You are here: Home Contents V12 N1 V12N1_Summers.html
Personal tools

An Image of Information Security: Examining the Coping Process by Internet Users



Full text

Journal of Information Systems Security
Volume 12, Number 1 (2016)
Pages 325
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Nirmalee Summers — University of Wisconsin-La Crosse, USA
Kent Marett — Mississippi State University, USA
Information Institute Publishing, Washington DC, USA




A wealth of research on information security has explored how the perceptions of possible threats and the countermeasures to help combat them inform an individual’s decision making. To our knowledge though, none have accounted for the possibility of multiple security countermeasures being made available to Internet users. In this study, we integrate the selection of profitability strategies modeled by Image Theory with the coping appraisal variables modeled by Protection Motivation Theory to investigate behavioral intentions with more than one countermeasure. We expected that individuals would tend toward a selection strategy involving personally-controllable variables, like self-efficacy, as opposed to strategies based on the uncontrollable subjective utility of the countermeasures. Of the countermeasures offered in this study, individuals preferred the option in which they perceived high levels of self-efficacy, which provides evidence that Internet users may engage in personal attribute framing as a selection strategy for online security countermeasures. 




Information Security, Malware, Image Theory, Protection Motivation




Anandarajan, M., N. Paravastu, B. Arinze, and R. D’Ovidio. 2012. Online Identity Theft: A Longitudinal Study of Individual Threat-Response and Coping Behaviors. Journal of Information System Security no. 8 (2): 43-69.

Anderson, C., and R. Agarwal. 2010. Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions. MIS Quarterly no. 34 (3):613-643.

Baker, W., and L. Wallace. 2007. Is Information Security Under Control? Investigating Quality in Information Security Management. IEEE Security & Privacy no. 5 (1):36-44.

Beach, L.R. 1993. Image Theory: An Alternative to Normative Decision Theory. Advances in Consumer Research no. 20 (1):235-238.

Beach, L.R., and T. Mitchell. 1978. A Contingency Model for the Selection of Decision Strategies. Academy of Management Review no. 3 (3):439-449.

Beach, L.R., and T. Mitchell. 1987. Image Theory: Principles, Goals, and Plans in Decision Making. Acta Psychologica no. 66 (3):201-220.

Beach, L.R., and T. Mitchell. 1998a. The Basics of Image Theory. In Image Theory: Theoretical and Empirical Foundations, edited by L.R. Beach, 1-17. Malwah, NJ: Lawrence Erlbaum Associates, Inc.

Beach, L.R., and T. Mitchell. 1998b. A Contingency Model for the Selection of Decision Strategies. In Image Theory: Theoretical and Empirical Foundations, edited by L.R. Beach, 143-156. Mahwah, NJ: Lawrence Erlbaum Associates, Inc.

Benamati, J., M. Serva, and M. Fuller. 2010. The Productive Tension of Trust and Distrust: The Coexistence and Relative Role of Trust and Distrust in Online Banking. Journal of Organizational Computing and Electronic Commerce no. 20 (4):328-346.

Boss, S., D. Galletta, P. Lowry, G. Moody, and P. Polak. 2015. What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors. MIS Quarterly no. 39 (forthcoming).

Caralli, R., J. Stevens, L. Young, and W. Wilson. 2007. Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. CERT Coordination Center.

Christensen-Szalanski, J. 1998. Problem-solving Strategies: A Selection Mechanism, Some Implications, and Some Data. In Image Theory: Theoretical and Empirical Foundations, edited by L.R. Beach, 157-172. Mahwah, NJ: Lawrence Erlbaum Associates, Inc.

Culnan, M., E. Foxman, and A.W. Ray. 2008. Why IT Executives Should Help Employees Secure Their Home Computers. MIS Quarterly Executive no. 7 (1):49-56.

D'Arcy, J., A. Hovav, and D. Galletta. 2009. User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. Information Systems Research no. 20 (1):79-98.

D'Aubeterre, F., R. Singh, and L. Iyer. 2008. A Semantic Approach to Secure Collaborative Inter-Organizational eBusiness Processes (SSCIOBP). Journal of the Association for Information Systems no. 9 (3):article 6.

Dinev, T., J. Goo, Q. Hu, and K. Nam. 2009. User Behaviour Towards Protective Information Technologies: The Role of National Cultural Differences. Information Systems Journal no. 19 (4):391-412.

Dinev, T., and Q. Hu. 2007. The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies. Journal of the Association for Information Systems no. 8 (7):article 23.

Dunegan, K. 1993. Framing, Cognitive Modes, and Image Theory: Toward an Understanding of a Glass Half Full. Journal of Applied Psychology no. 78 (3):491-503.

Floyd, D., S. Prentice-Dunn, and R. Rogers. 2000. A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology no. 30 (2):407-429.

Gist, M., and T. Mitchell. 1992. Self-efficacy: A theoretical analysis of its determinants and malleability. Academy of Management Review no. 17:183-211.

Grothmann, T., and F. Reusswig. 2006. People at risk of flooding: Why some residents take precautionary action while others do not. Natural Hazards no. 38:101-120.

Gurung, A., X. Luo, and Q. Liao. 2009. Consumer Motivations in Taking Action Against Spyware: An Empirical Investigation. Information Management & Computer Security no. 17 (3):276-289.

Herath, T., R. Chen, J. Wang, K. Banjara, J. Wilbur, and H.R. Rao. 2012. Security Services as Coping Mechanisms: An Investigation into User Intention to Adopt an Email Authentication Service. Information Systems Journal no. 23:1-24.

Herath, T., and H.R. Rao. 2009. Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organizations. European Journal of Information Systems no. 18:106-125.

Hsu, C., J.-N. Lee, and D Straub. 2012. Institutional Influences on Information Systems Security Innovations. Information Systems Research no. 23 (3):918-939.

Hu, Q., and T. Dinev. 2005. Is Spyware an Internet Nuisance or Public Menace? Communications of the ACM no. 48:61-66.

Ifinedo, P. 2012. Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Computers & Security no. 31 (1):83-95.

Johnston, A., and M. Warkentin. 2010. Fear appeals and information security behaviors: An empirical study. MIS Quarterly no. 34 (3):549-566.

Jones, J., and M. Leary. 1994. Effects of Appearance-Based Admonitions Against Sun Exposure on Tanning Intentions in Young Adults. Health Psychology no. 13:86-90.

Kahneman, D., and A. Tversky. 1984. Choices, Values, and Frames. American Psychologist no. 39 (4):341-350.

Kang, J.E., M. Lindell, and C. Prater. 2007. Hurricane Evacuation Expectations and Actual Behavior in Hurricane Lili. Journal of Applied Social Psychology no. 37 (4):887-903.

Krueger, N., and P. Dickson. 1994. How Believing in Ourselves Increases Risk Taking: Perceived Self-Efficacy and Opportunity Recognition. Decision Sciences no. 25 (3):385-400.

Lazarus, R.S., and S. Folkman. 1984. Stress, Appraisal, and Coping. New York, NY: Springer.

Lee, Y. 2011. Understanding Anti-Plagiarism Software Adoption: An Extended Protection Motivation Theory Perspective. Decision Support Systems no. 50 (2):361-369.

Lee, Y., and K. Kozar. 2005. Investigating Factors Affecting the Adoption of Anti-Spyware Systems. Communications of the ACM no. 48:72-77.

Lee, Y., and K. Larsen. 2009. Threat or Coping Appraisal: Determinants of SMB Executives' Decision to Adopt Anti-Malware Software. European Journal of Information Systems no. 18 (2):177-187.

Levin, I., S. Schneider, and G. Gaeth. 1998. All Frames Are Not Created Equal: A Typology and Critical Analysis of Framing Effects. Organizational Behavior and Human Decision Processes no. 76 (2):149-188.

Liang, H., and Y. Xue. 2010. Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Assocation for Information Systems no. 11 (7):article 1.

Malimage, K., and M. Warkentin. 2011. Influence of Perceived Value of Data on Anti-Virus Software Usage: An Empirical Study of Protection Motivation. Paper read at Dewald Roode Workshop on Information Systems Security Research, at Blacksburg, VA.

Marett, K., A. McNab, and R.B. Harris. 2011. Social Networking Websites and Posting Personal Information: An Evaluation of Protection Motivation Theory. AIS Transactions on Human-Computer Interaction no. 3 (3):170-188.

McAllister, D., T. Mitchell, and L.R. Beach. 1979. The Contingency Model for the Selection of Decision Strategies: An Empirical Test of the Effects of Significance, Accountability, and Reversibility. Organizational Behavior and Human Performance no. 24 (2):228-244.

Milne, G., A. Rohm, and S. Bahl. 2004. Consumers' Protection of Online Privacy and Identity. Journal of Consumer Affairs no. 38 (2):217-232.

Milne, S., P. Sheeran, and S. Orbell. 2000. Prediction and intervention in health-related behavior: A meta-analytic review of protection motivation theory. Journal of Applied Social Psychology no. 30 (1):106-143.

Morrell, K. 2004. Decision Making and Business Ethics: The Implications of Using Image Theory in Preference to Rational Choice. Journal of Business Ethics no. 50 (3):239-252.

Nelson, K. 2004. Consumer Decision Making and Image Theory: Understanding Value-Laden Decisions. Journal of Consumer Psychology no. 14 (1):28-40.

Orloff, J. 2013. Loaded Pages: How Your Website Can Infect Visitors with Malware, last accessed 10/1/2015. Available from

Padayachee, K. 2012. Taxonomy of Compliant Information Security Behavior. Computers & Security no. 31 (5):673-680.

Qiu, W., and D. Li. 2009. A Study for End Users' Perceptions of Business Strategic Factors Among Different IS/IT Contexts. ACM SIGMIS Data Base no. 40 (1):52-61.

Ravindran, S., A. Barua, B. Lee, and A. Whinston. 1996. Strategies for Smart Shopping in Cyberspace. Journal of Organizational Computing and Electronic Commerce no. 6 (1):33-49.

Rhee, H.-S., C. Kim, and Y. Ryu. 2009. Self-efficacy in Information Security: Its Influence on End Users' Information Security Practice Behavior. Computers & Security no. 28 (8):816-826.

Riet, J., R. Ruiter, M. Werrij, and H. De Vries. 2008. The influence of self-efficacy on the effects of framed health messages. European Journal of Social Psychology no. 38 (5):800-809.

Rogers, R. 1975. A protection motivation theory of fear appeals and attitude change. Journal of Psychology no. 91:93-114.

Shillair, R., S. Cotten, H.-Y. S. Tsai, S. Alhabash, R. LaRose, and N. Rifon. 2015. Online safety begins with you and me: Convincing Internet users to protect themselves. Computers in Human Behavior no. 48 (0):199-207.

Shinder, D. 2010. Calculating the True Cost of Cybercrime. Tech Republic no. 14.

Stafford, T., and R. Poston. 2010. Online Security Threats and Computer User Intentions. Computer no. 43 (1):58-64.

Stahl, B.C., N. Doherty, and M. Shaw. 2012. Information Security Policies in the UK Healthcare Sector: A Critical Evaluation. Information Systems Journal no. 22 (1):77-94.

Tubbs, M., and S. Ekeberg. 1991. The Role of Intentions in Work Motivation: Implications for Goal-Setting Theory and Research. Academy of Management Review no. 16 (1):180-199.

Vance, A., M. Siponen, and S. Pahnila. 2012. Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory. Information & Management no. 49 (3-4):190-198.

Weber, R. 2012. Evaluating and Developing Theories in the Information Systems Discipline. Journal of the Assocation for Information Systems no. 13 (1):article 2.

Wolburg, J. 2001. The 'Risky Business' of Binge Drinking Among College Students: Using Risk Models for PSAs and Anti-Drinking Campaigns. Journal of Advertising no. 30 (4):23-39.

Workman, M., W.H. Bommer, and D. Straub. 2008. Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior no. 24 (6):2799-2816.