General Deterrence Theory: Assessing Information Systems Security Effectiveness in Large Versus Small Businesses

Presentation Transcript

General Deterrence Theory: Assessing Information Systems Security Effectiveness in Large Versus Small Businesses Joseph H. Schuessler, M.S., M.B.A. Doctoral Candidate University of North Texas Introduction – Literature Review – Methodology – Results - Conclusions

Dissertation Committee Dr. John Windsor, Chair Dr. Chang Koh Dr. Audhesh Paswan Dr. Victor Prybutok Introduction – Literature Review – Methodology – Results - Conclusions

Agenda Introduction Motivation Conceptual Model Literature Review Research Model Hypotheses Methodology Results Demographics Reliability PLS Model Hypotheses Summary Conclusions Discussion Contributions Limitations Future Research Introduction – Literature Review – Methodology – Results - Conclusions

In get ready for the fight to come I have constantly found that arrangements are pointless, however arranging is essential. ( Dwight D. Eisenhower ) Introduction – Literature Review – Methodology – Results - Conclusions

Motivation Organizations are expanding their reliance on data frameworks (Abu-Musa, 2004; Barsanti, 1999; Kankanhalli et al., 2003) Information Systems Security (ISS) has never reliably positioned among the main 10 worries of administration (Ball and Harris, 1982; Dickson et al., 1984; Brancheau and Wetherbe, 1987; Brancheau et al., 1996; and Pimchangthong et al., 2003) Costs related with security episodes keeps on rising (CERT/CC, 2004; CSI/FBI Computer Crime and Security Survey, 2007) Legislators are giving careful consideration to security than administration (Hoffer and Straub, 1989) Greater worry from administration is required (Dhillon and Backhouse, 2000) Introduction – Literature Review – Methodology – Results - Conclusions

Conceptual Model Introduction – Literature Review – Methodology – Results - Conclusions

Literature Review Countermeasures "… a variety of authoritative gadgets to deflect, avoid, or recognize security ruptures" (Kotulic and Clark, 2004, page 599). General Deterrence Theory Posits that people can be prevented from conferring withdrawn acts using countermeasures which incorporate solid disincentives and assents in respect to the demonstration (Straub and Welke, 1998). Presentation – Literature Review – Methodology – Results - Conclusions

Literature Review (Continued) Deterrence Defined by Merriam-Webster as "the restraint of criminal conduct by dread particularly of discipline." Prevention Defined by the American Heritage lexicon as "a deterrent or a hindrance." Detection Defined by the American Heritage Dictionary as "the demonstration or procedure of disclosure." Remedy Defined as "a legitimate request of averting or changing a wrong or authorizing a privilege" by the American Heritage Dictionary. Presentation – Literature Review – Methodology – Results - Conclusions

Literature Review (Continued) Organizational Factors Organizational Size Organizational size is emphatically identified with the utilization of obstacle endeavors (Kankanhalli et al., 2003) Smaller organizations experience the ill effects of "asset destitution" which brings about less successful ISS endeavors (Stephens, 2003) Industry Affiliation Industry association identified with the utilization of hindrance endeavors (Kankanhalli et al., 2003) Certain ventures more vulnerable to PC mishandle than others (Hoffer and Straub, 1989) Introduction – Literature Review – Methodology – Results - Conclusions

Literature Review (Continued) Threats "… an expansive scope of powers equipped for delivering unfriendly outcomes" (Loch et al., 1992, p. 174) There is a dynamic nature to dangers Only episodic and expert conviction that a relationship amongst dangers and countermeasures exists Introduction – Literature Review – Methodology – Results - Conclusions

Literature Review (Continued) Non-Recursive Relationship Between Threats and Countermeasures The relationship amongst dangers and countermeasures can be compared to a waiting amusement Using Complex Adaptive Systems Theory (Holland, 1992) to clarify this relationship Introduction – Literature Review – Methodology – Results - Conclusions

Literature Review (Continued) Information Systems Security Effectiveness Relatively little research has concentrated on ISS Effectiveness Phelps (2005) built up an instrument which secured numerous security areas Kankanhalli et al. (2003) built up a more niggardly build Introduction – Literature Review – Methodology – Results - Conclusions

Literature Review (Continued) Information Systems Security Effectiveness (Continued) Deterrent and Prevention Efforts decidedly related with ISS Effectiveness (Kankanhalli et al., 2003) Detection and Remedy Efforts have not been analyzed in connection to ISS Effectiveness Introduction – Literature Review – Methodology – Results - Conclusions

Research Model Introduction – Literature Review – Methodology – Results - Conclusions

Hypotheses H1: Organizational Size will be emphatically connected with the utilization of each GDT develop: H1 a , H 1 b , H1 c , H1 d H2: Industry Affiliation will be identified with each GDT develop: H2 a , H2 b , H2 c , H2 d H3: Threats will be emphatically connected with Organizational Size H4: Threats will be identified with Industry Affiliation H5: Each General Deterrence Theory develop will be emphatically connected with ISS Effectiveness: H5 a , H5 b , H5 c , H5 d Introduction – Literature Review – Methodology – Results - Conclusions

Hypotheses (proceeded) H6: Threats will be decidedly connected with each General Deterrence Theory build: H6 a , H6 b , H6 c , H6 d H7: Each General Deterrence Theory develop will be identified with Threats: H7 a , H7 b , H7 c , H7 d H8: Organizational Size will be decidedly connected with ISS Effectiveness H9: Industry Affiliation will be identified with ISS Effectiveness Introduction – Literature Review – Methodology – Results - Conclusions

Methodology Two phases of information gathering Stage 1 - Structured Interviews: 6 interviews with IS experts 337 minutes, 59 seconds 96 pages 43,696 words Interviews were assessed utilizing MaxQDA Threats coded taking after Loch et al. (1992) order of dangers Countermeasures coded taking after GDT Introduction – Literature Review – Methodology – Results - Conclusions

Methodology (proceeded with) Stage 2 – Online Survey created from things distinguished from meetings Items assessed by two honing security experts Pilot test was led Survey managed to AITP utilizing an online instrument 73 usable reactions 4.9% reaction rate Non-reaction inclination Introduction – Literature Review – Methodology – Results - Conclusions

Methodology (proceeded with) Data Analysis Smart PLS was utilized capacity to deal with little specimen sizes PLS does not force homogeneity or typicality necessities on information Non-Recursive Relationship Assessed utilizing basic model without non-recursive connections Remaining connections were evaluated utilizing a two-arrange slightest squares Introduction – Literature Review – Methodology – Results - Conclusions

Demographics Introduction – Literature Review – Methodology – Results - Conclusions

Demographics (Continued) Introduction – Literature Review – Methodology – Results - Conclusions

Validity/Reliability Introduction – Literature Review – Methodology – Results - Conclusions

Validity/Reliability (Continued) Introduction – Literature Review – Methodology – Results - Conclusions

Validity/Reliability (Continued) Introduction – Literature Review – Methodology – Results - Conclusions

Validity/Reliability (Continued) Introduction – Literature Review – Methodology – Results - Conclusions

PLS Model Coefficients Introduction – Literature Review – Methodology – Results - Conclusions

Research Hypotheses Summary Introduction – Literature Review – Methodology – Results - Conclusions

Research Hypotheses Summary (Continued) Introduction – Literature Review – Methodology – Results - Conclusions

Research Hypotheses Summary (Continued) Introduction – Literature Review – Methodology – Results - Conclusions

Discussion Smaller associations tend to utilize moderately more countermeasures No connection amongst Industry and Threats Industry Affiliation identified with every countermeasure strategy aside from cure Each countermeasure procedure aside from discovery identified with ISS viability Threats were experimentally appeared to be identified with every one of the four countermeasure strategies Non-recursively, Remedy and Prevention were likewise observed to be identified with dangers Organization Size and Industry observed to be identified with ISS adequacy Introduction – Literature Review – Methodology – Results - Conclusions

Contributions Practitioners: Can be utilized as an appraisal apparatus Can be utilized prescriptively to alter security pose Researchers: Applies hypothetically created focal point to the utilization of countermeasures Extends the Information Systems Security Effectiveness build created by Kankanhalli et al. (2003) Empirically tests the non-recursive relationship amongst dangers and countermeasures Introduction – Literature Review – Methodology – Results - Conclusions

Limitations Cross Sectional Data Common Method Bias Threats are dealt with comprehensively Introduction – Literature Review – Methodology – Results - Conclusions

Future Research Layers of deliberation: Siponen distinguished three layers of reflection about which an association's data frameworks could be depict