Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/organizational-cloud-security-and-control-a-proactive-approach-0okB8H24bl
References (109)
-
N. Doherty, L. Anastasakis, H. Fulford (2009)
The information security policy unpacked: A critical study of the content of university policiesInt. J. Inf. Manag., 29
-
Chul-Ho Lee, Xianjun Geng, Srinivasan Raghunathan (2016)
Mandatory Standards and Organizational Information SecurityInf. Syst. Res., 27
-
Gefen, Rigdon, Straub (2011)
Editor's Comments: An Update and Extension to SEM Guidelines for Administrative and Social Science ResearchManagement Information Systems Quarterly, 35
-
(1978)
Psychometric Theory, New York: McGraw-Hill, available at:https://doi.org/10.1037/018882 -
Qing Hu, R. West, Laura Smarandescu (2015)
The Role of Self-Control in Information Security Violations: Insights from a Cognitive Neuroscience PerspectiveJournal of Management Information Systems, 31
-
P. Mell, T. Grance (2011)
SP 800-145. The NIST Definition of Cloud Computing -
W. Orlikowski, J. Baroudi (1990)
Studying Information Technology in Organizations: Research Approaches and AssumptionsOrganizations & Markets eJournal
-
Gary Garrison, Sanghyun Kim, Robin Wakefield (2012)
Success factors for deploying cloud computingCommun. ACM, 55
-
J. Karat, Clare-Marie Karat, C. Brodie (2012)
Privacy, Security, and Trust : Human-Computer Interaction Challenges and Opportunities at Their Intersection -
Gilbert Churchill (1979)
A Paradigm for Developing Better Measures of Marketing ConstructsJournal of Marketing Research, 16
-
Dimitrios Zissis, D. Lekkas (2012)
Addressing cloud computing security issuesFuture Gener. Comput. Syst., 28
-
Luis Rodero-Merino, L. González, E. Caron, A. Muresan, F. Desprez (2012)
Building safe PaaS clouds: A survey on security in multitenant software platformsComput. Secur., 31
-
Loriann Stretch, J. Osborne (2005)
Extended Time Test Accommodation: Directions for Future Research and PracticePractical Assessment, Research and Evaluation, 10
-
Hemantha Herath, Tejaswini Herath (2008)
Investments in Information Security: A Real Options Perspective with Bayesian PostauditJournal of Management Information Systems, 25
-
Siani Pearson (2013)
Privacy, Security and Trust in Cloud Computing -
James Anderson, D. Gerbing (1988)
STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACHPsychological Bulletin, 103
-
M. Siponen, Anthony Vance (2010)
Neutralization: New Insights into the Problem of Employee Systems Security Policy ViolationsMIS Q., 34
-
Merrill Warkentin, E. Walden, Allen Johnston, D. Straub (2016)
Neural Correlates of Protection Motivation for Secure IT Behaviors: An fMRI ExaminationJ. Assoc. Inf. Syst., 17
-
M. Workman, W. Bommer, D. Straub (2008)
Security lapses and the omission of information security measures: A threat control model and empirical testComput. Hum. Behav., 24
-
R. El-Gazzar (2014)
A Literature Review on Cloud Computing Adoption Issues in Enterprises -
L. González, Luis Rodero-Merino, Daniel Morán (2010)
Locking the sky: a survey on IaaS cloud securityComputing, 91
-
Carol Hsu, Jae-Nam Lee, D. Straub (2012)
Institutional Influences on Information Systems Security InnovationsInf. Syst. Res., 23
-
D. Straub (1990)
Effective IS Security: An Empirical StudyInf. Syst. Res., 1
-
R. LaRose, Nora Rifon, R. Enbody (2008)
Promoting personal responsibility for internet safetyCommun. ACM, 51
-
H. Suri, D. Clarke (2009)
Advancements in Research Synthesis Methods: From a Methodologically Inclusive PerspectiveReview of Educational Research, 79
-
M. Alzain, E. Pardede, B. Soh, J. Thom (2012)
Cloud Computing Security: From Single to Multi-clouds2012 45th Hawaii International Conference on System Sciences
-
J. D'Arcy, A. Hovav, D. Galletta (2009)
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence ApproachInf. Syst. Res., 20
-
Mazhar Ali, S. Khan, A. Vasilakos (2015)
Security in cloud computing: Opportunities and challengesInf. Sci., 305
-
J. D'Arcy, Tejaswini Herath, Mindy Shoss (2014)
Understanding Employee Responses to Stressful Information Security Requirements: A Coping PerspectiveJournal of Management Information Systems, 31
-
Hassan Takabi, J. Joshi, Gail-Joon Ahn (2010)
Security and Privacy Challenges in Cloud Computing EnvironmentsIEEE Security & Privacy, 8
-
I. Benbasat, D. Goldstein, Melissa Mead (1987)
The Case Research Strategy in Studies of Information SystemsMIS Q., 11
-
L. Fabrigar, D. Wegener, R. Maccallum, E. Strahan (1999)
Evaluating the use of exploratory factor analysis in psychological research.Psychological Methods, 4
-
Persuasion with case studies
Academy of Management Journal, 50
-
P. Mell, T. Grance (2011)
The NIST Definition of Cloud Computing, 23
-
Esther Gal‐Or, A. Ghose (2004)
The Economic Incentives for Sharing Security InformationCyberspace Law eJournal
-
Yan Chen, F. Zahedi (2016)
Individuals' Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and ChinaMIS Q., 40
-
W. Ouchi (1979)
A Conceptual Framework for the Design of Organizational Control MechanismsManagement Science, 25
-
Michael Armbrust, A. Fox, Rean Griffith, A. Joseph, R. Katz, A. Konwinski, Gunho Lee, D. Patterson, A. Rabkin, I. Stoica, M. Zaharia (2010)
A view of cloud computingInt. J. Networked Distributed Comput., 1
-
Sheikh Habib, S. Hauke, S. Ries, M. Mühlhäuser (2012)
Trust as a facilitator in cloud computing: a surveyJournal of Cloud Computing: Advances, Systems and Applications, 1
-
J. Heikka, R. Baskerville, M. Siponen (2006)
A Design Theory for Secure Information Systems Design MethodsJ. Assoc. Inf. Syst., 7
-
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
-
J. D'Arcy, Tejaswini Herath (2011)
A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findingsEuropean Journal of Information Systems, 20
-
F. Kerschbaum (2011)
Secure and Sustainable Benchmarking in CloudsBusiness & Information Systems Engineering, 3
-
Jingwei Huang, D. Nicol (2013)
Trust mechanisms for cloud computingJournal of Cloud Computing: Advances, Systems and Applications, 2
-
Allen Johnston, Merrill Warkentin (2010)
Fear Appeals and Information Security Behaviors: An Empirical StudyMIS Q., 34
-
R. Buyya, Chee Yeo, S. Venugopal, J. Broberg, I. Brandić (2009)
Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utilityFuture Gener. Comput. Syst., 25
-
Younghwa Lee, Kai Larsen (2009)
Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware softwareEuropean Journal of Information Systems, 18
-
The economic incentives for sharing security information
Information Systems Research, 16
-
Huigang Liang, Yajiong Xue (2009)
Avoidance of Information Technology Threats: A Theoretical PerspectiveMIS Q., 33
-
R. Boyatzis (1998)
Transforming Qualitative Information: Thematic Analysis and Code Development -
C. Fornell, D. Larcker (1981)
Structural Equation Models with Unobservable Variables and Measurement Error: Algebra and StatisticsJournal of Marketing Research, 18
-
J. Osborne (2019)
What is Rotating in Exploratory Factor Analysis? -
I. Ajzen (1991)
The theory of planned behaviorOrganizational Behavior and Human Decision Processes, 50
-
Sulin Ba, P. Pavlou (2002)
Evidence of the Effect of Trust Building Technology in Electronic Markets: Price Premiums and Buyer BehaviorIRPN: Innovation & Marketing (Topic)
-
D. Gefen, Edward Rigdon, D. Straub (2011)
An Update and Extension to SEM Guidelines for Admnistrative and Social Science ResearchManagement Information Systems Quarterly, 35
-
D. Straub, R. Welke (1998)
Coping With Systems Risk: Security Planning Models for Management Decision MakingMIS Q., 22
-
Sutirtha Chatterjee, Suprateek Sarker, J. Valacich (2015)
The Behavioral Roots of Information Systems Security: Exploring Key Factors Related to Unethical IT UseJournal of Management Information Systems, 31
-
Anthony Vance, M. Siponen, Seppo Pahnila (2012)
Motivating IS security compliance: Insights from Habit and Protection Motivation TheoryInf. Manag., 49
-
Sean Marston, Zhi Li, Subhajyoti Bandyopadhyay, Anand Ghalsasi (2011)
Cloud Computing - The Business Perspective2011 44th Hawaii International Conference on System Sciences
-
Jingguo Wang, Manish Gupta, H. Rao (2015)
Insider Threats in a Financial Institution: Analysis of Attack-Proneness of Information Systems ApplicationsMIS Q., 39
-
M. Siponen (2006)
Six Design Theories for IS Security Policies and GuidelinesJ. Assoc. Inf. Syst., 7
-
Thatiana Lima (2017)
Exploratory and confirmatory factor analysis of the -
I. Coyne (1997)
Sampling in qualitative research. Purposeful and theoretical sampling; merging or clear boundaries?Journal of advanced nursing, 26 3
-
Scott Boss, L. Kirsch, I. Angermeier, Ray Shingler, Wayne Boss (2009)
If someone is watching, I'll do what I'm asked: mandatoriness, control, and information securityEuropean Journal of Information Systems, 18
-
V. Mookerjee, Radha Mookerjee, A. Bensoussan, W. Yue (2011)
When Hackers Talk: Managing Information Security Under Variable Attack Rates and Knowledge DisseminationInf. Syst. Res., 22
-
F. Shahzad (2014)
State-of-the-art Survey on Cloud Computing Security Challenges, Approaches and Solutions -
Seppo Pahnila, M. Siponen, M. Mahmood (2007)
Employees' Behavior towards IS Security Policy Compliance2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07)
-
Y. Chen, Kuang-Wei Wen, Y. Chen (2012)
Organizations' Information Security Policy Compliance: Stick or Carrot Approach?Journal of Management Information Systems, 29
-
Huigang Liang, Yajiong Xue (2010)
Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance PerspectiveJ. Assoc. Inf. Syst., 11
-
B. Stahl, N. Doherty, M. Shaw (2012)
Information security policies in the UK healthcare sector: a critical evaluationInformation Systems Journal, 22
-
R. Yin (1984)
Case Study Research: Design and Methods -
(2006)
Using thematic analysis in psychology -
Tejaswini Herath, H. Rao (2009)
Protection motivation and deterrence: a framework for security policy compliance in organisationsEuropean Journal of Information Systems, 18
-
Seyyed-Abdolhamid Mirhosseini (2020)
Designing Qualitative Studies -
H. Suri (2011)
Purposeful sampling in qualitative research synthesisQualitative Research Journal, 11
-
Alan Rea, Xiaojun Cao, Aparna Gupta, N. Shenoy (2012)
A Secure Cloud Internetwork Model with Economic and Social Incentives (SCIMES) -
Liisa Myyry, M. Siponen, Seppo Pahnila, T. Vartiainen, Anthony Vance (2009)
What levels of moral reasoning and values explain adherence to information security rules? An empirical studyEuropean Journal of Information Systems, 18
-
G. Magklaras, S. Furnell (2002)
Insider Threat Prediction Tool: Evaluating the probability of IT misuseComput. Secur., 21
-
I. Mezgár, U. Rauschecker (2014)
The challenge of networked enterprises for cloud computing interoperabilityComput. Ind., 65
-
Huseyin Cavusoglu, Srinivasan Raghunathan, H. Cavusoglu (2009)
Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection SystemsInf. Syst. Res., 20
-
Yazan Alshamaila, S. Papagiannidis, Feng Li (2013)
Cloud computing adoption by SMEs in the north east of England: A multi-perspective frameworkJ. Enterp. Inf. Manag., 26
-
P. Podsakoff, Scott MacKenzie, Jeong-Yeon Lee, Nathan Podsakoff (2003)
Common method biases in behavioral research: a critical review of the literature and recommended remedies.The Journal of applied psychology, 88 5
-
Cheolho Yoon, Hyungon Kim (2013)
Understanding computer security behavioral intention in the workplace: An empirical study of Korean firmsInf. Technol. People, 26
-
P. Steinbart, M. Keith, J. Babb (2016)
Examining the Continuance of Secure Behavior: A Longitudinal Field Study of Mobile Device AuthenticationInf. Syst. Res., 27
-
Hassan Takabi, J. Joshi (2012)
Policy Management as a Service: An Approach to Manage Policy Heterogeneity in Cloud Computing Environment2012 45th Hawaii International Conference on System Sciences
-
C. Fornell, D. Larcker (1981)
Evaluating structural equation models with unobservable variables and measurement error.Journal of Marketing Research, 18
-
Oscar Rebollo, D. Mellado, E. Fernández-Medina, H. Mouratidis (2015)
Empirical evaluation of a cloud computing information security governance frameworkInf. Softw. Technol., 58
-
Nicolaj Siggelkow (2007)
Persuasion with case studiesRevista Eletrônica de Estratégia e Negócios, 1
-
Cloud computing — the business perspective
Decision Support Systems, 51
-
(2015)
Cloud adoption practices & priorities survey report -
P. Pavlou, Mendel Fygenson (2006)
Understanding and Predicting Electronic Commerce Adoption: An Extension of the Theory of Planned Behavior -
G. Magklaras, S. Furnell (2001)
Events: Insider Threat Prediction Tool: Evaluating the probability of IT misuseComputers & Security, 21
-
Catherine Anderson, Ritu Agarwal (2010)
Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral IntentionsMIS Q., 34
-
Scott Boss, D. Galletta, P. Lowry, Gregory Moody, P. Polak (2015)
What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security BehaviorsMIS Q., 39
-
Scott Boss, D. Galletta, P. Lowry, Gregory Moody, P. Polak (2015)
What Do Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security BehaviorsSocial Science Research Network
-
A. Tsohou, Maria Karyda, S. Kokolakis, E. Kiountouzis (2012)
Analyzing Trajectories of Information Security AwarenessInf. Technol. People, 25
-
Petri Puhakainen, M. Siponen (2010)
Improving Employees' Compliance Through Information Systems Security Training: An Action Research StudyMIS Q., 34
-
R. Baskerville, Eun Park, Jongwoo Kim (2014)
An emote opportunity model of computer abuseInf. Technol. People, 27
-
Anna Costello, J. Osborne (2005)
Best practices in exploratory factor analysis: four recommendations for getting the most from your analysis.Practical Assessment, Research and Evaluation, 10
-
M. Engle (1999)
Book Review: Qualitative Data Analysis: An Expanded Sourcebook (2nd Ed.)American Journal of Evaluation, 20
-
M. Miles, A. Huberman (1994)
Qualitative Data Analysis: An Expanded Sourcebook -
Exploratory and confirmatory factor analysis
Applied Quantitative Analysis in Education and the Social Sciences
-
J. Goodall, W. Lutters, A. Komlódi (2009)
Developing expertise for network intrusion detectionInf. Technol. People, 22
-
R. Bagozzi, Youjae Yi (1988)
On the evaluation of structural equation modelsJournal of the Academy of Marketing Science, 16
-
Allen Johnston, Merrill Warkentin, M. Siponen (2015)
An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning RhetoricMIS Q., 39
-
(2009)
Access Control and Trust Management for Emerging Multidomain Environments -
S. Subashini, V. Kavitha (2011)
A survey on security issues in service delivery models of cloud computingJ. Netw. Comput. Appl., 34
-
J. Nunnally, McGraw-Hill New (1978)
Psychometric Theory: NY. -
J. Hsu, Sheng-Pao Shih, Y. Hung, P. Lowry (2015)
The Role of Extra-Role Behaviors and Social Controls in Information Security Policy EffectivenessERN: Knowledge Management & Innovation (Topic)
- Publisher
- Emerald Publishing
- Copyright
- © Emerald Publishing Limited
- ISSN
- 0959-3845
- DOI
- 10.1108/itp-04-2017-0131
- Publisher site
- See Article on Publisher Site
Abstract
The purpose of this paper is to unfold the perceptions around additional security in cloud environments by highlighting the importance of controlling mechanisms as an approach to the ethical use of the systems. The study focuses on the effects of the controlling mechanisms in maintaining an overall secure position for the cloud and the mediating role of the ethical behavior in this relationship.Design/methodology/approachA case study was conducted, examining the adoption of managed cloud security services as a means of control, as well as a large-scale survey with the views of IT decision makers about the effects of such adoption to the overall cloud security.FindingsThe findings indicate that there is indeed a positive relationship between the adoption of controlling mechanisms and the maintenance of overall cloud security, which increases when the users follow an ethical behavior in the use of the cloud. A framework based on the findings is built suggesting a research agenda for the future and a conceptualization of the field.Research limitations/implicationsOne of the major limitations of the study is the fact that the data collection was based on the perceptions of IT decision makers from a cross-section of industries; however the proposed framework should also be examined in industry-specific context. Although the firm size was indicated as a high influencing factor, it was not considered for this study, as the data collection targeted a range of organizations from various sizes.Originality/valueThis study extends the research of IS security behavior based on the notion that individuals (clients and providers of cloud infrastructure) are protecting something separate from themselves, in a cloud-based environment, sharing responsibility and trust with their peers. The organization in this context is focusing on managed security solutions as a proactive measurement to preserve cloud security in cloud environments.
Journal
Information Technology and People – Emerald Publishing
Published: Jun 19, 2019
Keywords: Cloud security; Organizational control; Structural equation modelling; Exploratory framework