Information systems security research agenda: Exploring the gap between research and practice

Abbasi, 2010, Detecting fake websites: The contribution of statistical learning theory, MIS Quarterly, 34, 435, 10.2307/25750686 Albrechtsen, 2007, A Qualitative Study of Users' View on Information Security, Computers & Security, 26, 276, 10.1016/j.cose.2006.11.004 Ande, 2020, Internet of Things: Evolution and technologies from a security perspective, Sustainable Cities and Society, 54, 101728, 10.1016/j.scs.2019.101728 Armstrong, H. 1999. “A Soft Approach to Management of Information Security,” PhD thesis in: School of Public Health. Perth, Australia: Curtin University, p. 343. Arun, R., Suresh, V., Madhavan, C. V., and Murthy, M. N. 2010. “On Finding the Natural Number of Topics with Latent Dirichlet Allocation: Some Observations,” Pacific-Asia Conference on Knowledge Discovery and Data Mining: Springer, p. 391-402. Aurigemma, 2019, Generally Speaking, Context Matters: Making the Case for a Change from Universal to Particular ISP Research, Journal of the Association for Information Systems, 20:12, 7 Backhouse, 1996, Structures of Responsibility and Security of Information Systems, European Journal of Information Systems, 5, 2, 10.1057/ejis.1996.7 Baskerville, 1987 Baskerville, 1988 Baskerville, 1993, Information Systems Security Design Methods: Implications for Information Systems Development, ACM Computing Surveys, 25, 375, 10.1145/162124.162127 Bauer, 2017, From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization, Database for Advances in Information Systems, 48, 44, 10.1145/3130515.3130519 Blei, 2003, Latent Dirichlet Allocation, Journal of Machine Learning Research, 3:Jan, 993 Bostrom, 1977, MIS Problems and Failures: A Socio-Technical Perspective. Part I: The Causes, MIS Quarterly, 1, 17, 10.2307/248710 Burrell, 1979 Cao, 2009, A Density-Based Method for Adaptive LDA Model Selection, Neurocomputing, 72, 1775, 10.1016/j.neucom.2008.06.011 Charitoudi, 2014, An Agent-Based Socio-Technical Approach to Impact Assessment for Cyber Defense, Information Security Journal: A Global Perspective, 23, 125 Chatterjee, 2019, Reacting to the Scope of a Data Breach: The Differential Role of Fear and Anger, Journal of Business Research, 101, 183, 10.1016/j.jbusres.2019.04.024 Cheng, 2000, An object-oriented organizational model to support dynamic role-based access control in electronic commerce, Decision Support Systems, 29, 357, 10.1016/S0167-9236(00)00083-X Choi, 2015, Embarrassing exposures in online social networks: An integrated perspective of privacy invasion and relationship bonding, Information Systems Research, 26, 675, 10.1287/isre.2015.0602 Craig, 2014, 672 Crossler, 2013, Future Directions for Behavioral Information Security Research, Computers & Security, 32, 90, 10.1016/j.cose.2012.09.010 Damenu, 2017, Analysing Information Security in a Bank Using Soft Systems Methodology, Information & Computer Security, 25, 240, 10.1108/ICS-07-2016-0053 Deveaud, 2014, Accurate and Effective Latent Concept Modeling for Ad Hoc Information Retrieval, Document numérique, 17, 61, 10.3166/dn.17.1.61-84 1997 Dhillon, 2007 Dhillon, 2020, The Mediating Role of Psychological Empowerment in Information Security Compliance Intentions, Journal of the Association for Information Systems, 21, 152, 10.17705/1jais.00595 Dhillon, 2001, Current Directions in Is Security Research: Towards Socio-Organizational Perspectives, Information Systems Journal, 11, 127, 10.1046/j.1365-2575.2001.00099.x Dhillon, S., and Coss, D. “Information Privacy Literature: issues and challenges,” Journal of Information System Security (15:3), p. 185-198. Dincelli, 2020, Choose Your Own Training Adventure: Designing a Gamified Seta Artefact for Improving Information Security and Privacy through Interactive Storytelling, European Journal of Information Systems, 1 Dobson, 1991, A Methodology for Analyzing Human and Computer-Related Issues in Secure Systems, 151 Eder-Neuhauser, 2018, Malware propagation in smart grid monoculturesMalware-Ausbreitung in Smart Grid-Monokulturen, Elektrotechnik and Informationstechnik, 135, 264, 10.1007/s00502-018-0616-5 Fernandez, 2008, “A Methodology to Develop Secure Systems Using Patterns,” in Information Security and Ethics: Concepts, Methodologies, Tools, and Applications, IGI Global, 654 Furnell, 2012, Power to the People? The Evolving Recognition of Human Aspects of Security, Computers & Security, 31, 983, 10.1016/j.cose.2012.08.004 Goode, 2017, User Compensation as a Data Breach Recovery Action: An Investigation of the Sony Playstation Network Breach, MIS Quarterly, 41, 703, 10.25300/MISQ/2017/41.3.03 Griffiths, 2004, Finding Scientific Topics, Proceedings of the National Academy of Sciences, 101, 5228, 10.1073/pnas.0307752101 Gupta, 2021, An Attribute-Based Access Control for Cloud-Enabled Industrial Smart Vehicles, IEEE Transactions on Industrial Informatics, 17, 4288, 10.1109/TII.2020.3022759 Hammouchia, 2019, Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches over Time, Procedia Computer Science, 151, 1004, 10.1016/j.procs.2019.04.141 Hitchings, 1995, Deficiencies of the Traditional Approach to Information Security and the Requirements for a New Methodology, Computers & Security, 14, 377, 10.1016/0167-4048(95)97088-R Homoliak, 2019, Insight into Insiders and It: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures, ACM Computing Surveys (CSUR), 52, 1, 10.1145/3303771 Hong, 2014, A Framework and Guidelines for Context-Specific Theorizing in Information Systems Research, Information Systems Research, 25, 111, 10.1287/isre.2013.0501 Huang, 2018, Analyst Information Discovery and Interpretation Roles: A Topic Modeling Approach, Management Science, 64, 2833, 10.1287/mnsc.2017.2751 Hurst, W., Merabti, M., and Fergus, P. 2014. “A Survey of Critical Infrastructure Security,” International Conference on Critical Infrastructure Protection, J. Butts and S. Shenoi (eds.), Arlington, VA: Springer, p. 127-138. Ifinedo, 2012, Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory, Computers & Security, 31, 83, 10.1016/j.cose.2011.10.007 James, H. 1996. “Managing Information Systems Security: A Soft Approach,” Information Systems Conference of New Zealand: IEEE Society Press. Jensen, 2017, Training to mitigate phishing attacks using mindfulness techniques, Journal of Management Information Systems, 34, 597, 10.1080/07421222.2017.1334499 Jiang, 2013, Research note—privacy concerns and privacy-protective behavior in synchronous online social interactions, Information Systems Research, 24, 579, 10.1287/isre.1120.0441 Johns, 2006, The Essential Impact of Context on Organizational Behavior, Academy of Management Review, 31, 386, 10.5465/amr.2006.20208687 Johnston, 2010, Fear Appeals and Information Security Behaviors: An Empirical Study, MIS Quarterly, 34, 549, 10.2307/25750691 Karjalainen, 2019, Toward a Theory of Information Systems Security Behaviors of Organizational Employees: A Dialectical Process Perspective, Information Systems Research, 30, 687, 10.1287/isre.2018.0827 Kabir, 2012, A role-involved purpose-based access control model, Information Systems Frontiers, 14, 809, 10.1007/s10796-011-9305-1 Karlsson, 2017, Practice-Based Discourse Analysis of Information Security Policies, Computers & Security, 67, 267, 10.1016/j.cose.2016.12.012 Keith, 2009, A behavioral analysis of passphrase design and effectiveness, Journal of the Association for Information Systems, 10, 63, 10.17705/1jais.00184 Khan, S., and Madnick, S. 2019. “Cybersafety: A System-Theoretic Approach to Identify Cyber-Vulnerabilities & Mitigations in Industrial Control Systems,” Available at SSRN 3542551). Kordzadeh, 2017, Communicating personal health information in virtual health communities: An integration of privacy calculus model and affective commitment, Journal of the Association for Information Systems, 18, 45, 10.17705/1jais.00446 Kwon, J., and Johnson, M. E. 2011. “The Impact of Security Practices on Regulatory Compliance and Security Performance,” 32nd International Conference on Information Systems (ICIS). December 4-7, Shanghai, China. Leifer, R., Lee, S., and Durgee, J. 1994. “Deep Structures: Real Information Requirements Determination,” Information & Management 27(5), p. 275-285. Luse, A., Mennecke, B., Townsend, A., and Demarie, S. 2013. “Strategic Information Systems Security: Definition and Theoretical Model,” AMCIS 2013, August 15-17. Chicago, USA. McFadzean, E., Ezingeard, J.-N., and Birchall, D. 2006. “Anchoring Information Security Governance Research: Sociological Groundings and Future Directions,” Journal of Information System Security 2(3), p. 3-48. Mohamed, 2017, Trading Off Usability and Security in User Interface Design through Mental Models, Behaviour & Information Technology, 36, 493, 10.1080/0144929X.2016.1262897 Moody, 2018, Toward a Unified Model of Information Security Policy Compliance, MIS Quarterly, 42, 285, 10.25300/MISQ/2018/13853 Nazareth, 2015, A System Dynamics Model for Information Security Management, Information & Management, 52, 123, 10.1016/j.im.2014.10.009 Nissenbaum, 1994, Computing and Accountability, Communications of the ACM, 37, 73, 10.1145/175222.175228 Okoli, 2004, The Delphi Method as a Research Tool: An Example, Design Considerations and Applications, Information & Management, 42, 15, 10.1016/j.im.2003.11.002 Paananen, 2020, State of the Art in Information Security Policy Development, Computers & Security, 88, 1, 10.1016/j.cose.2019.101608 Paté-Cornell, 2018, Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies, Risk Analysis, 38, 226, 10.1111/risa.12844 Patterson, 2017, A Cyber-Threat Analytic Model for Autonomous Detection of Virtual Property Theft, Information & Computer Security, 25, 358, 10.1108/ICS-11-2016-0087 Perez, 2005, The Case of a Computer Hack, Journal of Information System Security, 1, 53 Ramesh, 2014, An efficacious method for detecting phishing webpages through target domain identification, Decision Support Systems, 61, 12, 10.1016/j.dss.2014.01.002 Rosemann, 2008, Toward Improving the Relevance of Information Systems Research to Practice: The Role of Applicability Checks, MIS Quarterly, 32, 1, 10.2307/25148826 Samonas, 2014, The CIA Strikes Back: Redefining Confidentiality, Integrity and Availability in Security, Journal of Information System Security, 10, 21 Sandhu, R., and Munawer, Q. 1998. “How to Do Discretionary Access Control Using Roles,” Proceedings of the third ACM workshop on Role-based access control, p. 47-54. Schmidt, 1997, Managing Delphi Surveys Using Nonparametric Statistical Techniques, Decision Sciences, 28, 763, 10.1111/j.1540-5915.1997.tb01330.x Silic, 2020, Using Design-Science Based Gamification to Improve Organizational Security Training and Compliance, Journal of Management Information Systems, 37, 129, 10.1080/07421222.2019.1705512 Siponen, 2010, Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations, MIS Quarterly, 34, 487, 10.2307/25750688 Siponen, 2005, An Analysis of the Traditional Is Security Approaches: Implications for Research and Practice, European Journal of Information Systems, 14, 303, 10.1057/palgrave.ejis.3000537 Siponen, 2007, A Review of Information Security Issues and Respective Research Contributions, The Data Base for Advances in Information Systems, 38, 60, 10.1145/1216218.1216224 Spagnoletti, 2008, The Duality of Information Security Management: Fighting against Predictable and Unpredictable Threats, Journal of Information System Security, 4, 46 Steinbart, 2016, Examining the continuance of secure behavior: A longitudinal field study of mobile device authentication, Information Systems Research, 27, 219, 10.1287/isre.2016.0634 Straub, 2011, Editor's Comments: Rigor and Relevance in IS Research: Redefining the Debate and a Call for Future Research, MIS Quarterly, 35, iii, 10.2307/23043485 Sun, 2019, Modeling and Clustering Attacker Activities in Iot through Machine Learning Techniques, Information Sciences, 479, 456, 10.1016/j.ins.2018.04.065 Syed, 2019, Enterprise Reputation Threats on Social Media: A Case of Data Breach Framing, Journal of Strategic Information Systems, 28, 257, 10.1016/j.jsis.2018.12.001 Thomas, 2012, Interpreting Deep Structures of Information Systems Security, The Computer Journal, 55, 1148, 10.1093/comjnl/bxr118 Vance, 2012, Motivating Is Security Compliance: Insights from Habit and Protection Motivation Theory, Information & Management, 49, 190, 10.1016/j.im.2012.04.002 Vedder, 2017, Accountability for the Use of Algorithms in a Big Data Environment, International Review of Law, Computers & Technology, 31, 206, 10.1080/13600869.2017.1298547 White, E. F., and Dhillon, G. 2005. “Synthesizing Information System Design Ideals to Overcome Developmental Duality in Securing Information Systems,” Proceedings of the 38th Annual Hawaii International Conference on System Sciences: IEEE, p. 186a-186a. Williams, 2013, Information Security Governance Practices in Critical Infrastructure Organizations: A Socio-Technical and Institutional Logic Perspective, Electronic Markets, 23, 341, 10.1007/s12525-013-0137-3 Wing, 1990, A Specifier's Introduction to Formal Methods, Computer, 23, 8, 10.1109/2.58215 Wing, J. M. 1998. “A Symbiotic Relationship between Formal Methods and Security,” Proceedings from Workshops on Computer Security, Fault Tolerance, and Software Assurance: From Needs to Solution, CMU-CS-98-188, December. Xue, 2011, Punishment, Justice, and Compliance in Mandatory It Settings, Information Systems Research, 22, 400, 10.1287/isre.1090.0266 Zviran, 1999, Password security: an empirical study, Journal of Management Information Systems, 15, 161, 10.1080/07421222.1999.11518226