When Do IT Security Investments Matter?  Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches

Angst, Corey M.; Block, Emily S.; D’Arcy, John; Kelley, Ken

doi:10.25300/misq/2017/41.3.10

Cited by 155 publications

(76 citation statements)

References 98 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Thus, the close relation between both theory types is attenuated and the influence of external factors such as legal and social structures promoted. In this regard, IS studies which employ an Institutional Theory approach, have investigated and demonstrated the influence of environmental aspects such as conformity with external norms and social influence on investment decisions [7,18].…”

Section: Organizational Decision-makingmentioning

confidence: 99%

“…Selection criteria were mostly determined by the theoretical framework and the resulting focus on the decision process. As a result, publications like Angst and colleagues' investigation of institutional factors in healthcare security investment [7] which detail the evaluation and implementation of investments rather than the decision process leading towards the investment, were excluded. Similarly, Baskerville's [5] study on risk analysis covers only the second phase of Straub and Welke's [14] model and was thus suspended after full text screening.…”

Section: Search and Selection Strategymentioning

confidence: 99%

“…, 5]. Recently however, commonly employed cost-benefit analyses [e.g., 6] or the consideration of institutional factors [e.g., 3,7] increasingly acknowledge the presence and influence of economic, organizational or environmental aspects during the IT security decision process.…”

Section: Introductionmentioning

confidence: 99%

“…Against this backdrop, this paper proposes a conceptual framework that builds on insights from organizational IT security research before employing a qualitative approach to identify which contextual aspects affect decision-makers in predominantly small and medium-sized enterprises (SME) regarding the decision-making process in organizational IT security through 25 expert interviews. Small and medium-sized enterprises have been particularly overlooked by IS security literature which continues to focus on large enterprises within specific industries, i.e., healthcare and finance [e.g., 7,10] although SME account for more than 95% of enterprises worldwide [11]. Decision-makers in SME however are directly responsible for their businesses' survival which requires them to take various internal and external factors into account and heightens the influence of individual characteristics when deciding upon investing in IT measures in general, and IT security in particular [e.g., 12,13].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Holistic View on Organizational IT Security: The Influence of Contextual Aspects During IT Security Decisions

Heidt

Gerlach

Buxmann

2019

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Decisions regarding organizational IT security are often approximated by models drawing on normative statistical decision theories even though several IS researchers and studies in cognate disciplines have argued for the importance of contextual aspects. Based on findings in organizational and behavioral science and 25 expert interviews, this paper proposes a framework, postulating that IT security (investment) decisions are largely influenced by such contextual aspects: organizational, environmental, economic, and not least of all by cognitive and behavioral aspects of decision-makers. Subsequently, we review organizational IT security literature building on Straub and Welke's Security Risk Planning Model and the previously postulated conceptual framework. This critical literature review highlights the scarcity of studies analyzing IT security decision-making from a behavioral, environmental, and organizational perspective and thus argues for the importance and future consideration of contextual aspects regarding IT security decisions.

show abstract

Section: Organizational Decision-makingmentioning

confidence: 99%

Section: Search and Selection Strategymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Holistic View on Organizational IT Security: The Influence of Contextual Aspects During IT Security Decisions

Heidt

Gerlach

Buxmann

2019

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…A abordagem institucional foi utilizada recentemente em trabalhos sobre o tema (Tejay & Barton, 2013;Anthony et al, 2014;Lopes & Sá-Soares, 2014;Alkalbani, Deng & Kam, 2015;Angst, Block, D'Arcy, & Kelley, 2017;Alkalbani et al, 2017;Hou et al, 2018;Choi, Lee, & Hwang, 2018), mas, se analisados em conjunto, esses trabalhos são inconclusivos quanto aos mecanismos institucionais que pressionam as organizações a adoptarem medidas de Segurança da Informação, pois apontam para pressões normativas e miméticas (Tejay & Barton, 2013), coercitivas (AlKalbani et al, 2015Hou et al, 2018), miméticas e coercitivas (Anthony et al, 2014;Alkalbani et al, 2017), e coercitivas e normativas (Kam et al, 2013;Lopes & Sá-Soares, 2014;Choi et al, 2018). Além disso, os trabalhos abordam principalmente medidas formais (Williams et al, 2013;Kam et al, 2013;Lopes & Sá-Soares, 2014;Anthony et al, 2014;Angst et al, 2017;Alkalbani et al, 2017;Hou et al, 2018;Choi et al, 2018), dando pouca atenção às medidas informais e técnicas.…”

Section: Modelo De Pesquisaunclassified

A Adopção de Medidas Formais, Informais e Técnicas de Segurança da Informação e sua Relação com as Pressões do Ambiente Institucional

Junior

Santos

Oliveira

et al. 2018

RISTI

View full text Add to dashboard Cite

Organizations may adopt Information Security measures to protect information, but adoption may be influenced by external environment through RISTI, N.º 30, 12/2018 A Adopção de Medidas Formais, Informais e Técnicas de Segurança da Informação e sua Relação com as Pressões regulations, contracts, agreements, and inspection, professional knowledge about international standards and technologies that are taken for granted, and imitation of successful constituents of environment. However, it is not known what pressures influence adoption of different types of Information Security measures. This paper aimed to identify which coercive, mimetic, and normative pressures influence adoption of formal, informal, and technical Information Security measures in Brazilian public universities, which have the challenge of disseminating knowledge while need to protect research information and private data. The research involved a survey with universities' Information Security managers and professionals, and research in documents. The results show adoption of technical and informal measures is influenced mainly by normative pressures while formal measures are adopted due to coercive pressures.

show abstract

Examining the predictive relevance of security, privacy risk factors, and institutional logics for e‐government service adoption

Bayaga

2021

E J Info Sys Dev Countries

View full text Add to dashboard Cite

Following the increasing debate around the possible influencers on the adoption of electronic-government (e-government) services, the current research was aimed at examining the predictive relevance of security and privacy risk factors through the lens of institutional logics for e-government service adoption. Guided by the research aim, the study adopted the questionnaire method. Based on the review of the relevant literature and the study's aim, the partial least square structural equation modeling (PLS-SEM) was employed to analyze the data by making use of the SmartPLS 3.2.8 software to assess both the outer and structural models. It was evidenced that privacy and security risk factors as well as institutional logics together account for 61.7% of South African citizens' reasons for adopting e-government services, while the other 38.3% were explained by factors that did not form part of this study. These findings contributed a new view and an extension of the model, providing the insight that privacy and security risk factors as well as institutional logics together are significant predictors of citizens' willingness to adopt e-government services. By implication, the results establish the interconnectedness of the predictive relevance of institutional logics and the adoption of e-government services.

show abstract

When Do IT Security Investments Matter? Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches

Cited by 155 publications

References 98 publications

A Holistic View on Organizational IT Security: The Influence of Contextual Aspects During IT Security Decisions

A Holistic View on Organizational IT Security: The Influence of Contextual Aspects During IT Security Decisions

A Adopção de Medidas Formais, Informais e Técnicas de Segurança da Informação e sua Relação com as Pressões do Ambiente Institucional

Examining the predictive relevance of security, privacy risk factors, and institutional logics for e‐government service adoption

Contact Info

Product

Resources

About