MIS Distinguished Speaker Series

Temple University

You are here: Home / Archives for information security

information security

Oct 2 – Ryan Wright to present “A Multi-level Contextualized View of Phishing Susceptibility”

By

A Multi-level Contextualized View of Phishing Susceptibility

by

Ryan Wright

C. Coleman McGehee Professor of Commerce
Director, Certificate in Cybersecurity
Associate Director, Center for the Management of Information Technology
McIntire School of Commerce
University of Virginia

Friday, Oct 2

9 – 10 am | Zoom

Abstact:

With billions of dollars in annual IT security-related damages, organizations are well aware of the critical need for protection from phishing attacks with IT security policies and best practices. However, after decades of academic research and industry interventions, phishing remains one of the top cybersecurity threats to organizations. This significant effort to combat phishing by both practitioners and academics has largely focused on three factors: 1) individual characteristics, 2) message characteristics, and 3) interventions. We advocate for moving beyond this predominant focus to encompass a context-driven understanding of phishing susceptibility. We develop a phishing susceptibility model that includes how contextual factors, including workgroup characteristics and an individual’s position in organizational social networks, can be used to predict susceptibility to phishing messages. We show the utility of this approach through a field study of the ability to detect deception email communication using a multi-wave phishing simulation in the finance division of a large university in the US. Our findings extend the understanding of phishing susceptibility through a model that incorporates variation in the workgroup and network-based factors. In addition, this research generates practical insights regarding how organizations may identify and support employees that are likely to be susceptible to phishing attacks.

April 6 – John D’Arcy to Present “Seeing the Forest and the Trees: A Meta-Analysis of the Antecedents to Information Security Policy Compliance”

By

Seeing the Forest and the Trees: A Meta-Analysis of the Antecedents to Information Security Policy Compliance

by

John D’Arcy

Associate Professor of MIS

Lerner College of Business and Economics, University of Delaware

 

Friday, April 6, 2018

10:30 AM – noon

Speakman Hall Suite 200

 

Abstract

A rich stream of research has identified numerous antecedents to employee compliance (and non-compliance) with information security policies. However, the number of competing theoretical perspectives and inconsistencies in the reported findings have hampered efforts to attain a clear understanding of what truly drives this behavior. To address this theoretical stalemate and build toward a consensus on the key antecedents of employees’ security policy compliance in different contexts, we conducted a meta-analysis of the relevant literature. Drawing on 84 quantitative studies focusing on security policy compliance, we classified 299 independent variables into 17 distinct categories and analyzed each category’s relationship with security policy compliance, including an analysis for possible domain-specific moderators. We augmented our meta-analytic assessment of the bivariate relationships between the independent variables and security policy compliance with a relative weight analysis that accounted for several construct intercorrelations. Collectively, our results suggest that much of the security policy compliance literature is plagued by suboptimal theoretical framing. Our findings can facilitate more refined theory-building efforts in this research domain and serve as a guide for practitioners to manage policy compliance initiatives.