Options
Mario Silic
Last Name
Silic
First name
Mario
Email
mario.silic@unisg.ch
Now showing
1 - 10 of 17
-
PublicationImproving warning messages adherence: can Maya Security Bot advisor help?Despite several different methods that have been suggested to improve users’ adherence to warning messages, users are still left alone in their decision-making process and have to deal with possible negative consequences of their decisions. To improve warning message adherence and to help users make a more informed decision, supported by the social facilitation theory and following design-driven approach, we implemented a real-time security bot advisor Maya. We conducted an online experiment with 312 users. The results suggest significant improvement in the warning adherence (from 38 to 61%) with the highest effect on older users. We demonstrated that the security bot advisor can be of a great help in influencing a user’s decision-making process. We suggest several ways that our findings can be used by warning designers and provide new directions for future research.Type: journal articleJournal: Security Journal
-
PublicationType: journal articleJournal: AIS Transactions on Replication ResearchVolume: 4Issue: 1DOI: 10.17705/1atrr.00021
-
PublicationA new perspective on neutralization and deterrence: Predicting shadow IT usageThis study examines the role of neutralization and deterrence in discouraging employees from using Shadow IT: tools, services and systems used in an organization but not authorized by the IT department. Our study provides a unique contribution to the IT security literature by studying effects of neutralization on both intentions (self-reported) and actual behavior, as well as examining the role of shame as a mediator. We surveyed employees from four organizations and found that the “metaphor of the ledger” neutralization technique predicts Shadow IT intention and actual Shadow IT usage. We also find that neutralization and deterrence effects influence shame.Type: journal articleJournal: Information & managementVolume: 54Issue: 8
Scopus© Citations 79 -
PublicationThe dark side of social networking sites : Understanding phishing risksLinkedIn, with over 1.5 million Groups, has become a popular place for business employees to create private groups to exchange information and communicate. Recent research on social networking sites (SNSs) has widely explored the phenomenon and its positive effects on firms. However, social networking's negative effects on information security were not adequately addressed. Supported by the credibility, persuasion and motivation theories, we conducted 1) a field experiment, demonstrating how sensitive organizational data can be exploited, followed by 2) a qualitative study of employees engaged in SNSs activities; and 3) interviews with Chief Information Security Officers (CISOs). Our research has resulted in four main findings: 1) employees are easily deceived and susceptible to victimization on SNSs where contextual elements provide psychological triggers to attackers; 2) organizations lack mechanisms to control SNS online security threats, 3) companies need to strengthen their information security policies related to SNSs, where stronger employee identification and authentication is needed, and 4) SNSs have become important security holes where, with the use of social engineering techniques, malicious attacks are easily facilitated.Type: journal articleJournal: Computers in Human BehaviorVolume: 60
Scopus© Citations 45 -
PublicationThe Influence of Risk Factors in Decision-Making Process for Open Source Software Adoption"Nobody ever got fired for buying IBM," was a widely used cliché in the 1970s in the corporate IT (information technology) world. Since then, the traditional process of purchasing software has dramatically changed, challenged by the advent of open source software (OSS). Since its inception in the 1980s, OSS has matured, grown, and become one of the important driving forces of the enterprise ecosystem. However, it has also brought important IT security risks that are impacting the OSS IT adoption decision-making process. The recent Heartbleed bug demonstrated the grandeur of the issue. While much of the noise relates to the amplification of perceived risks by the popular mass media coverage, the effect is that many enterprises, mainly for risk reasons, have still chosen not to adopt OSS. We investigated "how do information security related characteristics of OSS affect the risk perception and adoption decision of OSS" by conducting an online survey of 188 IT decision-makers. The proposed Open Source Risk Adoption Model offers novel insights on the importance of the perceived risk antecedents. Our research brings new theoretical contributions, such as understanding the perceived IT security risk (PISR) relationship with adoption intention (AI) in the OSS context, for researchers and important insights for IT information professionals. We have found that IT security risk has a significant role in OSS adoption intention. Our results offer possible future research directions and extend existing theoretical understanding of OSS adoption.Type: journal articleJournal: International Journal of Information Technology and Decision MakingVolume: 15Issue: 1
Scopus© Citations 17 -
PublicationInfluence of Shadow IT on Innovation in OrganizationsShadow IT is relatively new and emerging phenomenon which is bringing number of concerns and risks to the organizational security. Past literature has mostly explored the “negative” effects of the Shadow IT phenomenon, including, for example, the security aspect where Shadow systems are said to undermine the official systems and endanger organizational data flows. However, the question of how Shadow IT can contribute to leverage user’s innovation has not been adequately addressed. We used three methods to understand if Shadow IT can be an important source of innovation for firms: 1) Single case study with international firm that adopted Shadow IT; 2) Interviews with 15 IT executives and 3) Focus group using twitter as enabling tool to interact with 65 IT professionals. We offer a new perspective on how Shadow IT practices can leverage user’s innovation. The study offers novel insights on the role of Shadow users in the organizational innovation process and how they contribute to new innovations by using Shadow IT. Not only this user led innovation through Shadow IT brings positive outcomes for the employee, but it also reveals the path to follow for organizations to increase their innovation capabilities.Type: journal articleJournal: Complex Systems Informatics and Modeling QuarterlyIssue: 8
-
PublicationFactors impacting information governance in the mobile device dual-use contextThe purpose of this paper is to reveal factors that impact information governance within the mobile technology implementation in organizations in the dual-use context. Case study methodology was used and 15 semi-structured interviews were conducted with records and information management (RIM) and information security professionals from different types of organizations. There are three main findings. First, stakeholder support is critical to drive the change and leverage organizational security culture. Second, records mobility with data security dimension represents the biggest challenge for RIM stakeholders. Third, mobile strategy and security framework are two must-win areas for a successful mobile implementation. The paper does not include any end-user perspective in interviews and this end-user context is missing. Awareness through education and training of employees needs to be given very particular attention in the future mobile implementations. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Finally, mobile strategy needs undergo a very precise and detailed planning process to ensure the right technology acceptance by users. The paper closes an existing research gap and provides useful insights to record management professionals and practitioners on factors that impact effective information governance implementation within the mobile dual-use context.Type: journal articleJournal: Records Management JournalVolume: 23Issue: 2
Scopus© Citations 18 -
PublicationDeterrent Effects of Warnings on User’s Behavior in Preventing Malicious Software Use(Proceedings of the 50th Annual Hawaii International Conference on System Sciences (HICSS), 2017-01-06)
-
PublicationImpact of Gamification on User’s Knowledge-Sharing Practices:Relationships between Work Motivation, Performance Expectancy and Work Engagement(Proceedings of the 50th Annual Hawaii International Conference on System Sciences (HICSS), 2017-01-07)
-
PublicationEffects of Color Appeal, Perceived Risk and Culture on User’s Decision in Presence of Warning Banner Message(Proceedings of the 50th Annual Hawaii International Conference on System Sciences (HICSS), 2017-01-07)