Introduction to the Minitrack on Emerging Issues in Distributed Group Decision-Making: Opportunities and Challenges (CC BY-NC-ND 4.0)

2023 | HICSS | Citations: 0

Authors: Aggarwal, A.; Vogel, D.; Murayama, Y.

Abstract: This mini track addresses emerging issues, such as diversity, culture, adaptabi ... Expand

Abstract: This mini track addresses emerging issues, such as diversity, culture, adaptability, mobility and agility related to teams in distributed group decision-making, as well as the underlying theories of group dynamics, coordination, and communications in both swift and ad-hoc groups. The papers submitted specifically examined the emerging issues related to cyber security. Collapse

Topics: IT security

An Investigation of Domain-based Social Influence on ChatGPT-Related Twitter Data

2023 | International Conference on Information Systems | Citations: 0

Authors: Ahangama, Supunmali

Abstract: ... Expand

Abstract: Collapse

Topics: Twitter social influence social media social identity robotic

Methods: chatGPT sentiment analysis multiple linear regression term frequency–inverse document frequency NLTK

Relating Social Media Diffusion, Education Level and Cybersecurity Protection Mechanisms to E-Participation Initiatives: Insights from a Cross-Country Analysis

2023 | Information Systems Frontiers | Citations: 0

Authors: Ahangama, Supunmali

Abstract: Virtual Social Networks (VSN) act as a catalyst for the success of the active pa ... Expand

Abstract: Virtual Social Networks (VSN) act as a catalyst for the success of the active participation of citizens in information sharing, collaboration, and decision making. VSN based e-participation tools allow many-to-many communication and collaboration near real-time with users who might be in geographically dispersed locations. It provides a platform to voice opinions and perspectives and share them with others in new and innovative ways. Cybersecurity is a key area that needs to be considered for the success and continuous use of e-participation systems as it protects user privacy and helps to avoid scams, harassment, and misinformation. The intervening effect of cybersecurity protection mechanisms and citizens’ education level on the relationship between VSN diffusion and e-participation initiatives is explored in the proposed research model presented in this paper. Moreover, this research model is explored for different stages of e-participation (e-information, e-consultation, and e-decision making) and the five dimensions of cybersecurity (legal, technical, organizational, capacity building, and cooperation). The findings indicate that improved VSN usage has increased e-participation (especially in e-consultation and e-decision making) as a result of improved cybersecurity protection and public education, highlighting the varying importance of different cybersecurity protection measures for three stages of e-participation. Thus, considering the recent problems like platform manipulation, misinformation and data breaches associated with the use of VSN for e-participation, this study emphasizes the importance of regulations, policies, partnerships, technical frameworks, and research to ensure cybersecurity, as well as the importance of education to enable the public to interact productively in e-participation activities. This study is performed using publicly available data from 115 countries and the research model is developed, drawing theoretical basis from the Protection Motivation Theory, Structuration Theory, and Endogenous Growth Theory. This paper recognizes the theoretical and practical implications, and limitations while recommending future research directions. Collapse

Topics: IT security decision making human resource management social network government system

Methods: survey partial least squares path modeling cross sectional research mediation analysis archival research

Theories: protection motivation theory structuration theory

Benchmarking the Robustness of Phishing Email Detection Systems

2023 | Americas Conference on Information Systems | Citations: 0

Authors: Ampel, Benjamin; Gao, Yang; Hu, James; Samtani, Sagar; Chen, Hsinchun

Abstract: Social engineering attacks are currently the most cited cybersecurity threat to ... Expand

Abstract: Social engineering attacks are currently the most cited cybersecurity threat to organizations. Phishing emails are the most salient form of social engineering attacks. Organizations are increasingly implementing AI-enabled systems to detect phishing emails. However, AI-enabled systems are often susceptible to textual perturbations, where an adversary makes a small change to cause a misclassification. In this study, we sought to identify the performance of prevailing phishing email detection systems (PEDS) against character, word, sentence, and multi-level adversarial text perturbations. Through a principled benchmarking framework, we quantitatively demonstrated the lack of robustness prevailing PEDS have to specific types of text-based adversarial perturbations (e.g., character, word, sentence, multi-level). The results of this study provide new insights into the robustness of AI-based PEDS and highlight the need for organizations to adopt a multi-layered approach to phishing protection. Additionally, organizations can implement our benchmark framework to test their PEDS against adversarial perturbations. Collapse

Topics: artificial intelligence electronic mail email phishing phishing IT security

Methods: word2vec random forest classification naïve bayes literature study pre-trained language model

Design of a Novel Information System for Semi-automated Management of Cybersecurity in Industrial Control Systems

2023 | ACM Transactions on Management Information Systems | Citations: 0

Authors: Ameri, Kimia; Hempel, Michael; Sharif, Hamid; Lopez, Juan; Perumalla, Kalyan

Abstract: There is an urgent need in many critical infrastructure sectors, including the e ... Expand

Abstract: There is an urgent need in many critical infrastructure sectors, including the energy sector, for attaining detailed insights into cybersecurity features and compliance with cybersecurity requirements related to their Operational Technology (OT) deployments. Frequent feature changes of OT devices interfere with this need, posing a great risk to customers. One effective way to address this challenge is via a semi-automated cyber-physical security assurance approach, which enables verification and validation of the OT device cybersecurity claims against actual capabilities, both pre- and post-deployment. To realize this approach, this article presents new methodology and algorithms to automatically identify cybersecurity-related claims expressed in natural language form in ICS device documents. We developed an identification process that employs natural language processing (NLP) techniques with the goal of semi-automated vetting of detected claims against their device implementation. We also present our novel NLP components for verifying feature claims against relevant cybersecurity requirements. The verification pipeline includes components such as automated vendor identification, device document curation, feature claim identification utilizing sentiment analysis for conflict resolution, and reporting of features that are claimed to be supported or indicated as unsupported. Our novel matching engine represents the first automated information system available in the cybersecurity domain that directly aids the generation of ICS compliance reports. Collapse

Topics: IT security database system website Python electronic authentication

Methods: computational algorithm sentiment analysis natural language processing BERT language model

Detecting Privacy Threats with Machine Learning: A Design Framework for Identifying Side-Channel Risks of Illegitimate User Profiling

2023 | Americas Conference on Information Systems | Citations: 0

Authors: Anwar, Raja Hasnain; Zou, Yi (Zoe); Raza, Muhammad Taqi

Abstract: Privacy leakage has become prevalent and severe with the increasing adoption of ... Expand

Abstract: Privacy leakage has become prevalent and severe with the increasing adoption of the internet of things (IoT), artificial intelligence (AI), and blockchain technologies. Such data-intensive systems are vulnerable to side-channel attacks in which hackers can extract sensitive information from a digital device without actively manipulating the target system. Nevertheless, there is a scarcity of IS research on how businesses can effectively detect and safeguard against side-channel attacks. This study adopts the design science paradigm and lays the groundwork for systematic inquiry into the assessment of privacy risks related to side-channels. In this paper, we a) highlight the privacy threats posed by side-channel attacks, b) propose a machine learning-driven design framework to identify side-channel privacy risks, and c) contribute to the literature on privacy analytics using machine learning techniques. We demonstrate a use case of the proposed framework with a text classification model that uses keystroke timings as side-channel. Collapse

Topics: privacy IT security data breach information system use

Methods: design framework machine learning design science time series analysis longitudinal research

Introduction to the Minitrack on Business Intelligence, Business Analytics, and Big Data: Innovation, Deployment, and Management

2023 | HICSS | Citations: 0

Authors: Ariyachandra, Thilini; Marjanovic, Olivera; Dinter, Barbara

Abstract: ... Expand

Abstract: Collapse

Topics: IT security organizational value big data

Methods: action design research personal interview structured literature research

Building Digital Trust to Protect Whistleblowers - A blockchain-based Reporting Channel

2023 | HICSS | Citations: 0

Authors: Asprion, Petra; Grieder, Hermann; Grimmberg, Frank; Moriggl, Pascal

Abstract: Organizations today need internal reporting channels to report illegal/unethical ... Expand

Abstract: Organizations today need internal reporting channels to report illegal/unethical misconduct. For this purpose, organizations set up one or more - often digital - internal reporting channels. Persons/Employees who want to report misconduct, so-called whistleblowers, expose themselves to reprisals and therefore need trustworthy reporting channels which ensure ´Digital Trust´. Blockchain, a technology that overcomes the need for trust due to its properties of immutability and integrity of data, could be promising as underlying technology for a digital reporting channel which is recognized as trustworthy. In our research, we explored multiple perspectives relevant to a trustworthy digital reporting system. Applying design science research, we evaluated the current state of the art of (digital) reporting channels and developed a prototypical blockchain-based reporting solution called “Integrity@Inside”. The prototype is being iteratively demonstrated and pre-evaluated. Collapse

Topics: blockchain electronic health privacy IT security usability

Methods: design artifact qualitative interview design process design science expert panel

An Adversarial Dance: Toward an Understanding of Insiders’ Responses to Organizational Information Security Measures

2023 | Journal of the Association for Information Systems | Citations: 0

Authors: Balozian, Puzant; Burns, A.; Leidner, Dorothy

Abstract: Despite the increased focus on organizational security policies and programs, s ... Expand

Abstract: Despite the increased focus on organizational security policies and programs, some employees continue to engage in maladaptive responses to security measures (i.e., behaviors other than those recommended, intended, or prescribed). To help shed light on insiders' adaptive and maladaptive responses to IS security measures, we conducted a case study of an organization at the forefront of security policy initiatives. Drawing on the beliefs-actions-outcomes (BAO) model to analyze our case data, we uncover a potentially nonvirtuous cycle consisting of security-related beliefs, actions, and outcomes, which we refer to as an "adversarial dance." Explaining our results, we describe a novel belief framework that identifies four security belief profiles and uncovers an underexplored outcome of IS security: insiders' lived security experiences. We find that individuals' unfavorable lived security experiences produce counterproductive security-related beliefs that, in turn, lead to maladaptive behaviors. Maladaptive behaviors create new potential for security risk, leading to increased organizational security measures to counter them. Thus, the adversarial dance continues, as the new security measures have the potential to reinforce counterproductive security-related beliefs about the importance and risk of IS security and lead to new maladaptive behaviors. To help situate our findings within the current security literature, we integrate the results with prior research based on extant theories. While this paper is not the first to suggest that security measures can elicit maladaptive behaviors, the emergent belief framework and expanded BAO model of IS security constitute an important contribution to the behavioral IS security literature.Puzant Balozian is an assistant professor of computer information systems at James Madison University. His research focus is primarily on the impacts of organizational factors on individual user behaviors in the context of information security and privacy and addressing security policy compliance and violation. Collapse

Topics: IT security IT security defense productivity IT security threat anonymity

Methods: case study qualitative interview personal interview theory development survey

Theories: information systems theory neutralization theory behavioral theory

Give me 3W1H: A Bibliometric View on Accountable AI

2023 | International Conference on Information Systems | Citations: 0

Authors: Bartsch, Sebastian; Schmidt, Jan-Hendrik

Abstract: Accountability is crucial to make stakeholders of Artificial Intelligence (AI)- ... Expand

Abstract: Accountability is crucial to make stakeholders of Artificial Intelligence (AI)-based systems justify their actions, thereby explaining the harm such systems cause to AI users. Due to the importance of accountability in the context of AI, accountability was introduced into IS research through literature reviews. Therefore, while IS research's understanding of accountability covers the necessary depth, it comes at the expense of its essential breadth. Using a bibliometric analysis with 19,978 English-language papers, we shed light on the essential breadth posing three W-and one H-questions (When, What, Whereof, and How). Therefore, we contribute to IS research by highlighting the urgent need to revise existing definitions of accountability in the context of AI and establish them in IS research. We argue that a missing revision leads to non-transferrable findings within IS research. Accordingly, this study serves as a starting point for adapting definitions and creating a shared understanding in IS research. Collapse

Topics: artificial intelligence explainable artificial intelligence legal context database system IT security

Methods: word embedding word2vec bibliometric analysis machine learning supervised learning