Xin (Robert) Luo

Integrative framework for assessing firms' potential to undertake Green IT initiatives via virtualization - A theoretical perspective

Green IT (information technology) has recently emerged into an active research area in the information systems (IS) discipline. A major gap that exists in the Green IT research literature today is the absence of a theoretical framework that can be used to assist organizations in assessing their potential for undertaking Green IT initiatives and implementing them via modern technological means such as virtualization. This study attempts to bridge this gap by developing and proposing an integrative framework which focuses on identifying and examining the factors that contribute to the assessment of a firms readiness to go green via IT-enabled virtualization. The framework is firmly grounded using three well-established IS theories: (a) technology-organization-environment, (b) process-virtualization, and (c) diffusion of innovation. It integrates these three theoretical lenses to utilize the strengths of each for assessing the potential for undertaking Green IT initiatives and the stages of Green IT implementation at the organizational level. The implications of the outcome of this study, both for the IS researchers and for the practicing managers are discussed. The plan for empirical testing and validation of our propositions is presented, as well as suggestions for future extensions of this study.

Understanding the Determinants of User Acceptance of Enterprise Instant Messaging: An Empirical Study

As modern organizations increasingly depend on information systems (IS) to enhance work productivity and seek new business opportunities, communication effectiveness has become one of the key factors that underlie the effective performance of IS implementations and applications. Instant Messaging (IM) presents a revolution in enterprise communication. As more organizations are findings ways to utilize this near-synchronous computing communication technology to enhance communication effectiveness in the workplace, there is a compelling need to understand the factors that are important for the adoption of enterprise IM. We have developed an integrative model based on constructs of the existing IT adoption models as well as theories on motivation, innovation diffusion, and critical mass. Using responses from 140 intended subjects, we have found the results of survey data support the contentions that perceived usefulness, compatibility, enjoyment, and security are significant predictors of intention to use enterprise IM. Although perceived connectivity did not predict the intention directly, it did indirectly through perceived usefulness and perceived ease of use. Implications and future research are discussed.

Improving multiple-password recall: an empirical study

As one of the most common authentication methods, passwords help secure information by granting access only to authorized parties. To be effective, passwords should be strong, secret, and memorable. While password strength can be enforced by automated information technology policies, users frequently jeopardize secrecy to improve memorability. The password memorability problem is exacerbated by the number of different passwords a user is required to remember. While short-term memory theories have been applied to individual-password management problems, the relationship between memory and the multiple-password problem has not been examined. This paper treats the multiple-password management crisis as a search and retrieval problem involving human beings’ long-term memory. We propose that interference between different passwords is one of the major challenges to multiple-password recall and that interference alleviation methods can significantly improve multiple-password recall. A lab experiment was conducted to examine the effectiveness of two interference alleviation methods: the list reduction method and the unique identifier method. While both methods improve multiple-password recall performance, the list reduction method leads to statistically significant improvement. The results demonstrate the potential merit of practices targeting multiple-password interference. By introducing long-term memory theory to multiple-password memorability issues, this study presents implications benefiting users and serves as the potential starting point for future research.

A framework for spyware assessment

One of the most challenging problems confronting the IT community is responding to the threat of spyware. Recent research, legislative actions, and policy changes have been hastened to counter spywares threat to the privacy and productivity of both individuals and organizations [2, 10--12].

Automated negotiation for e-commerce decision making: A goal deliberated agent architecture for multi-strategy selection

Abstract Automated negotiation plays an important role in dynamic trading in e-commerce. Its research largely focuses on negotiation protocol and strategy design. There is a paucity of further scientific investigation and a pressing need on the implementation of multi-strategy selection, which is crucially useful in human–computer negotiation to achieve better online negotiation outcomes. The lack of such studies has decelerated the process of applying automated negotiation to real world problems. To address the critical issue, this paper develops a multi-strategy negotiating agent system. More specifically, we formally define the agents conceptual model, and design its abstract software architecture. Grounded on the integration of the time-dependent and behavior-dependent tactics, we also develop a multi-strategy selection theoretical model and algorithm. To demonstrate the effectiveness of this model algorithm, we implement a prototype and conduct numerous experiments. The experimental analysis not only confirms our models effectiveness but also reveals some insights into future work about human–computer negotiation systems, which will be widely used in the future B2C e-commerce.

Exploring the impact of instant messaging on subjective task complexity and user satisfaction

Instant messaging (IM) technologies are being rapidly deployed in the workplace. Current studies largely focus on the adoption of IM and how IM is used. Little research has been conducted to understand the potential impact of using IM in the workplace. This paper theorizes and empirically tests how the frequency of IM interruptions and the position power of message sender could interact with an individual’s polychronic orientation, that is, multitasking preference, and jointly influence employee satisfaction and subjective task complexity. The present study illustrates that polychronic knowledge workers are more satisfied with the multitasking work process deploying IM technology than monochronic ones. In addition, the effect of interruptions is dependent upon an individual’s polychronic orientation. The increase in interruption frequency only reduces the process satisfaction of monochronic individuals but not polychronic individuals. Further, the polychronic orientation of message receivers also influences how they process information. When IM messages are sent from their supervisors, monochronic individuals tend to prioritize tasks and perceive a lower level of overall task complexity. The information processing of polychronic individuals seem to be less influenced by the position power of message sender.

Consumer motivations in taking action against spyware: an empirical investigation

Purpose – The purpose of this paper is to develop a research framework and empirically analyze the factors that motivate the consumers to adopt and use anti‐spyware tools when they are faced with security threats.Design/methodology/approach – The research model was tested with data obtained through online survey questionnaires. A pre‐ and a pilot‐test of the survey instrument are conducted. Then, a final five‐point Likert scale instrument is created. The solicitation for participants is done through e‐mail invitations. Survey results are analyzed using factor analysis and logistic regression.Findings – The results do not find statistically significant relationships for hypotheses related to perceived vulnerability and response cost with the dependent variable. Perceived severity, self‐efficacy, and response efficacy are significantly related to use of anti‐spyware tools.Research limitations/implications – The empirical findings suggest that protection motivation theory (PMT) may possibly provide a new ave...

Social Engineering: The Neglected Human Factor for Information Security Management

Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.

Awareness Education as the Key to Ransomware Prevention

In the paradigm of Information Systems (IS), information security research has received increased attention from both academic researchers and industry practitioners alike. This intriguing phenomena is related to the growing recognition that, notwithstanding the advances in information technology (IT) for data collection, storage, and processing at a remarkable rate, users’ concerns over security of what is surreptitiously collected and the privacy violations resulting from their misuse of IT have also skyrocketed. Such sophisticated threats as phishing, pharming, and spyware have further exacerbated users’ worries about information confidentiality, integrity, and availability. Therefore, understanding of pertinent issues in information security vis-a-vis technical, theoretical, managerial, and regulatory aspects of information systems is becoming increasingly important to the IT community. Today’s organizations confront not only keen peer competition in business society but also increasingly sophisticated information security threats in cyber world, as online presence and business transaction are considered as a possible profit-driven avenue and a necessary means for global competence. In computer virology, as technologies continue to evolve, advanced encryption algorithms, on the positive side, can be utilized to effectively protect valuable information assets of enterprises. On the negative side, however, they can also be employed by malicious attackers to conduct pernicious activities in search of profits or benefits. Past information security research has investigated such malware programs as Trojan horse, worms, and spyware from a plethora of scientific perspectives (Warkentin, Luo, and Templeton, 2005), and relevant strategies and tactics have been proposed to alleviate and eradicate the cyber threats (Luo, 2006). Recently, the emergence of a new form of malware in cyberspace known as ransomware or cryptovirus has drawn attention among information security practitioners and researchers. Imposing serious threats to information assets protection, ransomware victimizes Internet users by hijacking user files, encrypting them, and then demanding payment in exchange for the decryption key. Seeking system vulnerabilities, ransomeware invariably tries to seize control over the victim’s files or computer until the victim agrees to the attacker’s demands, usually by transferring funds to the designated online currency accounts such as eGold or Webmoney or by purchasing Address correspondence to Xin Luo, Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, Virginia, 23806. E-mail: xluo@vsu.edu Awareness Education as the Key to Ransomware Prevention

Green IT adoption: a process management approach

Purpose - To better understand and assist business managers to deal with green IT adoption, this paper provides a step-by-step process management approach. Design/methodology/approach - By drawing on the process management to investigate the green IT adoption, the paper analyzes and discusses four different phases: plan, design, implement, and measure the performance of the process. Findings - The likelihood that companies will successfully adopt green IT initiatives depends on several organizational and environmental factors. The primary factor is the Champion Support. Lack of implementation barriers is another important factor among others. Research limitations/implications - By comparing behavioral and technological changes derived from green IT initiatives and unveiling possible factors associated with the adoption process, this paper provides an opportunity for academics to conduct applied research based on the issues discussed. Practical implications - The paper can be an extremely useful and practical source for top-level managers, particularly IT managers, to bring greener technologies and more environmentally responsible strategies and practices to their organizations. Originality/value - The paper contends that the green IT adoption process is an ensemble of four phases: plan, design, implement, and measure the performance of the process. This paper serves as a guide and offers practical measures in terms of understanding how green IT initiatives could be more effectively and efficiently adopted by organizations.