Cybersecurity & AIS

Cybersecurity - Research 

Thought Leadership, Funding Specific Research Projects 

 

Phishing 

  • Activities during current fiscal period (cumulative): Factors Affecting Individuals' Susceptibility to Cyber Attacks.  

  • Research team is Efrim Boritz, Jessie Ge, and Katharine Patterson.  

  • Objective: To explore personality traits related to susceptibility to cybersecurity threats. Research team is Efrim Boritz, Kate Patterson and Jessica Ge. Support for this research is provided by Richter LLP 

  • This paper was presented at the International Symposium on Accounting Information Systems (ISAIS) held at Michigan State University June 27-28, 2019, where it received the best paper award. 

  • The paper has been accepted for publication by the Journal of Information Systems.

  • Status: Completed 

 

Cybersecurity Research in Accounting Information Systems 

  • Activities during current fiscal period (cumulative): Cybersecurity Research in Accounting Information Systems. 

  • Research team is Alec Cram, David Wang, and Jonathan Yuan.  

  • The objective is to uncover the unique insights that AIS research has contributed to the study of cybersecurity and what promising directions for AIS research into cybersecurity remain untapped.  

  • A literature review was performed, covering 56 articles published in eleven AIS-oriented journals. 

  • A paper from this project has been accepted for publication at the Journal of Emerging Technologies in Accounting.

  • Status: Completed 

 

Cybersecurity Fatigue 

  • Activities during current fiscal period (cumulative): Cybersecurity Fatigue. 

  • Research team is Alec Cram, Jeff Proudfoot and John D'Arcy. 

  • The objective is to understand how employees become tired and disillusioned with security-related initiatives in organizations.  

  • A paper from this project was recently published (Volume 31, Issue 4) in the Information Systems Journal (ISJ). 

  • A supplementary survey (research team is Alec Cram, John D’Arcy, and Alex Benlian) is currently under second review at MIS Quarterly.

  • Status: In process 

 

Cybersecurity Incident Notifications 

  • Activities during current fiscal period (cumulative): Show-and-Tell or Hide-and-Seek? Examining Organizational Cybersecurity Incident Notifications. 

  • Research team is Alec Cram and Rissaile Mouajou-Kenfack.  

  • Included in the proceedings of the Hawaii International Conference on System Sciences (January 2022). 

  • An updated manuscript was presented at the Cybersecurity Emerging Research Symposium at the University of Colorado, Colorado Springs in May.  

  • A further updated manuscript is being revised for a second-round submission to the Organizational Cybersecurity Journal.

  • Status: In process 

 

Cybersecurity Strategy Changes Over Time 

  • Activities during current fiscal period (cumulative): Out with the Old, In with the New: Examining National Cybersecurity Strategy Changes Over Time.  

  • Research team is Alec Cram and Jonathan Yuan.  

  • Presented and included in the proceedings of the Hawaii International Conference on System Sciences (January 2022). 

  • An updated manuscript is under review at the Journal of Cyber Policy.

  • Status: In process 

 

Cybersecurity Illegitimacy 

  • Activities during current fiscal period (cumulative): “What a Waste of Time”: A Longitudinal Examination of Cybersecurity Illegitimacy. 

  • Research team is Alec Cram and John D'Arcy. 

  • This research introduces employee judgements of cybersecurity illegitimacy as a new angle for understanding employee compliance with cybersecurity policies over time. 

  • Manuscript is being revised for a second-round submission to the Information Systems Journal.

  • Status: In process 

 

Cybersecurity Regulations 

  • Activities during current fiscal period (cumulative): Weathering the Storm: Charting a Course for Organizations to Navigate the Raging Tempest of Cybersecurity Regulations. 

  • Research team is Jeff Proudfoot and Alec Cram. 

  • This research aims to clarify how cybersecurity regulations are operationalized in organizations, as well as reveal the compliance and performance consequences of cybersecurity regulations. 

  • Manuscript is under review at the Information Systems Journal. A separate submission is under review for inclusion in the MISQE Workshop on 'Boards of Directors and the Governance of Digital Technology' at ICIS 2022 in Copenhagen.

  • Status: In process 

Cybersecurity – Education and Knowledge Transfer 

Disseminating Best Practices, Sharing Material (Workshops / Conferences) 

Developing Courses, Workshops, Cases and Other Teaching Material 

 

Cybersecurity Undergraduate Elective Course 

  • Activities during current fiscal period (cumulative): Alec Cram developed a new undergraduate elective course at UW called AFM 347 - Cybersecurity. The course has been offered twice so far (Fall 2021 and Winter 2022) and is underway again in Fall 2022. 

  • Relevance to Foresight: Cybersecurity 

  • Status: Ongoing 

Cybersecurity – Interaction 

 

Alliances and Relationships - AICPA 

  • Activities during current fiscal period (cumulative): Efrim is a member of the AICPA Trust Services Information Integrity Task Force, the Cybersecurity Task Force. Updated SOC guidance is in progress. Response to SEC proposal on Cybersecurity Risks is in progress. 

  • Relevance to Foresight: Cybersecurity 

  • Status: Ongoing 

 

Alliances and Relationships – UW CPI Institute 

  • Activities during current fiscal period (cumulative): Alec Cram is a member. 

  • Relevance to Foresight: Cybersecurity 

  • Status: Ongoing