Skip to main content
No Access

Cross-cultural investigation of the security knowledge process

Published Online:pp 1-19https://doi.org/10.1504/IJBIS.2012.046678

Security knowledge is a critical component for computer end users to cope with and ameliorate security threats. Drawing upon learning theory and innovation diffusion theory, this study examines individuals’ security knowledge process, focusing on spyware. In addition, a moderating effect of culture is examined in security knowledge process between the USA and Republic of Korea. The results indicate that spyware awareness is an intermediary between security familiarity and spyware knowledge, and there is a moderating cultural effect between spyware awareness and spyware knowledge. This study highlights the importance of learning procedures and cultural effects in the security knowledge context.

Keywords

security, spyware, familiarity, awareness, knowledge, culture

References

  • 1. Alba, J.W. , Hutchinson, J.W. (1987). ‘Dimensions of consumer expertise’. Journal of Consumer Research. 13, 4, 411-454 Google Scholar
  • 2. Albrechtsen, E. (2007). ‘A qualitative study of user’s view on information security’. Computer and Security. 26, 4, 276-289 Google Scholar
  • 3. Anderson, J.C. , Gerbing, S.W. (1998). ‘Structural equation modeling in practice: a review and recommended two step approach’. Psychological Bulletin. 103, 3, 411-423 Google Scholar
  • 4. Arnett, K.P. , Schmidt, M.B. (2005). ‘Busting the ghost in the machine’. Communications of the ACM. 48, 8, 92-95 Google Scholar
  • 5. Bagozzi, R.P. , Fornell, C. , Fornell, C. (1982). ‘Theoretical concepts, measurement, and meaning’. A Second Generation of Multivariate Analysis. New York, NY:Praeger , 5-23 Google Scholar
  • 6. Baron, R.M. , Kenny, D.A. (1986). ‘The moderator-mediator variable distinction in social psychological research: conceptual, strategic, and statistical considerations’. Journal of Personality and Social Psychology. 51, 6, 1173-1182 Google Scholar
  • 7. Bassellier, G. , Benbasat, I. , Reich, B.H. (2003). ‘The influence of business managers’ IT competence on championing IT’. Information Systems Research. 14, 4, 317-336 Google Scholar
  • 8. Bower, G.H. , Hilgard, E.R. (1981). Theories of Learning. Englewood Cliffs, NJ:Prentice-Hall Google Scholar
  • 9. Chen, C.C. , Medlin, B.D. , Shaw, R.S. (2008). ‘A cross-cultural investigation of situational information security awareness programs’. Information Management and Computer Security. 16, 4, 360-376 Google Scholar
  • 10. Chi, M.T.H. , Glaser, R. , Rees, E. , Sternberg, R. (1982). ‘Expertise in problem solving’. Advances in Psychology and Human Intelligence. Hillsdale, NJ:Lawrence Erlbaum , 7-73 Google Scholar
  • 11. Cohen, W.M. , Levinthal, D.A. (1990). ‘Absorptive capacity: a new perspective on learning and innovation’. Administrative Science Quarterly. 35, 1, 128-152 Google Scholar
  • 12. Coleman, J.S. , Katz, E. , Menzel, H. (1966). Medical Innovation: A Diffusion Study. New York, NY:Bobbs-Merrill Google Scholar
  • 13. Computer Security Institute (2009). CSI Computer Crime and Security Survey 2009. (accessed on 20 August 2010), available at http://www.gocsi.com/survey/ Google Scholar
  • 14. Consumer Reports (2010). Social Insecurity: What Millions of Online Users Don’t Know Can Hurt Them. (accessed on 20 August 2010), available at http://www.consumerreports.org/cro/magazine-archive/2010/june/ electronics-computers/social-insecurity/overview/index.htm Google Scholar
  • 15. Cook, T.D. , Campbell, D.T. (1979). Quasi Experimentation: Design and Analytical Issues for Field Settings. Chicago, IL:Rand McNally Google Scholar
  • 16. D’Arcy, J. , Hovav, A. , Galletta, D. (2009). ‘User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach’. Information Systems Research. 20, 1, 79-98 Google Scholar
  • 17. Davenport, T.H. , Prusak, L. (1998). ‘Working knowledge: managing what your organization knows’. Boston, MA:Harvard Business School Press Google Scholar
  • 18. Dinev, T. , Hu, Q. (2007). ‘The centrality of awareness in the formation of user behavioral Intention toward protective information technology’. Journal of the Association for Information Systems. 8, 7, 386-408 Google Scholar
  • 19. Dinev, T. , Goo, J. , Hu, Q. , Nam, K. (2009). ‘User behaviour towards protective information technologies: the role of national cultural differences’. Information Systems Journal. 19, 4, 391-412 Google Scholar
  • 20. Ellis, H.C. (1965). The Transfer of Learning. New York, NY:MacMillan Google Scholar
  • 21. Fishbein, M. , Ajzen, I. (1975). Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. Reading, MA:Addison-Wesley Google Scholar
  • 22. Gefen, D. (2000). ‘E-commerce: the role of familiarity and trust’. Omega. 28, 5, 725-737 Google Scholar
  • 23. Gefen, D. , Karahanna, E. , Straub, D.W. (2003). ‘Trust and TAM in online shopping: an integrated model’. MIS Quarterly. 27, 1, 51-90 Google Scholar
  • 24. Gefen, D. , Straub, D.W. , Boudreau, M.C. (2000). ‘Structural equation modeling and regression: guidelines for research practice’. Communications of AIS. 4, 7, 1-79 Google Scholar
  • 25. Hair, J.F. Tatham, R.L. Anderson, R.E. Black, W. (2009). Multivariate Data Analysis. Englewood Cliffs, NJ:Prentice-Hall Google Scholar
  • 26. Hofstede, G. (1980). Culture’s Consequences: International Differences in Work-Related Values. Newbury Park, CA:Sage Publications Google Scholar
  • 27. Hofstede, G. (2010). Cultural Dimensions. (accessed on 12 December 2010), available at http://www.geert-hofstede.com Google Scholar
  • 28. Hofstede, G. (2001). Culture’s Consequences. Thousand Oaks, CA:Sage Publications Google Scholar
  • 29. Howard, J. , Moore, W. , Tushman, M. Moore, W.L. (1982). ‘Changes in consumer behavior over the product life cycle’. Readings in the Management of Innovation. Boston, MA:Pitman , 128 Google Scholar
  • 30. Hui, K. , Teo, H. , Lee, S.T. (2007). ‘The value of privacy assurance: an exploratory field experiment’. MIS Quarterly. 31, 1, 19-33 Google Scholar
  • 31. Internet World Stat (2010). World Internet Usage and Population Statistics. (accessed on 20 August 2010), available at http://www.internetworldstats.com/ Google Scholar
  • 32. Johnston, A.C. , Warkentin, M. (2010). ‘Fear appeals and information security behaviors: an empirical study’. MIS Quarterly. 34, 1, 1-20 Google Scholar
  • 33. Karahanna, E. , Evaristo, R. , Srite, M. (2002). ‘Methodological issues in MIS cross-cultural research’. Journal of Global Information Management. 10, 1, 48-55 Google Scholar
  • 34. Karahanna, E. , Evaristo, R. , Srite, M. (2005). ‘Level of culture and individual behavior: an integrative perspective’. Journal of Global Information Management. 13, 2, 1-20 Google Scholar
  • 35. Kearns, G.S. , Sabherwal, R. (2006–2007). ‘Strategic alignment between business and information technology: a knowledge-based view of behaviors, outcome, and consequences’. Journal of Management Information Systems. 23, 3, 129-162 Google Scholar
  • 36. Kesar, S. (2008). ‘Knowledge management within information security: the case of Baring Bank’. International Journal of Business Information Systems. 3, 6, 652-667 AbstractGoogle Scholar
  • 37. Kim, S.S. (2009). ‘The integrative framework of technology use: an extension and test’. MIS Quarterly. 33, 3, 513-537 Google Scholar
  • 38. King, W.R. (2005). ‘Communications and information processing as critical success factor in the effective knowledge organisation’. International Journal of Business Information Systems. 1, 1–2, 31-52 AbstractGoogle Scholar
  • 39. Kogut, B. , Zander, U. (1992). ‘Knowledge of the firm, combinative capabilities and the replication of technology’. Organization Science. 3, 3, 383-397 Google Scholar
  • 40. Lee, Y. , Kozar, K.A. (2005). ‘Investigating factors affecting the adoption of anti-spyware systems’. Communications of the ACM. 48, 8, 72-77 Google Scholar
  • 41. Lee, Y. , Kozar, K.A. (2008). ‘An empirical investigation of anti-spyware software adoption: a multitheoretical perspective’. Information and Management. 45, 2, 109-119 Google Scholar
  • 42. Liang, H. , Xue, Y. (2009). ‘Avoidance of information technology threats: a theoretical perspective’. MIS Quarterly. 33, 1, 71-90 Google Scholar
  • 43. Looney, C.A. , Akbulut, A.Y. , Poston, R.S. (2008). ‘Understanding the determinants of service channel preference in the early stages of adoption: a social cognitive perspective on online brokerage services’. Decision Sciences. 39, 4, 821-857 Google Scholar
  • 44. Luftman, J. , McLean, E.R. (2004). ‘Key issues for IT executives’. MIS Quarterly Executive. 3, 2, 89-104 Google Scholar
  • 45. Mitra, A. , Campoy, L. (2008). ‘Tacit knowledge, organisational memory: expectations and experiences in developing a knowledge warehouse’. International Journal of Business Information Systems. 3, 6, 686-697 AbstractGoogle Scholar
  • 46. Page, K. , Uncles, M. (2004). ‘Consumer knowledge of the world wide web: conceptualization and measurement’. Psychology and Marketing. 21, 8, 573-591 Google Scholar
  • 47. Rogers, E.M. (2003). Diffusion of Innovations. New York, NY:Free Press Google Scholar
  • 48. Sathye, M. (1999). ‘Adoption of internet banking by Australian consumers: an empirical investigation. International Journal of Bank Marketing. 17, 7, 324-334 Google Scholar
  • 49. Schmidt, M.B. , Johnston, A.C. , Arnett, K.P. , Chen, J.Q. , Li, S. (2008). ‘A cross-cultural comparison of U.S., Chinese computer security awareness’. Journal of Global Information Management. 16, 2, 91-103 Google Scholar
  • 50. Sia, C.L. , Lim, K.H. , Leung, K. , Lee, M.K.O. , Huang, W.W. , Benbasat, I. (2009). ‘Web strategies to promote internet shopping: is cultural-customization needed?’. MIS Quarterly. 33, 3, 491-512 Google Scholar
  • 51. Sorensen, J.B. , Stuart, T.E. (2000). ‘Aging, obsolescence and organizational innovation’. Administrative Science Quarterly. 45, 1, 81-112 Google Scholar
  • 52. Sriramachandramurthy, R. , Balasubramanian, S. , Hodis, M. (2009). ‘Spyware and adware: how do internet users defend themselves?’. American Journal of Business. 24, 2, 41-52 Google Scholar
  • 53. Srite, M. , Karahanna, E. (2006). ‘The role of espoused national cultural values in technology acceptance’. MIS Quarterly. 30, 3, 679-704 Google Scholar
  • 54. Stafford, T.F. , Urbaczewski, A. (2004). ‘Spyware: the ghost in the machine’. Communications of the AIS. 14, 291-306 Google Scholar
  • 55. Vermeulen, F. , Barkema, H. (2001). ‘Learning through acquisitions’. Academy of Management Journal. 44, 3, 457-476 Google Scholar
  • 56. Whitman, M.E. (2003). ‘Enemy at the gate: threat to information security’. Communications of the ACM. 46, 8, 91-95 Google Scholar
  • 57. Zhang, X. (2005). ‘What do consumers really know about spyware?’. Communication of the ACM. 48, 8, 45-48 Google Scholar