application, which in turn influences team performance, has not been fully explored. In order to close this gap in the literature, we conducted a field study that involved 139 on-going teams of 743 individuals from two major firms in South Korea. Our results show that IT support in organizations has a positive impact on the development of TMS in teams, and that both TMS and IT support have a positive impact on knowledge sharing and knowledge application. Furthermore, we found that knowledge sharing has a positive impact on knowledge application, which in turn has a direct impact on team performance. However, contrary to our expectation, knowledge sharing does not have a direct impact on team performance and its impact on team performance was fully mediated by knowledge application. Our research shows that organizations can improve team members' meta-knowledge of who knows what through the careful investment in information technology. Finally, our results show that sharing knowledge alone is not enough. Organizations must ensure that shared knowledge is in fact applied in order to improve team performance.

Improving employees' compliance through information systems security training: an action research study

Abstract: Employee noncompliance with information systems security policies is a key concern for organizations. If users do not comply with IS security policies, security solutions lose their efficacy. Of the different IS security policy compliance approaches, training is the most commonly suggested in the literature. Yet, few of the existing studies about training to promote IS policy compliance utilize theory to explain what learning principles affect user compliance with IS security policies, or offer empirical evidence of their practical effectiveness. Consequently, there is a need for IS security training approaches that are theory-based and empirically evaluated. Accordingly, we propose a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model. We then validate the training program for IS security policy compliance training through an action research project. The action research intervention suggests that the theory-based training achieved positive results and was practical to deploy. Moreover, the intervention suggests that information security training should utilize contents and methods that activate and motivate the learners to systematic cognitive processing of information they receive during the training. In addition, the action research study made clear that a continuous communication process was also required to improve user IS security policy compliance. The findings of this study offer new insights for scholars and practitioners involved in IS security policy compliance.

Toward agile: an integrated analysis of quantitative and qualitative field data

Abstract: As business and technology environments change at an unprecedented rate, software development agility to respond to changing user requirements has become increasingly critical for software development performance. Agile software development approaches, which emphasize sense-and-respond, self-organization, cross-functional teams, and continuous adaptation, have been adopted by an increasing number of organizations to improve their software development agility. However, the agile development literature is largely anecdotal and prescriptive, lacking empirical evidence and theoretical foundation to support the principles and practices of agile development. Little research has empirically examined the software development agility construct in terms of its dimensions, determinants, and effects on software development performance. As a result, there is a lack of understanding about how organizations can effectively implement an agile development approach. Using an integrated research approach that combines quantitative and qualitative data analyses, this research opens the black box of agile development by empirically examining the relationships among two dimensions of software development agility (software team response extensiveness and software team response efficiency), two antecedents that can be controlled (team autonomy and team diversity), and three aspects of software development performance (on-time completion, on-budget completion, and software functionality). Our PLS results of survey responses of 399 software project managers suggest that the relationships among these variables are more complex than what has been perceived by the literature. The results suggest a tradeoff relationship between response extensiveness and response efficiency. These two agility dimensions impact software development performance differently: response efficiency positively affects all of on-time completion, on-budget completion, and software functionality, whereas response extensiveness positively affects only software functionality. The results also suggest that team autonomy has a positive effect on response efficiency and a negative effect on response extensiveness, and that team diversity has a positive effect on response extensiveness. We conducted 10 post hoc case studies to qualitatively cross-validate our PLS results and provide rich, additional insights regarding the complex, dynamic interplays between autonomy, diversity, agility, and performance. The qualitative analysis also provides explanations for both supported and unsupported hypotheses. We discuss these qualitative analysis results and conclude with the theoretical and practical implications of our research findings for agile development approaches.

The formation and value of IT-enabled resources: antecedents and consequences of synergistic relationships

Abstract: This paper informs the literature on the business value of information technology by conceptualizing a path from IT assets-that is, commodity-like or off-the-shelf information technologies-to sustainable competitive advantage. This path suggests that IT assets can play a strategic role when they are combined with organizational resources to create IT-enabled resources. To the extent that relationships between IT assets and organizational resources are synergistic, the ensuing IT-enabled resources are capable of positively affecting firms' sustainable competitive advantage via their improved strategic potential. This is an important contribution since IT-related organizational benefits have been hard to demonstrate despite attempts to study them through a variety of methods and theoretical lenses. This paper synthesizes systems theory and the resource-based view of the firm to build a unified conceptual model linking IT assets with firm-level benefits. Several propositions are derived from the model and their implications for IS research and practice are discussed.

Information systems strategy: reconceptualization, measurement, and implications

Abstract: Information systems strategy is of central importance to IS practice and research. Our extensive review of the literature suggests that the concept of IS strategy is a term that is used readily; however, it is also a term that is not fully understood. In this study, we follow a perspective paradigm based on the strategic management literature to define IS strategy as an organizational perspective on the investment in, deployment, use, and management of IS. Through a systematic literature search, we identify the following three conceptions of IS strategy employed implicitly in 48 articles published in leading IS journals that focus on the construct of IS strategy: (1) IS strategy as the use of IS to support business strategy; (2) IS strategy as the master plan of the IS function; and (3) IS strategy as the shared view of the IS role within the organization. We find the third conception best fits our definition of IS strategy. As such, we consequently propose to operationalize IS strategy as the degree to which the organization has a shared perspective to seek innovation through IS. Specifically, our proposed IS strategic typology suggests an organization's IS strategy falls into one of the two defined categories (i.e., IS innovator or IS conservative) or is simply undefined. We also develop measures for this new typology. We argue that the proposed instrument, which was cross-validated across both chief information officers and senior business executives, has the potential to serve as a diagnostic tool through which the organization can directly assess its IS strategy. We contend that our reconceptualization and operationalization of IS strategy provides theoretical and practical implications that advance the current level of understanding of IS strategy from extant studies within three predominant literature streams: strategic IS planning, IS/business strategic alignment, and competitive use of IS.

Expectation disconfirmation and technology adoption: polynomial modeling and response surface analysis

Abstract: Individual-level information systems adoption research has recently seen the introduction of expectation-disconfirmation theory (EDT) to explain how and why user reactions change over time. This prior research has produced valuable insights into the phenomenon of technology adoption beyond traditional models, such as the technology acceptance model. First, we identify gaps in EDT research that present potential opportunities for advances-specifically, we discuss methodological and analytical limitations in EDT research in information systems and present polynomial modeling and response surface methodology as solutions. Second, we draw from research on cognitive dissonance, realistic job preview, and prospect theory to present a polynomial model of expectation-disconfirmation in information systems. Finally, we test our model using data gathered over a period of 6 months among 1,143 employees being introduced to a new technology. The results confirmed our hypotheses that disconfirmation in general was bad, as evidenced by low behavioral intention to continue using a system for both positive and negative disconfirmation, thus supporting the need for a polynomial model to understand expectation disconfirmation in information systems.

Understanding organization-enterprise system fit: a path to theorizing the information technology artifact

Abstract: Packaged software applications such as enterprise systems are designed to support generic rather than specific requirements, and hence are likely to be an imperfect fit in any particular instance. Using critical realism as our philosophical perspective, we conducted a three-year qualitative study of misfits that arose from an enterprise system (ES) implementation. A detailed analysis of the observed misfits resulted in a richer understanding of the concept of fit and of the ES artifact itself. Specifically, we found six misfit domains (functionality, data, usability, role, control and organizational culture) and within each, two types of misfit (deficiencies and impositions). These misfit types correspond to two newly defined types of fit: fit as coverage and fit as enablement. Our analysis of fit also revealed a new conceptualization of the ES artifact, with implications for IT artifacts in general.

What does the brain tell us about trust and distrust? evidence from a functional neuroimaging study

Abstract: Determining whom to trust and whom to distrust is a major decision in impersonal IT-enabled exchanges. Despite the potential role of both trust and distrust in impersonal exchanges, the information systems literature has primarily focused on trust, alas paying relatively little attention to distrust. Given the importance of studying both trust and distrust, this study aims to shed light on the nature, dimensionality, distinction, and relationship, and relative effects of trust and distrust on economic outcomes in the context of impersonal IT-enabled exchanges between buyers and sellers in online marketplaces. This study uses functional neuroimaging (fMRI) tools to complement psychometric measures of trust and distrust by observing the location, timing, and level of brain activity that underlies trust and distrust and their underlying dimensions. The neural correlates of trust and distrust are identified when subjects interact with four experimentally manipulated seller profiles that differ on their level of trust and distrust. The results show that trust and distrust activate different brain areas and have different effects, helping explain why trust and distrust are distinct constructs associated with different neurological processes. Implications for the nature, distinction and relationship, dimensionality, and effects of trust and distrust are discussed.

User participation in information systems security risk management

Abstract: This paper examines user participation in information systems security risk management and its influence in the context of regulatory compliance via a multi-method study at the organizational level. First, eleven informants across five organizations were interviewed to gain an understanding of the types of activities and security controls in which users participated as part of Sarbanes-Oxley compliance, along with associated outcomes. A research model was developed based on the findings of the qualitative study and extant user participation theories in the systems development literature. Analysis of the data collected in a questionnaire survey of 228 members of ISACA, a professional association specialized in information technology governance, audit, and security, supported the research model. The findings of the two studies converged and indicated that user participation contributed to improved security control performance through greater awareness, greater alignment between IS security risk management and the business environment, and improved control development. While the IS security literature often portrays users as the weak link in security, the current study suggests that users may be an important resource to IS security by providing needed business knowledge that contributes to more effective security measures. User participation is also a means to engage users in protecting sensitive information in their business processes.

Job characteristics and job satisfaction: understanding the role of enterprise resource

Abstract: Little research has examined the impacts of enterprise resource planning (ERP) systems implementation on job satisfaction. Based on a 12-month study of 2,794 employees in a telecommunications firm, we found that ERP system implementation moderated the relationships between three job characteristics (skill variety, autonomy, and feedback) and job satisfaction. Our findings highlight the key role that ERP system implementation can have in altering well-established relationships in the context of technology-enabled organizational change situations. This work also extends research on technology diffusion by moving beyond a focus on technology-centric outcomes, such as system use, to understanding broader job outcomes.

A multi-project model of key factors affecting organizational benefits from enterprise systems

Abstract: This paper develops a long-term, multi-project model of factors affecting organizational benefits from enterprise systems (ES), then reports a preliminary test of the model. In the shorter-term half of the model, it is hypothesized that once a system has gone live, two factors, namely functional fit and overcoming organizational inertia, drive organizational benefits flowing from each major ES improvement project. The importance of these factors may vary from project to project. In the long-term half of the model, it is hypothesized that four additional factors, namely integration, process optimization, improved access to information, and on-going major ES business improvement projects, drive organizational benefits from ES over the long term. Preliminary tests of the model were conducted using data from 126 customer presentations from SAP's 2003 and 2005 Sapphire U.S. conferences. All six factors were found to be important in explaining variance in organizational benefits from enterprise systems from the perspective of senior management.

Affect in web interfaces: a study of the impacts of web page visual complexity and order

Abstract: This research concentrates on visual complexity and order as central factors in the design of webpages that enhance users' positive emotional reactions and facilitate desirable psychological states and behaviors. Drawing on existing theories and empirical findings in the environmental psychology, human-computer interaction, and marketing research literatures, a research model is developed to explain the relationships among visual complexity and order design features of a webpage, induced emotional responses in users, and users' approach behaviors toward the website as moderated by users' metamotivational states. A laboratory experiment was conducted to test the model and its associated hypotheses. The results of the study suggested that a web user's initial emotional responses (i.e., pleasantness and arousal), evoked by the visual complexity and order design features of a webpage when first encountered, will have carry-over effects on subsequent approach behavior toward the website. The results also revealed how webpage visual complexity and order influence users' emotions and behaviors differently when users are in different metamotivational states. The salience and importance of webpage visual complexity and order for users' feelings of pleasantness were largely dependent on users' metamotivational states.

Chasing the hottest IT: effects of information technology fashion on organizations

Abstract: What happens to organizations that chase the hottest information technologies? This study examines some of the important organizational impacts of the fashion phenomenon in IT. An IT fashion is a transitory collective belief that an information technology is new, efficient, and at the forefront of practice. Using data collected from published discourse and annual IT budgets of 109 large companies for a decade, I have found that firms whose names were associated with IT fashions in the press did not have higher performance, but they had better reputation and higher executive compensation in the near term. Companies investing in IT in fashion also had higher reputation and executive pay, but they had lower performance in the short term and then improved performance in the long term. These results support a fashion explanation for the middle phase diffusion of IT innovations, illustrating that following fashion can legitimize organizations and their leaders regardless of performance improvement. The findings also extend institutional theory from its usual focus on taken-for-granted practices to fashion as a novel source of social approval. This study suggests that practitioners balance between performance pressure and social approval when they confront whatever is hottest in IT.

Are there neural gender differences in online trust? an fMRI study on the perceived trustworthiness of ebay offers

Abstract: Research provides increasing evidence that women and men differ in their decisions to trust. However, information systems research does not satisfactorily explain why these gender differences exist. One possible reason is that, surprisingly, theoretical concepts often do not address the most obvious factor that influences human behavior: biology. Given the essential role of biological factors-and specifically those of the brain-in decisions to trust, the biological influences should naturally include those related to gender. As trust considerations in economic decision making have become increasingly complex with the expansion of Internet use, understanding the related biological/brain functions and the involvement of gender provides a range of valuable insights. To show empirically that online trust is associated with activity changes in certain brain areas, we used functional magnetic resonance imaging (fMRI). In a laboratory experiment, we captured the brain activity of 10 female and 10 male participants simultaneous to decisions on trustworthiness of eBay offers. We found that most of the brain areas that encode trustworthiness differ between women and men. Moreover, we found that women activated more brain areas than did men. These results confirm the empathizing- systemizing theory, which predicts gender differences in neural information processing modes. In demonstrating that perceived trustworthiness of Internet offers is affected by neurobiology, our study has major implications for both IS research and management. We confirm the value of a category of research heretofore neglected in IS research and practice, and argue that future IS research investigating human behavior should consider the role of biological factors. In practice, biological factors are a significant consideration for management, marketing, and engineering attempts to influence behavior.

Web 2.0 and politics: the 2008 u.s. presidential election and an E-politics research agenda

Abstract: The Internet was a major factor in the 2008 U.S. presidential campaign and has become an important tool for political communication and persuasion. Yet, information systems research is generally silent on the role of the Internet in politics. In this paper, we argue that IS is positioned to enhance understanding of the influence of the Internet on politics, and, more specifically, the process of election campaigning using Internet-based technologies such as Web 2.0. In this paper, we discuss how these technologies can change the nature of competition in politics and replace or complement traditional media. Our empirical study on how Web 2.0 technologies were used by the candidates leading up to the 2008 U.S. presidential primaries sheds light on how these technologies influenced candidate performance. Finally, we outline a research agenda highlighting where IS can contribute to the academic discourse on e-politics.

An empirical analysis of the impact of information capabilities design on business process outsourcing performance

Abstract: Organizations today outsource diverse business processes to achieve a wide variety of business objectives ranging from reduction of costs to innovation and business transformation. We build on the information processing view of the firm to theorize that performance heterogeneity across business process outsourcing (BPO) exchanges is a function of the design of information capabilities (IC) that fit the unique information requirements (IR) of the exchange. Further, we compare performance effects of the fit between IR and IC across dominant categories of BPO relationships to provide insights into the relative benefits of enacting such fit between the constructs. Empirical tests of our hypotheses using survey data on 127 active BPO relationships find a significant increase (decrease) in satisfaction as a result of the fit (misfit) between IR and IC of the relationship. The results have implications for how BPO relationships must be designed and managed to realize significant performance gains. The study also extends the IPV to identify IC that provide the incentives and means to process information in an interfirm relationship.

Toward ethical information systems: the contribution of discourse ethics

Abstract: Ethics is important in the Information Systems field as illustrated by the direct effect of the Sarbanes-Oxley Act on the work of IS professionals. There is a substantial literature on ethical issues surrounding computing and information technology in the contemporary world, but much of this work is not published nor widely cited in the mainstream IS literature. The purpose of this paper is to offer one contribution to an increased emphasis on ethics in the IS field. The distinctive contribution is a focus on Habermas's discourse ethics. After outlining some traditional theories of ethics and morality, the literature on IS and ethics is reviewed, and then the paper details the development of discourse ethics. Discourse ethics is different from other approaches to ethics as it is grounded in actual debates between those affected by decisions and proposals. Recognizing that the theory could be considered rather abstract, the paper discusses the need to pragmatize discourse ethics for the IS field through, for example, the use of existing techniques such as soft systems methodology. In addition, the practical potential of the theory is illustrated through a discussion of its application to specific IS topic areas including Web 2.0, open source software, the digital divide, and the UK biometric identity card scheme. The final section summarizes ways in which the paper could be used in IS research, teaching, and practice.

Market value of voluntary disclosures concerning information security

Abstract: Information security is a fundamental concern for corporations operating in today's digital economy. The number of firms disclosing items concerning their information security on reports filed with the U.S. Securities and Exchange Commission (SEC) has increased in recent years. A question then arises as to whether or not there is value to the voluntary disclosures concerning information security. Thus, the primary objective of this paper is to assess empirically the market value of voluntary disclosures of items pertaining to information security. Based on a sample of 1,641 disclosing and 19,266 non-disclosing firm-years in a cross-sectional pooled model, our primary findings provide strong evidence that voluntarily disclosing items concerning information security is associated positively with the market value of a firm. These findings are based on the use of a market-value relevance model, as well as a bid-ask spread analysis. The study's findings are robust to alternative statistical analyses. The findings also provide support for the signaling argument, which states that managers disclose information in a manner consistent with increased firm value. Finally, the study findings provide some insight into the strategic choice that firms make regarding voluntary disclosures about information security.

Detecting fake websites: the contribution of statistical learning theory

Abstract: Fake websites have become increasingly pervasive, generating billions of dollars in fraudulent revenue at the expense of unsuspecting Internet users. The design and appearance of these websites makes it difficult for users to manually identify them as fake. Automated detection systems have emerged as a mechanism for combating fake websites, however most are fairly simplistic in terms of their fraud cues and detection methods employed. Consequently, existing systems are susceptible to the myriad of obfuscation tactics used by fraudsters, resulting in highly ineffective fake website detection performance. In light of these deficiencies, we propose the development of a new class of fake website detection systems that are based on statistical learning theory (SLT). Using a design science approach, a prototype system was developed to demonstrate the potential utility of this class of systems. We conducted a series of experiments, comparing the proposed system against several existing fake website detection systems on a test bed encompassing 900 websites. The results indicate that systems grounded in SLT can more accurately detect various categories of fake websites by utilizing richer sets of fraud cues in combination with problem-specific knowledge. Given the hefty cost exacted by fake websites, the results have important implications for e-commerce and online security.