IT is Risky Business: Three Essays on Ensuring Reliability, Security and Privacy in Technology-Mediated Settings
Abstract
Today's interconnected technical environment creates unprecedented opportunities while simultaneously introducing risks. With economic, social and personal interactions increasingly occurring in technology-mediated settings new vulnerabilities are continually being introduced. In this dissertation, I develop 3 essays which seek to improve extant understanding of how organizations and individuals respond to such risks and manage the new vulnerability. The common thread underlying the studies is that the focal risk is inherently caused by the rapid digitization and dependence on information technology that has permeated economic and social activity.
Essay 1 addresses the increasing dependence of organizations on the reliability of their information technology (IT) infrastructure. I draw on organizational reliability literature to classify IT infrastructure failures and theorize how collective mindfulness can change the way organizations respond to each type of failure. The results support the necessity of examining collective mindfulness at the level of its processes (versus using the omnibus measure) and provide insights into the value of collective mindfulness depending on the failure type.
Essay 2 synthesizes research from information systems, communication, and psychology to form a conceptual model explicating the role played by type of information requested, the purpose for which it is to be used, and the requesting stakeholder in an individual's willingness to disclose personal health information. Further, the model incorporates the impact of emotion linked to one's health condition on willingness to disclose. Results show that emotion plays a significant role in the disclosure decision and suggest that contextual factors related to the requesting stakeholder and the intended purpose of use moderate the relationships between concern and trust on willingness to disclose personal health information.
Essay 3 explores ways to minimize the perception that one is invulnerable to a security violation through an examination of the influence of message cues on computer user security-related optimistic bias and security behavior intentions. Results from experiment 1 confirm an interactive influence of self-view and risk domain frame (social or financial) on security-related intentions. Experiment 2 suggests an interactive relationship between self-view and goal frame on optimistic bias but that influence did not translate into similar changes to intentions.