Top

Information Systems Frontiers

Published in:

11-10-2016

What could possibly go wrong? A multi-panel Delphi study of organizational social media risk

Authors: Paul M. Di Gangi, Allen C. Johnston, James L. Worrell, Samuel C. Thompson

Published in: Information Systems Frontiers | Issue 5/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The growth of social media has crossed the boundary from individual to organizational use, bringing with it a set of benefits and risks. To mitigate these risks and ensure the benefits of social media use are realized, organizations have developed a host of new policies, procedures, and hiring practices. However, research to date has yet to provide a comprehensive view on the nature of risk associated with the use of social media by organizations. Using a multi-panel Delphi approach consisting of new entrants to the workforce, certified human resource professionals, and certified Information Technology auditors, this study seeks to understand organizational social media risk. The results of the Delphi panels are compared against a textual analysis of 40 social media policies to provide a comprehensive view of the current state of social media policy development. We conclude with directions for future research that may guide researchers interested in exploring social media risk in organizations.

previous article Facilitating resource sharing and selection in ubiquitous multi-user environments

next article Exploring knowledge management software implementation from a knowing-in-practice perspective

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

http://mashable.com/2011/02/16/red-cross-tweet/ (Accessed 05/15/2016)

https://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks (Accessed 05/15/2016)

https://www.zerofox.com/blog/top-9-social-media-threats-2015/ (Accessed 05/15/2016)

https://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171513574 (Accessed 05/15/2016)

Alter, S., & Sherer, S. A. (2004). A general, but readily adaptable model of information system risk. Communications of the Association for Information Systems, 14(1–28), 1.

Argenti, P. A., & Druckenbiller, B. (2004). Reputation and the corporate brand. Corporate Reputation Review, 6(4), 368–374.CrossRef

Aula, P. (2010). Social media, reputation risk, and ambient publicity management. Strategy & Leadership, 38(6), 43–49.CrossRef

Barton, B. F., & Barton, M. S. (1984). User-friendly password methods for computer-mediated information systems. Computers & Security, 3(3), 186–195.CrossRef

Baskerville, R., Park, E. H., & Kim, J. (2014). An emote opportunity model of computer abuse. [article]. Information Technology & People, 27(2), 155–181. doi:10.1108/itp-11-2011-0068.CrossRef

Baur, A. W. (Forthcoming). Harnessing the social web to enhance insights into people’s opinions in business, government and public administration. Information Systems Frontiers, 1–21.

Bernoff, J., & Schadler, T. (2010). Empowered. Harvard Business Review, 88(July–August), 95–101.

Best, R. (1974). An experiment in delphi estimation in marketing decision making. Journal of Marketing Research, 11, 448–452.CrossRef

Bharati, P., Zhang, C., & Chaudhury, A. (2014). Social media assimilation in firms: investigating the roles of absorptive capacity and institutional pressures. Information Systems Frontiers, 16(2), 257–272.CrossRef

Boje, D., & Murninghan, J. (1982). Group confidence pressures in iterative decisions. Management Science, 28, 1187–1196.CrossRef

Boyatzis, R. E. (1998). Transforming qualitative information: Thematic analysis and code development. Chicago: Sage.

Boyd, D. (2008). Facebook’s privacy trainwreck: exposure, invasion, and social convergence. Convergence: The International Journal of Research into New Media Technologies, 14(1), 13–20.CrossRef

Brancheau, J. C., & Wetherbe, J. C. (1987). Key issues in information systems management. MIS Quarterly, 11(1), 22.CrossRef

Brancheau, J. C., & Wetherbe, J. C. (1990). The adoption of spreadsheet software: testing innovation diffusion theory in the context of end-user computing. Information Systems Research, 1(2), 115–143.CrossRef

Brockhoff, K. (2002). The performance of forecasting groups in computer dialogue and face-to-face discussion. In M. Turoff, & H. A. Linestone (Eds.), The Delphi Method: Techniques and Applications. Addison-Wesley Publishing Co.

Buckley, J. L. (1974). Family Educational Rights and Privacy Act (FERPA). In U. S. Congress (Ed.), (Vol. 20 U.S.C. § 1232 g; 34 CFR Part 99). Washington, D. C.: United States Congress.

Byrd, S. (2012). Hi fans! Tell us your story!: incorporating a stewardship-based social media strategy to maintain brand reputation during a crisis. Corporate Communications: An International Journal, 17(3), 241–254.CrossRef

Chou, W.-Y. S., Hunt, Y. M., Beckjord, E. B., Moser, R. P., & Hesse, B. W. (2009). Social media use in the United States: implications for health communication. Journal of Medical Internet Research, 11(4), e48.CrossRef

Choudhary, A., Hendrix, W., Lee, K., Palsetia, D., & Liao, W.-K. (2012). Social media evolution of the Egyptian revolution. Communications of the ACM, 55(5), 74–80.CrossRef

Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2004). Enterprise risk management - integrated framework. New York, NY: Committee of Sponsoring Organizations of the Treadway Commission.

Culnan, M. J., McHugh, P. J., & Zubillaga, J. I. (2010). How large U.S. companies can use twitter and other social media to gain business value. MIS Quarterly Executive, 9(4), 243–259.

Dahlander, L., & Piezunka, H. (2014). Open to suggestions: how organizations elicit suggestions through proactive and reactive attention. Research Policy, 43, 812–827.CrossRef

Deans, P. C. (2011). The impact of social media on C-level roles. MIS Quarterly Executive, 10(4), 187–200.

Delbecq, A., Van de Ven, A., & Gustafson, D. (1975). Group techniques for program planning: A guide to nominal group and delphi processes. Glenview, IL: Scott, Foresman, and Company.

Dhillon, G., & Torkzadeh, G. (2006). Value-focused assessment of information system security in organizations. [article]. Information Systems Journal, 16(3), 293–314. doi:10.1111/j.1365-2575.2006.00219.x.CrossRef

Di Gangi, P. M., & Wasko, M. (2009). Steal my idea! Organizational adoption of user innovations from a user innovation community: a case study of Dell IdeaStorm. Decision Support Systems, 48(1), 303–312.CrossRef

Di Gangi, P. M., Wasko, M., & Hooker, R. E. (2010). Getting customers’ ideas to work for you: learning from Dell how to succeed with online user innovation communities. MIS Quarterly Executive, 9(4), 213–228.

Dickinson, G. W., Leitheiser, R. L., Wetherbe, J. C., & Nechis, M. (1984). Key information systems issues for the 1980’s. MIS Quarterly, 8(3), 24.

Dijkmans, C., Kerkhof, P., & Beukeboom, C. J. (2015). A stage to engage: social media use and corporate reputation. Tourism Management, 47(April), 58–67.CrossRef

El-Gayar, O. F., & Fritz, B. D. (2010). A web-based multi-perspective decision support system for information security planning. [article]. Decision Support Systems, 50(1), 43–54. doi:10.1016/j.dss.2010.07.001.CrossRef

Gaines-Ross, L. (2013). Get social: a mandate for new CEOs. MIT Sloan Management Review, 54(3), 1–5.

Gallaugher, J., & Ransbotham, S. (2010). Social media and customer dialog management at Starbucks. MIS Quarterly Executive, 9(4), 197–212.

Goel, S., & Chengalur-Smith, I. (2010). Metrics for characterizing the form of security policies. Journal of Strategic Information Systems, 19, 281–295.CrossRef

Goh, S. H., & Di Gangi, P. M. (2016). A framework for understanding risk perceptions in cooperatives. The Cooperative Accountant, LXIV(Summer), Article 2.

Goodhue, D. L., & Straub, D. (1991). Security concerns of system users: a study of perceptions of the adequacy of security. Information Management, 20(1), 13–27.CrossRef

Gramm, P., Leach, J., & Bliley, T. J. Jr. (1999). Gramm-Leach-Bliley Act. In t. U. S. Congress (Ed.), (Vol. Public Law 106–102). Washington, D. C.: United States Congress.

Gray, P., & Hovav, A. (2014). Using scenarios to understand the frontiers of IS. Information Systems Frontiers, 16, 337–345.CrossRef

Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 611–642.

Guitierrez, F. J., Ochoa, S. F., Zurita, G., & Baloian, N. (2016). Understanding student participation in undergraduate course communities: a case study. Information Systems Frontiers, 18(1), 7–21.CrossRef

Hanna, R., Rohm, A., & Crittenden, V. L. (2011). We’re all connected: the power of the social media ecosystem. Business Horizons, 54(3), 265–273.CrossRef

Helm, C., & Jones, R. (2010). Brand governance: the new agenda in brand management. Brand Management, 17, 545–547.CrossRef

Hogben, G. (2007). Security issues and recommendations for online social networks. ENISA position paper (1).

Hsu, L., & Lawrence, B. (2015). The role of social media and brand equity during a product recall crisis: a shareholder value perspective. International Journal of Research in Marketing, 33(1), 59–77.CrossRef

Hunton, J. E., Wright, A. M., & Wright, S. (2004). Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? Journal of Information Systems, 18(2), 7–28.CrossRef

Ifinedo, P. (2011). An exploratory study of the relationships between selected contextual factors and information security concerns in global financial services institutions. Journal of Privacy & Security, 7(1), 25–49.CrossRef

IT Governance Institute (ITGI) (2005). COBIT 5. Rolling Meadows, IL: IT Governance Institute.

Jenkins, C. (2012). Towards ‘social’ security. Computer Fraud & Security, 2012(8), 18–20. doi:10.1016/s1361-3723(12)70084-2.CrossRef

Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS Quarterly, 34(3), 549–566.CrossRef

Johnston, A. C., Worrell, J. L., Di Gangi, P. M., & Wasko, M. (2013). Online health communities: an assessment of the influence of participation on patient empowerment outcomes. Information Technology & People, 26(2), 213–235.CrossRef

Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113–134.CrossRef

Kallinikos, J., & Tempini, N. (2014). Patient data as medical facts: social media practices as a foundation for medical knowledge creation. Information Systems Research, 25(4), 817–833.CrossRef

Kane, G. C. (2015a). Can you really let employees loose on social media? MIT Sloan Management Review, 56(2), 1–9.

Kane, G. C. (2015b). Enterprise social media: Current capabilities and future possibilities. MIS Quarterly Executive, 14(1), 1–16.

Kane, G. C., Fichman, R. G., Gallaugher, J., & Glaser, J. (2009). Community relations 2.0. Harvard Business Review, November.

Kane, G. C., Alavi, M., Labianca, G., & Borgatti, S. P. (2014). What’s different about social media networks? A framework and research agenda. MIS Quarterly, 38(1), 275–304.CrossRef

Kankanhalli, A., Teo, H.-H., Tan, B. C. Y., & Wei, K.-K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23, 139–154.CrossRef

Kaplan, A. M., & Haenlein, M. (2010). Users of the world unite! The challenges and opportunities of social media. Business Horizons, 53(1), 59–68.CrossRef

Kennedy, E., & Kassebaum, N. (1996). Health Insurance Portability and Accountability Act (HIPPA) of 1996. In t. U. S. Congress (Ed.), (Vol. Public Law 104–191). Washington, D. C.: United States Congress.

Kietzmann, J. H., Hermkens, K., McCarthy, I. P., & Silvestre, B. S. (2011). Social media? Get serious! Understanding the functional building blocks of social media. Business Horizons, 54(3), 241–251.CrossRef

Kotulic, A. G., & Clark, J. G. (2004). Why there aren’t more information security research studies. Information Management, 41(5), 597–607.CrossRef

Krasnova, H., Günther, O., Spiekermann, S., & Koroleva, K. (2009). Privacy concerns and identity in online social networks. Identity in the Information Society, 2, 39–63.CrossRef

Krasnova, H., Widjaja, T., Buxmann, P., Wenninger, H., & Benbasat, I. (2015). Why following friends can hurt you: an exploratory investigation of the effects of envy on social networking sites among college-age users. Information Systems Research, 26(3), 585–605.CrossRef

Landis, J. R., & Koch, G. G. (1977). The measurement of observer agreement for categorical data. Biometrics, 33(1), 159–174.CrossRef

Leidner, D., Koch, H., & Gonzalez, E. (2010). Assimilating generation Y IT new hires into USAA’s workforce: the role of an enterprise 2.0 system. MIS Quarterly Executive, 9(4), 229–242.

Leonardi, P. M., Huysman, M., & Steinfield, C. (2013). Enterprise social media: definition, history, and prospects for the study of social technologies in organizations. Journal of Computer-Mediated Communication, 19(1), 1–19.CrossRef

Levy, M., Leusner, A., & Wasti, K. (2015). Putting the squeeze on social media: understanding social media regulation, and its associated risks, is key to helping protect the organization from potential harm. Internal Auditor, 72(1), 36–42.

Li, H., Sarathy, R., Zhang, J., & Luo, X. (2014). Exploring the effects of organizational justice, personal ethics and sanction on internet use policy compliance. Information Systems Journal, 24(6), 479–502.CrossRef

Linestone, H. A., & Turoff, M. (2002). The Delphi method: techniques and applications. Reading: Addison-Wesley Publishing Co.

Lundmark, L. W., Oh, C., & Verhaal, J. C. (Forthcoming). A little birdie told me: social media, organizational legitimacy, and underpricing in initial public offerings. Information Systems Frontiers, 1–16. doi:10.1007/s10796-016-9654-x.

Miller-Merrell, J. (2012). The workplace engagement economy where HR, social, mobile, and tech collide. Employment Relations Today, 39(2), 1–9.CrossRef

Mooney, J. L., Wright Jr., H. R., & Higgins, L. N. (2010). Gen Y’s addiction to Web 2.0: problem or strategy? The Journal of Corporate Accounting & Finance, 22(1), 63–73.

Ng, B. Y., & Feng, A. E. (2006). An exploratory study on managerial security concerns in technology start-ups. In 10th Pacific Asia Conference on Information Systems, Kuala Lumpur, Malaysia, pp. 189–196.

Paliwoda, S. (1983). Predicting the future using Delphi. Management Decision, 21(1), 31–38.CrossRef

Reich, B. H., & Benbasat, I. (2000). Factors that influence the social dimension of alignment between business and information technology objectives. MIS Quarterly, 24(1), 81–113.

Rhee, H.-S., Ryu, Y. U., & Kim, C.-T. (2012). Unrealistic optimism on information security management. Computers & Security, 31, 221–232.CrossRef

Sarasohn-Kahn, J. (2008). The wisdom of patients: Health care meets online social media. Oakland, CA: California HealthCare Foundation.

Saridakis, G., Benson, V., Ezingeard, J. N., & Tennakoon, H. (2016). Individual information security, user behavior and cyber victimisation: an empirical study of social networking users. Technological Forecasting and Social Change, 102(C), 320–330.CrossRef

Schmidt, R. (1997). Managing delphi surveys using nonparametric statistical techniques. Decision Sciences, 28(3), 763–774.CrossRef

Schmidt, R., Lyytinen, K., Keil, M., & Cule, P. (2001). Identifying software project risks: an international delphi study. Journal of Management Information Systems, 17(4), 5–35.CrossRef

Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503–522.CrossRef

Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. MIS Quarterly, 22(4), 441–469.CrossRef

Tan, T., Ruighaver, T., & Ahmad, A. (2003). Incident handling: Where the need for planning is often not recognised. In 1st Australian Computer, Network & Information Forensics Conference, Perth, Western Australia.

Tapscott, D. (2008). Grown up digital: How the net generation is changing your world. New York: McGraw-Hill.

Templier, M., & Paré, G. (2015). A framework for guiding and evaluating literature reviews. Communications of the Association for Information Systems, 37(Article 6), 112–137.

Teo, T. S. H., Nishant, R., Goh, M., & Agarwal, S. (2011). Leveraging collaborative technologies to build a knowledge sharing culture at HP analytics. MIS Quarterly Executive, 10(1), 1–18.

Tsui, T. C. (2013). Experience from the anti-monopoly law decision in China (Cost and Benefit of Rule of Law). The Network: Business at Berkeley Law(April/ May).

van Zyl, A. S. (2009). The impact of social networking 2.0 on organizations. The Electronic Library, 27, 906–918.CrossRef

Viera, A. J., & Garrett, J. M. (2005). Understanding interobserver agreement: the Kappa statistic. Family Medicine, 37(5), 360–363.

Vishwanath, A. (2015). Diffusion of deception in social media: social contagion effects and its antecedents. Information Systems Frontiers, 17, 1353–1367.CrossRef

Wakunuma, K. J., & Stahl, B. C. (2014). Tomorrow’s ethics and today’s response: an investigation into the ways information systems professionals perceive and address emerging ethical issues. Information Systems Frontiers, 16, 383–397.CrossRef

Weber, R. (2012). Evaluating and developing theories in the information systems discipline. Journal of the Association for Information Systems, 13(1), 1–30.CrossRef

Wesch, M. (2008). An anthropological introduction to YouTube. In U. Library of Congress (Ed.).

Willison, R., & Backhouse, J. (2006). Opportunities for computer crime: considering systems risk from a criminological perspective. [article]. European Journal of Information Systems, 15(4), 403–414. doi:10.1057/palgrave.ejis.3000592.CrossRef

Worrell, J. L., Di Gangi, P. M., & Bush, A. A. (2013). Exploring the use of the Delphi method in accounting information systems research. International Journal of Accounting Information Systems, 14(3), 193–208.CrossRef

Yan, X., Wang, J., & Chau, M. (2015). Customer revist intention to restaurants: evidence from online reviews. Information Systems Frontiers, 17, 645–657.CrossRef

Title: What could possibly go wrong? A multi-panel Delphi study of organizational social media risk
Authors: Paul M. Di Gangi
Allen C. Johnston
James L. Worrell
Samuel C. Thompson
Publication date: 11-10-2016
Publisher: Springer US
Published in: Information Systems Frontiers / Issue 5/2018
Print ISSN: 1387-3326
Electronic ISSN: 1572-9419
DOI: https://doi.org/10.1007/s10796-016-9714-2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 5/2018

Emergency Vocabulary

Classifying and Summarizing Information from Microblogs During Epidemics

Uncovering the effect of dominant attributes on community topology: A case of facebook networks

Multimode co-clustering for analyzing terrorist networks

Exploitation of Social Media for Emergency Relief and Preparedness: Recent Research and Trends

Information Needs and Communication Gaps between Citizens and Local Governments Online during Natural Disasters

Premium Partner