Research Streams
My research interests center in IS security and assurance. These interests were strongly informed by my work experience as an IT security auditor for Deloitte, and have developed into three research streams. Below are summaries for each stream and published or accepted articles.
1. IS Security
    Compliance
IS security consists of a technical component and a managerial component. The technical component (including for example encryption algorithms and network firewalls) has received much research attention. However, the managerial component (including for example the implementation and oversight of IS security practices) remains largely unexamined.

The papers below examine what factors affect employees’ willingness to comply with IS security policies.

Published Research:
  1. "Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations", Mikko Siponen and Anthony Vance. Accepted to MIS Quarterly special issue "Information Systems Security in a Digital Economy", forthcoming.
  1. "What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? An Empirical Study", Liisa Myyry, Mikko Siponen, Seppo Pahnila, Tero Vartiainen, and Anthony Vance. Accepted to European Journal of Information Systems special issue "Behavioral and Policy Issues in Information Systems Security", forthcoming.
2. Trust in IS
Trust in IS is one form of information assurance, in which a person willingly becomes vulnerable to a risk because of certain safeguards. IT has great potential to act as a safeguard for trust; however, this potential has only begun to be explored in IS research.

My dissertation, entitled New Applications for Trust in Information Systems, comprises three studies (denoted with ‡ below) that examine new ways in which IS can foster trust in business transactions.

Published Research:
  1. ‡"Examining Trust in Information Technology Artifacts: The Effects of System Quality and Culture", Anthony Vance, Christophe Elie-dit-Cosaque, and Detmar Straub in Journal of Management Information Systems, Vol. 24(4), 2008, pp. 73-100.
  2. "Explaining and Predicting the Impact of Branding Alliances and Web Site Quality on Initial Consumer Trust of E-Commerce Web Sites", Paul Lowry, Anthony Vance, Greg Moody, Bryan Beckman, and Aaron Read in Journal of Management Information Systems, Vol. 24(4), 2008, pp. 201-227.
3. Internal Control
    in IS
Internal control is ensuring that management objectives are achieved. In the case of IT, internal control means that IT is designed, tested, and monitored to ensure that its use meets management objectives. Effective IS security requires internal control.

Published Research:
  1. "Extending and Using Graphical Representations of Business Processes in Evaluating Internal Control," Faye Borthick and Anthony Vance in American Accounting Association Annual Meeting, 2008.
  2. "Preparing Graphical Representations of Business Processes and Making Inferences from Them," Faye Borthick and Anthony Vance in American Accounting Association Annual Meeting, 2007.
  3. "Modeling Sarbanes-Oxley Compliance as a Knowledge-intensive Process," Anthony Vance in 40th Annual Hawai'i International Conference on System Sciences, 2007.