Risk as a Function of Information Technology Artifact Perceptions
Otondo, Robert F.
Crossler, Robert E.
Other Advisors or Committee Members
Johnston, Allen C.
Date of Degree
Dissertation - Open Access
Management and Information Systems
Doctor of Philosophy
College of Business
Department of Management and Information Systems
Ubiquitous networking challenges organizational security by enabling employees to work from virtually anywhere. Different networking environments have distinguishing characteristics that create vulnerabilities, and non-employer controlled networks are outside the security boundary of the organization. Organizations must rely on users to determine the risk to information when operating in external environments. The purpose of this study is to identify the impact of non-malicious insiders’ judgments of Information Technology artifacts when determining risk to organizational information transmitted from multiple networking environments. The study manipulates the Network Environment Characteristics and Information Types, then measures the respondent’s Network Trust, Information Protection Concerns, and Perceived Information Risk. Each of these evaluations are informed by Information Security Awareness, which is measured through General Information Security Awareness and Information Security Policy Knowledge. The factorial survey method was used to investigate the risk assessment because it utilizes multivariate experimental design with sample survey collection methods. This allows for additional precision, and helps to reduce bias. A two-phase investigation was performed that utilized two separate data collection and analysis procedures. The first phase develops and establishes the experimental treatments’ and the measurement instrument’s validity, and the second phase is used to test the hypotheses. The findings of this study contribute to the Information Systems discipline by advancing the understanding of trust, protection, and risk judgments of the Information Technology artifact. This provides insights on how users perceive risk, and could be used to develop Security Education Training and Awareness programs that directly address system risk.
Lee, James Jr, "Risk as a Function of Information Technology Artifact Perceptions" (2014). Theses and Dissertations MSU. 3825.