This research sought to shed light on information systems security (ISS) by conceptualizing an organization's use of countermeasures using general deterrence theory, positing a non-recursive relationship between threats and countermeasures, and by extending the ISS construct developed in prior research. Industry affiliation and organizational size are considered in terms of differences in threats that firms face, the different countermeasures in use by various firms, and ultimately, how a firm's ISS effectiveness is affected. Six information systems professionals were interviewed in order to develop the appropriate instruments necessary to assess the research model put forth; the final instrument was further refined by pilot testing with the intent of further clarifying the wording and layout of the instrument. Finally, the Association of Information Technology Professionals was surveyed using an online survey. The model was assessed using SmartPLS and a two-stage least squares analysis. Results indicate that a non-recursive relationship does indeed exist between threats and countermeasures and that countermeasures can be used to effectively frame an organization's use of countermeasures. Implications for practitioners include the ability to target the use of certain countermeasures to have desired effects on both ISS effectiveness and future threats. Additionally, the model put forth in this research …

This study empirically examines the impact of IT capability on firms' performance and evaluates whether firms' IT capabilities play a role in improving employee capability, customer value, customer satisfaction, and ultimately business performance. The results were based on comparing the business performance of the IT leader companies with that of control companies of similar size and industry. The IT leader companies were selected from the Information Week 500 list published annually from 2001 to 2004. For a company to be selected as IT leaders, it needed to be listed at least twice during the period. Furthermore, it had to be listed in the American Customer Satisfaction Index (ACSI) so that its customer satisfaction level could be assessed. Standard & Poor's Compustat and the ACSI scores were used to test for changes in business performance. The study found that the IT leaders had a raw material cost measured by cost-of-goods-sold to sales ratio (COGS/S) than the control companies. However, it found no evidence that firms' IT capability affects employee capability, customer value, customer satisfaction, and profit. An important implication from this study is that IT becomes a commodity and an attempt to gain a competitive advantage by overinvesting in IT may …