Anat Hovav scite author profile

I ntentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed.

show abstract

Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea

Hovav

D’Arcy

2012

Information & Management

186

115

View full text Add to dashboard Cite

The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms

Hovav¹,

D’Arcy²

2003

Risk Manage Insurance Review

189

View full text Add to dashboard Cite

The increase in security breaches in the last few years and the need to insure information assets has created an intensified interest in information risk within organizations and for insurance companies. Risk assessment is an important component in the establishment of security policies. However, very little is known of the financial impact and the risk associated with security breaches. This article reports the impact of Denial-of-Service (DOS) attack announcements on the market over a period of 4.5 years. The study was conducted using event study methodology. The results show that in general the market does not penalize companies that experience such an attack. However, there is an indication that the market penalizes "Internet-specific" companies more than other companies. Our results indicate that large companies who are not "Internet-specific" might be overreacting to the media hype and may be investing resources to prevent a problem that has marginal impact on their shareholder value.Anat Hovav, Ph.D., is an Assistant Professor of Management

show abstract

A model of Internet standards adoption: the case of IPv6

Hovav¹,

Patnayakuni

Schuff³

2004

Information Systems Journal

View full text Add to dashboard Cite

The Internet presents a unique environment in which to study adoption. This is because of its composition of autonomous entities that are otherwise strongly interrelated. Our model of Internet standards adoption (ISA) combines diffusion of innovation and economics of adoption literature to present an integrative model. This model proposes that the adoption of Internet-based standards is dependent upon two dimensions: the usefulness of the features to the potential adopter, and the conduciveness of the environment to adoption of the standard. This model accounts for not only the traditional dichotomous view of adoption, but also includes the notion of 'partial adoption', where both old and new standards can coexist for extended periods of time. As a demonstration, we apply the ISA model to the next generation Internet protocol Internet Protocol version 6 (IPv6). Despite its ostensible superiority, IPv6 has not been widely adopted. In this paper we discuss the reasons why this might be the case. Our analysis also draws wider conclusions about the adoption of Internet standards: in particular, the importance of transitional technologies between the old and new standards and the need for co-ordinated government polices which encourage adoption. Our analysis also indicates that geopolitical boundaries may have a considerable impact on the adoption of Internet standards.

show abstract

Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures

2008

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Anat Hovav

User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea

The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms

A model of Internet standards adoption: the case of IPv6

Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures

Contact Info

Product

Resources

About