Table 2 Metrically measured indicators
Construct | Indicator(s) | Reference(s) |
|---|---|---|
Adoption (refl.) | Actual use | |
Use intent short-term (next 3 years) | ||
Use intent mid-term (4–7 years) | ||
Use intent long-term (≥ 7 years) | ||
Adoption (form.) | Actual use/intent of Endpoint Security applications | |
Actual use/intent of content security applications (appl.) | ||
Actual use/intent of application security applications | ||
Actual use/intent of compliance & IT security management appl. | ||
Actual use/intent identity & access management appl. | ||
Actual use/intent of managed devices applications | ||
Actual use/intent of security information & event management appl. | ||
Actual use/intent of threat & vulnerability management appl. | ||
Perceived ease of use (refl.) | General ease of use | |
Ease of learning | ||
Ease of target achievement | ||
Perceived ease of use (form.) | Ease of initial integration/deployment of the service | |
Usability of the service | ||
Ease of customizing the service | ||
Comprehensive support by service provider | ||
Perceived usefulness (refl.) | Increase in performance | |
General usefulness | ||
Increase in effectiveness | ||
Perceived cost & liquidity benefits (form.) | Reduction in costs of operation and maintenance | |
Variabilization of IT security costs | ||
Reduction in recovery costs | ||
Perceived quality benefits (form.) | Transparency & control of security department | |
Increase in organizational level of security | ||
Improvement of legal and regulative compliance | ||
Perceived flexibility benefits (form.) | Flexibility of IT and security processes | |
Flexibility of business processes | ||
Reactivity regarding security-related problems | ||
Increased focus on core business (form.) | Decrease in employee errors | |
Time savings in security management | ||
Improved resource access (form.) | Enablement of access to new technologies | |
Access to external know-how | ||
Independence from dedicated systems | ||
Trust (refl.) | Overall trust in adoption | |
Trust in certified service providers | ||
Hesitation due to uncertainty | ||
Perceived security risks (form.) | Vulnerability to unauthorized service access | |
Deficient data mitigation and security | ||
Vulnerability regarding network-based attacks | ||
Deficient service continuity | ||
Perceived strategy & compliance risks (form.) | Dependence on service providers | |
Inability to comply with obligations to produce supporting documents | ||
Non-compliance with data protection regulations | ||
Perceived social risks (form.) | Internal resistance | |
Loss of image | ||
Perceived financial & operational risks (form.) | Unexpected costs of integration | |
Deficient provider’s compliance with SLAs | ||
Attitude (refl.) | General attitude toward cloud technologies | |
Relative advantage over managed security | ||
Relative advantage over on-premises systems | ||
Strategic value of IT security (refl.) | Criticality of IT security for business | [23] |