A temporal graph framework for intelligence extraction in social media networks

2023 | Information & Management | Citations: 0

Authors: Chung, Wingyan; Lai, Vincent S.

Abstract: Social media networks (SMNs) are increasingly used in professional management of ... Expand

Abstract: Social media networks (SMNs) are increasingly used in professional management of knowledge workers and related assets. However, the factors affecting behavioral trends and activity levels in these networks are not well understood. Although social and cognitive theories can help to explain human behavior in traditional social networks, their application to SMNs has not been validated. Traditional social network modeling techniques may not accurately predict real-world SMN activities. This research developed a temporal graph framework for in­ telligence extraction in SMNs. Theory-based, data-driven models (Conformity Model (COM), Recency-Primacy Model (REM), Trend Interaction Model (TIM), Periodic Interaction Model (PIM)) were developed based on the framework to capture various aspects of user behavior: conformity effect, recency, primacy, periodicity, and dynamic trend. The models capture the activity history and dynamically combine pricing information to enhance predictive accuracy. Using data of 83,536 GitHub software repositories on cryptocurrency, this article reports the results of experiments that compare the models’ performance in predicting SMN activities over time. Experi­ mental results show that the model (REM) that captures recency/primacy effects of human cognitive processing outperformed other models in 9 (out of 18) measures pertaining to engagement, contribution, influence, and popularity. Primacy plays a dominant role in predicting engagement, contribution, and popularity, whereas recency plays a key role in predicting influence. Short-term trend (modeled with TIM) was found to yield significantly better performance on predicting user contribution. The models also outperformed an integrated machine learning (IML) model by most measures. Overall, the effects modeled by REM and TIM were found to be more significant than the effects modeled by COM, PIM, and IML. The research contributes to enhancing un­ derstanding of SMN behavior, developing new models to simulate and predict SMN activities, and designing new artifacts for information systems practitioners to manage knowledge assets and to extract SMN intelligence. Collapse

Topics: cryptocurrency social network systems development situation awareness user behavior

Methods: experiment machine learning longitudinal research computational algorithm time series analysis

Theories: psychological theory social contagion theory social interactionist theory social impact theory social sciences theory

The effects of knowledge mechanisms on employees' information security threat construal

2023 | Information Systems Journal | Citations: 1

Authors: Mady, Ashraf; Gupta, Saurabh; Warkentin, Merrill

Abstract: Organisations implement a variety of knowledge mechanisms such as information se ... Expand

Abstract: Organisations implement a variety of knowledge mechanisms such as information security education, training and awareness (SETA) programs and information security policies, to influence employees' secure behaviour. Despite increased efforts to provide information systems (IS) security knowledge to employees, data breaches and other security incidents resulting from insider behaviour continue. Recent IS security research, primarily grounded on assumptions of employees' rational assessment of numerous factors, has yielded inconsistent results. Challenging this paradigm, we model secure behaviour on security knowledge mechanisms, which focuses on the multidimensional nature of security knowledge breadth, depth and finesse to represent the full array of managerial levers. We further draw on construal level theory to conceptualise users' perceptual judgements of security messages. Two studies support our model, with the second building on the first. Study 1, an experiment with 312 participants, focused on validating the treatments. Study 2, a survey with 219 participants, validated the entire model. Results showed that our model has significantly more explanatory and predictive power than the orthodox paradigm. Our results have practical implications for optimising the organisation of knowledge mechanisms by emphasising the personal relevance of threats and defining the factors that lead to secure behaviour. We also contribute to the discourse on information security research and provide a template for integrating theories, thus opening new avenues for future research. Collapse

Topics: data security email phishing security policy IT security task complexity

Methods: survey experiment Student's t-test parametric test survey design

Theories: construal level theory security compliance theory

Triad or Error? Introducing Three Basic Dimensions of Competence as a Driving Force for Information Security Performance

2023 | International Conference on Information Systems | Citations: 0

Authors: Rampold, Florian; Masuch, Kristin; Warwas, Julia; Trang, Simon

Abstract: As security incidents such as data breaches have dramatically increased in rece ... Expand

Abstract: As security incidents such as data breaches have dramatically increased in recent years, companies have acknowledged the utmost importance of implementing SETA (Security, Education, Training, and Awareness) programs. Although there has been much effort in designing these programs as effectively as possible, many security incidents are caused by employee misconduct. In this study, we shed light on the basic dimensions of information security competence (ISC) that employees need to efficiently improve their performance in dealing with security threats. Using a competence model from the field of vocational education, we conceptualize information security competence as a multidimensional construct. We then empirically test the impact of information security competence on information security performance in a study with 234 participants. Our results suggest that a differentiated view of competence is necessary, first, to improve employee performance in dealing with security threats and, second, to develop SETA programs that address employee vulnerabilities. Collapse

Topics: data security phishing IT security individual productivity information system use

Methods: data transformation structural equation modeling partial least squares regression cross sectional research cross sectional survey

Understanding the Role of Leadership Competencies in Cyber Crisis Management: A Case Study

2023 | HICSS | Citations: 0

Authors: Salviotti, Gianluca; Abbatemarco, Nico; De Rossi, Leonardo Maria; Bjoernland, Kaia

Abstract: The amount and severity of cyber-attacks has been constantly increasing in recen ... Expand

Abstract: The amount and severity of cyber-attacks has been constantly increasing in recent years, and the number of cyber-related organizational crises grew accordingly. Despite the relevance of the topic, the literature on the subject is still limited, especially from a non-technical point of view. In the context of leadership, traditional crisis management literature identified specific competencies that organizations can leverage to mitigate the effects of a crisis, but there is a research gap as to whether or not these capabilities make sense in a cyber crisis context. This study aims to bridge this gap by analyzing the case of Norsk Hydro – a Norwegian company that in 2019 fell victim of a disruptive ransomware attack – through the lenses of a traditional crisis leadership model. Collapse

Topics: emergency management ransomware organization learning decision making computer crime

Methods: narrative analysis qualitative interview case study cluster analysis qualitative coding

Deep Learning for Information Systems Research

2023 | Journal of Management Information Systems | Citations: 1

Authors: Samtani, Sagar; Zhu, Hongyi; Padmanabhan, Balaji; Chai, Yidong; Chen, Hsinchun; Nunamaker Jr., Jay F.

Abstract: Modern artificial intelligence (AI) is heavily reliant on deep learning (DL), an ... Expand

Abstract: Modern artificial intelligence (AI) is heavily reliant on deep learning (DL), an emerging class of algorithms that can automatically detect non-trivial patterns from petabytes of rapidly evolving "Big Data." Although the information systems (IS) discipline has embraced DL, questions remain about DL's interface with a domain and theory and DL contribution types. In this paper, we present a DL information systems research (DL-ISR) schematic that reviews DL while considering the role of the application environment and knowledge base, summarizes extant DL research in IS, a knowledge contribution framework (KCF) to position DL contributions, and ten guidelines to help IS scholars design, execute, and present DL for computational, behavioral, or economic IS research. We illustrate a research contribution to DL for cybersecurity. This article's contribution to theory resides in the conceptual DL-ISR schematic and KCF, while its contributions to practice are based on its practical guidelines for executing DL-based projects. Collapse

Topics: knowledge base IT security artificial intelligence darknet IT security threat

Methods: Cross-Industry Standard Process for Data Mining data transformation autoencoder computational algorithm econometric modeling

Understanding Behavioral Drivers in Twitter Social Media Networks

2023 | International Conference on Information Systems | Citations: 0

Authors: Chung, Wingyan

Abstract: As social media platforms facilitate user interactions, organizations increasin ... Expand

Abstract: As social media platforms facilitate user interactions, organizations increasingly use social media networks (SMNs) to build network ties. Studying user behavior on SMNs can help to uncover strategic information and improve situation awareness. However, there is a lack of understanding of behavioral drivers of SMN participants. This research developed a theoretically-based IS development framework for modeling user behavior in large evolving SMNs. To demonstrate the feasibility of our framework, we developed a proof-of-concept system for simulating user activities in the SMNs of Twitter social communities. Our system models the complex behavioral features in the SMNs by using a wide range of theoretically-driven features and machine-discovered features, and predicts user activities by using a pipeline of statistical and machine-learning techniques. Preliminary results of a simulation study provide insights of the importance of comprehensive network features to model SMN group behavior accurately and quality of commitment features to model SMN user behavior. Collapse

Topics: Twitter user behavior systems development YouTube decision making

Methods: simulation machine learning support vector machine design artifact mixed method

Theories: social network theory

Introduction to the Minitrack on Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security Operations

2023 | HICSS | Citations: 0

Authors: Steiner, Stuart; Plachkinova, Miloslava; Conte De Leon, Daniel; Shepherd, Morgan

Abstract: Cybersecurity touches all aspects of organizational management, with organizati ... Expand

Abstract: Cybersecurity touches all aspects of organizational management, with organizational systems, networks, and critical infrastructures increasingly targeted by determined malicious actors with advanced skills and resources. Such attacks have the potential for major disruption of our society including damage to assets, people, and the environment. Organizations, of all sizes and at all levels, are faced with the challenge of continuously, effectively, and efficiently protecting their systems while enabling and ensuring their mission. Organizational cybersecurity aims to advance knowledge on the theory and practice of cybersecurity management. Collapse

Topics: IT security decision making IT manager information technology capability IT security training

Methods: natural language processing personal interview case study qualitative content analysis

Security-Induced Lock-In in the Cloud

2022 | Business & Information Systems Engineering | Citations: 0

Authors: Arce, Daniel

Abstract: Cloud services providers practice security-induced lock-in when employing crypto ... Expand

Abstract: Cloud services providers practice security-induced lock-in when employing cryptography and tamper-resistance to limit the portability and interoperability of users’ data and applications. Moreover, security-induced lock-in and users’ anti-lock-in strategies intersect within the context of platform competition. When users deploy anti-lock in strategies, such as using a hybrid cloud, a leader–follower pricing framework increases profits for cloud services providers relative to Nash equilibrium prices. This creates a second-mover advantage, as the follower’s increase in profits exceeds that of the leader owing to the potential for price undercutting. By contrast, introducing or enhancing security-induced lock-in creates both an increase in profits and a first-mover advantage. Cloud services providers therefore favor security-induced lock-in over price leadership. More broadly, we show why standardization of semantics, technologies, and interfaces is a nonstarter for cloud services providers. Collapse

Topics: digital platform cloud computing user requirement ransomware value creation

More Security, less Harm? Exploring the Link between Security Measures and Direct Costs of Cyber Incidents within Firms using PLS-PM

2022 | International Conference on Business Informatics | Citations: 0

Authors: Dreissigacker, Arne; Teuteberg, Frank

Abstract: As one of the first articles to empirically explore the direct costs of cyber in ... Expand

Abstract: As one of the first articles to empirically explore the direct costs of cyber incidents, our research provides novel and significant insights into the structural links between cyber incidents, exposure, and security within firms, as well as the related technical consequences. We employ an explorative approach, which is based on the causal information/cyber risk models proposed by Cohen et al. and Woods & Böhme, as well as PLS-modeling to analyze data from 493 firms that have incurred direct costs from their most severe cyber incident in the last 12 months. These data are part of a larger dataset, based on a representative and stratified random sample of 5,000 organizations that participated in a survey in 2018/19. Based on our model, we discuss the results and derive implications that are highly relevant to the alignment of IT (security) strategy and management. Furthermore, we identify gaps to be assessed in future research. Collapse

Topics: IT security defense ransomware database system IT security threat pandemic

Methods: partial least squares path modeling qualitative interview survey partial least squares regression statistical power analysis

Why Do Employees Report Cyber Threats? Comparing Utilitarian and Hedonic Motivations to Use Incident Reporting Tools

2022 | International Conference on Information Systems | Citations: 0

Authors: Franz, Anjuli

Abstract: Organizational cybersecurity is threatened by increasingly sophisticated cybera ... Expand

Abstract: Organizational cybersecurity is threatened by increasingly sophisticated cyberattacks.Early detection of such threats is paramount to ensure organizations' welfare. Particularly for advanced cyberattacks, such as spear phishing, human perception can complement or even outperform technical detection procedures. However, employees' usage of reporting tools is scarce. Whereas prior cybersecurity literature has limited its scope to utilitarian motives, we specifically take hedonic motives in the form of warm glow into account to provide a more nuanced understanding of cyber incident reporting behavior. Drawing on a vignette experiment, we test how the design features of report reasoning and risk indication impact users' reporting tool acceptance. The results of our mediation analysis offer important contributions to information systems literature by uncovering the dominant and under-investigated role of hedonic motives in employees' cyber incident reporting activities. From a practice perspective, our findings provide critical insights for the design of cyber incident reporting tools. Collapse

Topics: usage intention perceived usefulness electronic mail phishing IT security

Methods: experiment mediation analysis regression analysis method survey experimental group

Theories: theory of affordance