Why Security and Privacy Research Lies at the Centre of the Information Systems (IS) Artefact: Proposing a Bold Research Agenda

European Journal of Information Systems (EJIS), vol. 26(6) pp. 546–563

36 Pages Posted: 2 Oct 2017 Last revised: 27 Nov 2017

See all articles by Paul Benjamin Lowry

Paul Benjamin Lowry

Virginia Tech - Pamplin College of Business

Tamara Dinev

Florida Atlantic University - School of Accounting

Robert Willison

University of Newcastle

Date Written: November 30, 2017

Abstract

In this essay, we outline some important concerns in the hope of improving the effectiveness of security and privacy research. We discuss the need to re-examine our understanding of information technology (IT) and information system (IS) artefacts and to expand the range of the latter to include those artificial phenomena that are crucial to information security and privacy research. We then briefly discuss some prevalent limitations in theory, methodology, and contributions that generally weaken security/privacy studies and jeopardise their chances of publication in a top IS journal. More importantly, we suggest remedies for these weaknesses, identifying specific improvements that can be made and offering a couple of illustrations of such improvements. In particular, we address the notion of loose re-contextualisation, using deterrence theory (DT) research as an example. We also provide an illustration of how the focus on intentions may have resulted in an underuse of powerful theories in security and privacy research, because such theories explain more than just intentions. We then outline three promising opportunities for IS research that should be particularly compelling to security and privacy researchers: online platforms, the Internet of things (IoT), and big data. All of these carry innate information security and privacy risks and vulnerabilities that can be addressed only by researching each link of the systems chain, that is, technologies–policies–processes–people–society–economy–legislature. We conclude by suggesting several specific opportunities for new research in these areas.

Keywords: Security, privacy, information technology (IT) artefact, information systems (IS) artefact, future research, online platforms, the Internet of things (IoT), big data, deterrence theory (DT), rational choice theory (RCT)

Suggested Citation

Lowry, Paul Benjamin and Dinev, Tamara and Willison, Robert, Why Security and Privacy Research Lies at the Centre of the Information Systems (IS) Artefact: Proposing a Bold Research Agenda (November 30, 2017). European Journal of Information Systems (EJIS), vol. 26(6) pp. 546–563, Available at SSRN: https://ssrn.com/abstract=3046055

Paul Benjamin Lowry (Contact Author)

Virginia Tech - Pamplin College of Business ( email )

1016 Pamplin Hall
Blacksburg, VA 24061
United States

Tamara Dinev

Florida Atlantic University - School of Accounting ( email )

School of Accounting
777 Glades Road
Boca Raton, FL 33431
United States

Robert Willison

University of Newcastle ( email )

5 Barrack Road
Devonshire Building
NEWCASTLE UPON TYNE, 2308 NE1 7RU
United Kingdom

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
399
Abstract Views
1,535
Rank
135,598
PlumX Metrics