Wednesday, July 20, 2016

Security Theories

Computer Anxiety: "Excessive timidity in using computers, negative comments against computers and information science, attempts to reduce the amount of time spent using computers, and even the avoidance of using computersfrom the place where they are located" (Doronina, 1995).

  • Doronina, O. "Fear of Computers: Its Nature, Prevention and Cure," Russian Social Science Review (36:4) 1995, pp 79-90.


General Deterrence Theory:
  • BOSS SR, KIRSCH LJ, ANGERMEIER I, SHINGLER RA and BOSS RW (2009) If Someone Is Watching, I’ll Do What I’m Asked: Mandatoriness, Control, and Information Security. European Journal of Information Systems 18(2), 151–164. 
  • STRAUB DW and WELKE RJ (1998) Coping With Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly 22(4), 441–469.
  • D’ARCY J and HOVAV A (2009) Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures. Journal of Business Ethics 89, 59–71.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125. 
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • STRAUB DW (1990) Effective IS Security: An Empirical Study. Information Systems Research 1(3), 255–276. 

Protection Motivation Theory:
  • Rogers, R.W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91, 93-114.
  • Rogers, R.W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J. Cacioppo & R. Petty (Eds.), Social psychophysiology (pp. 153-176). New York: Guilford.
  • MADDUX JE and ROGERS RW (1983) Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change. Journal of Experimental Social Psychology 19(5), 469– 479.
  • CROSSLER RE (2010) Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data. In: 43rd Hawaii International Conference on System Sciences. pp. 1–10.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125.
  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • VANCE A, SIPONEN M and PAHNILA S (2012) Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory. Information & Management 49(3–4), 190–198.
  • WOON I, TAN G-W and LOW R (2005) A Protection Motivation Theory Approach to Home Wireless Security. In: Proceedings of the 26th International Conference on Information Systems. pp. 367–380.
  • LEE Y and LARSEN KR (2009) Threat or Coping Appraisal: Determinants of SMB Executives’ Decision to Adopt Anti-Malware Software. European Journal of Information Systems 18(2), 177–187. 
Neutralization Theory:


Technology Threat Avoidance Theory (TTAT): Posits that threat avoidance behavior functions as a dynamic positive feedback loop (concept derived from cybernetic theory, and general systems theory) composed of two cognitive processes, threat and coping appraisals, which determine how an individual would cope with IT threats.
  • LIANG H and XUE Y (2009) Avoidance of Information Technology Threats: A Theoretical Perspective. MIS Quarterly 33(1), 71–90.
  • LIANG H and XUE Y (2010) Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems 11(7), 394– 413. 
Fear Appeal Theory
  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security
  • Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.
Technology Anxiety (As a predictor of technology adoption): An individual's tendency to be uneasy, aprehensive, or fearful about the current or future use of technology ((Parasuraman, et al,m 1990; Allen, 2002).
  • Allen, J.W., and Parikh, M.A. "The Impact of Personal Traits on IT Adoption," Proceedings of the 8th Americas Conference on Information Systems, Dallas, TX, USA, 2002.
  • Meuter, M.L., Ostrom, A.L., Bitner, M.J., and Rountree, R. "The Influence of Technology Anxiety on Consumer Use and Experiences with Self-Service Technologies," Journal of Business Research (56) 2003, pp 899-906.
  • Parasuraman, S., and Igbaria, M. "An Examination of Gender Differences in the Determinants of Computer Anxiety and Attitudes Towards Microcomputers Among Managers," International Journal of Man-Machine Studies (32:3) 1990, pp 327-340.

Security Theories

Computer Anxiety: "Excessive timidity in using computers, negative comments against computers and information science, attempts to reduce the amount of time spent using computers, and even the avoidance of using computersfrom the place where they are located" (Doronina, 1995).

  • Doronina, O. "Fear of Computers: Its Nature, Prevention and Cure," Russian Social Science Review (36:4) 1995, pp 79-90.


General Deterrence Theory:
  • BOSS SR, KIRSCH LJ, ANGERMEIER I, SHINGLER RA and BOSS RW (2009) If Someone Is Watching, I’ll Do What I’m Asked: Mandatoriness, Control, and Information Security. European Journal of Information Systems 18(2), 151–164. 
  • STRAUB DW and WELKE RJ (1998) Coping With Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly 22(4), 441–469.
  • D’ARCY J and HOVAV A (2009) Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures. Journal of Business Ethics 89, 59–71.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125. 
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • STRAUB DW (1990) Effective IS Security: An Empirical Study. Information Systems Research 1(3), 255–276. 

Protection Motivation Theory:
  • Rogers, R.W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91, 93-114.
  • Rogers, R.W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J. Cacioppo & R. Petty (Eds.), Social psychophysiology (pp. 153-176). New York: Guilford.
  • MADDUX JE and ROGERS RW (1983) Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change. Journal of Experimental Social Psychology 19(5), 469– 479.
  • CROSSLER RE (2010) Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data. In: 43rd Hawaii International Conference on System Sciences. pp. 1–10.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125.
  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • VANCE A, SIPONEN M and PAHNILA S (2012) Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory. Information & Management 49(3–4), 190–198.
  • WOON I, TAN G-W and LOW R (2005) A Protection Motivation Theory Approach to Home Wireless Security. In: Proceedings of the 26th International Conference on Information Systems. pp. 367–380.
  • LEE Y and LARSEN KR (2009) Threat or Coping Appraisal: Determinants of SMB Executives’ Decision to Adopt Anti-Malware Software. European Journal of Information Systems 18(2), 177–187. 
Neutralization Theory:


Technology Threat Avoidance Theory (TTAT): Posits that threat avoidance behavior functions as a dynamic positive feedback loop (concept derived from cybernetic theory, and general systems theory) composed of two cognitive processes, threat and coping appraisals, which determine how an individual would cope with IT threats.
  • LIANG H and XUE Y (2009) Avoidance of Information Technology Threats: A Theoretical Perspective. MIS Quarterly 33(1), 71–90.
  • LIANG H and XUE Y (2010) Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems 11(7), 394– 413. 
Fear Appeal Theory
  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security
  • Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.
Technology Anxiety (As a predictor of technology adoption): An individual's tendency to be uneasy, aprehensive, or fearful about the current or future use of technology ((Parasuraman, et al,m 1990; Allen, 2002).
  • Allen, J.W., and Parikh, M.A. "The Impact of Personal Traits on IT Adoption," Proceedings of the 8th Americas Conference on Information Systems, Dallas, TX, USA, 2002.
  • Meuter, M.L., Ostrom, A.L., Bitner, M.J., and Rountree, R. "The Influence of Technology Anxiety on Consumer Use and Experiences with Self-Service Technologies," Journal of Business Research (56) 2003, pp 899-906.
  • Parasuraman, S., and Igbaria, M. "An Examination of Gender Differences in the Determinants of Computer Anxiety and Attitudes Towards Microcomputers Among Managers," International Journal of Man-Machine Studies (32:3) 1990, pp 327-340.

Security Theories

Computer Anxiety: "Excessive timidity in using computers, negative comments against computers and information science, attempts to reduce the amount of time spent using computers, and even the avoidance of using computersfrom the place where they are located" (Doronina, 1995).

  • Doronina, O. "Fear of Computers: Its Nature, Prevention and Cure," Russian Social Science Review (36:4) 1995, pp 79-90.


General Deterrence Theory:
  • BOSS SR, KIRSCH LJ, ANGERMEIER I, SHINGLER RA and BOSS RW (2009) If Someone Is Watching, I’ll Do What I’m Asked: Mandatoriness, Control, and Information Security. European Journal of Information Systems 18(2), 151–164. 
  • STRAUB DW and WELKE RJ (1998) Coping With Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly 22(4), 441–469.
  • D’ARCY J and HOVAV A (2009) Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures. Journal of Business Ethics 89, 59–71.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125. 
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • STRAUB DW (1990) Effective IS Security: An Empirical Study. Information Systems Research 1(3), 255–276. 

Protection Motivation Theory:
  • Rogers, R.W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91, 93-114.
  • Rogers, R.W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J. Cacioppo & R. Petty (Eds.), Social psychophysiology (pp. 153-176). New York: Guilford.
  • MADDUX JE and ROGERS RW (1983) Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change. Journal of Experimental Social Psychology 19(5), 469– 479.
  • CROSSLER RE (2010) Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data. In: 43rd Hawaii International Conference on System Sciences. pp. 1–10.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125.
  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • VANCE A, SIPONEN M and PAHNILA S (2012) Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory. Information & Management 49(3–4), 190–198.
  • WOON I, TAN G-W and LOW R (2005) A Protection Motivation Theory Approach to Home Wireless Security. In: Proceedings of the 26th International Conference on Information Systems. pp. 367–380.
  • LEE Y and LARSEN KR (2009) Threat or Coping Appraisal: Determinants of SMB Executives’ Decision to Adopt Anti-Malware Software. European Journal of Information Systems 18(2), 177–187. 
Neutralization Theory:


Technology Threat Avoidance Theory (TTAT): Posits that threat avoidance behavior functions as a dynamic positive feedback loop (concept derived from cybernetic theory, and general systems theory) composed of two cognitive processes, threat and coping appraisals, which determine how an individual would cope with IT threats.
  • LIANG H and XUE Y (2009) Avoidance of Information Technology Threats: A Theoretical Perspective. MIS Quarterly 33(1), 71–90.
  • LIANG H and XUE Y (2010) Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems 11(7), 394– 413. 
Fear Appeal Theory
  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security
  • Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.
Technology Anxiety (As a predictor of technology adoption): An individual's tendency to be uneasy, aprehensive, or fearful about the current or future use of technology ((Parasuraman, et al,m 1990; Allen, 2002).
  • Allen, J.W., and Parikh, M.A. "The Impact of Personal Traits on IT Adoption," Proceedings of the 8th Americas Conference on Information Systems, Dallas, TX, USA, 2002.
  • Meuter, M.L., Ostrom, A.L., Bitner, M.J., and Rountree, R. "The Influence of Technology Anxiety on Consumer Use and Experiences with Self-Service Technologies," Journal of Business Research (56) 2003, pp 899-906.
  • Parasuraman, S., and Igbaria, M. "An Examination of Gender Differences in the Determinants of Computer Anxiety and Attitudes Towards Microcomputers Among Managers," International Journal of Man-Machine Studies (32:3) 1990, pp 327-340.