Abstract
Practitioners and researchers have been working to develop information systems (IS) that are functional and yet secure from a variety of threats at a reasonable cost (Austin & Darby, 2003; Mercuri, 2003; Cavusoglu, Cavusoglu, & Raghunathan, 2004; Sipponen, 2005). Information security and ethics (ISS/E) research involves a number of diverse subjects, including networking protocols (Sedaghat, Pieprzyk, & Vossough, 2002), database management (Sarathy & Muralidhar, 2002), cryptography (Anderson, 1994), ethics (Tavani, 2004; Straub & Welke, 1998), coping with risk (Banerjee, Cronan, & Jones, 1998), end-user attitudes (Harrington, 1996), and passwords (Zviran & Haga, 1999).