Theses and Dissertations

James Lee Jr

Issuing Body

Mississippi State University

Advisor

Warkentin, Merrill

Committee Member

Otondo, Robert F.

Committee Member

Marett, Kent

Committee Member

Crossler, Robert E.

Committee Member

Sullivan, Joe

Other Advisors or Committee Members

Johnston, Allen C.

Date of Degree

5-17-2014

Original embargo terms

MSU Only Indefinitely

Document Type

Dissertation - Campus Access Only

Major

Management and Information Systems

Degree Name

Doctor of Philosophy

College

College of Business

Department

Department of Management and Information Systems

Abstract

Ubiquitous networking challenges organizational security by enabling employees to work from virtually anywhere. Different networking environments have distinguishing characteristics that create vulnerabilities, and non-employer controlled networks are outside the security boundary of the organization. Organizations must rely on users to determine the risk to information when operating in external environments. The purpose of this study is to identify the impact of non-malicious insiders’ judgments of Information Technology artifacts when determining risk to organizational information transmitted from multiple networking environments. The study manipulates the Network Environment Characteristics and Information Types, then measures the respondent’s Network Trust, Information Protection Concerns, and Perceived Information Risk. Each of these evaluations are informed by Information Security Awareness, which is measured through General Information Security Awareness and Information Security Policy Knowledge. The factorial survey method was used to investigate the risk assessment because it utilizes multivariate experimental design with sample survey collection methods. This allows for additional precision, and helps to reduce bias. A two-phase investigation was performed that utilized two separate data collection and analysis procedures. The first phase develops and establishes the experimental treatments’ and the measurement instrument’s validity, and the second phase is used to test the hypotheses. The findings of this study contribute to the Information Systems discipline by advancing the understanding of trust, protection, and risk judgments of the Information Technology artifact. This provides insights on how users perceive risk, and could be used to develop Security Education Training and Awareness programs that directly address system risk.

URI

https://hdl.handle.net/11668/16631

Comments

information technology||risk||multi-level modeling||information systems||Information security

Download

Share

COinS