{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T18:44:37Z","timestamp":1773081877891,"version":"3.50.1"},"reference-count":36,"publisher":"American Accounting Association","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,6,1]]},"abstract":"ABSTRACT<\/jats:title>\n In this study we present a framework for auditing and strategizing to ensure cloud privacy. Management of cloud privacy is a problem since it continues to remain an elusive concept due to the evolving relationship between the pervasiveness of technology and its use by individuals. The Cloud Privacy Framework presented in this paper can be utilized to develop privacy audits, establish privacy practices, and help in defining privacy strategies that are in alignment with individual value systems. The paper extends the privacy objectives presented in Coss and Dhillon (2019) to define a design science-based Cloud Privacy Framework. The framework is externally evaluated, validated, and assessed by a group of information system auditors.<\/jats:p>","DOI":"10.2308\/isys-17-046","type":"journal-article","created":{"date-parts":[[2019,12,31]],"date-time":"2019-12-31T17:49:01Z","timestamp":1577814541000},"page":"47-63","source":"Crossref","is-referenced-by-count":6,"title":["A Framework for Auditing and Strategizing to Ensure Cloud Privacy"],"prefix":"10.2308","volume":"34","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7591-1499","authenticated-orcid":true,"given":"David L.","family":"Coss","sequence":"first","affiliation":[{"name":"The University of North Carolina at Greensboro"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gurpreet","family":"Dhillon","sequence":"additional","affiliation":[{"name":"The University of North Carolina at Greensboro"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1112","published-online":{"date-parts":[[2019,12,31]]},"reference":[{"key":"2024082915330741400_i1558-7959-34-2-47-Ackerman1","doi-asserted-by":"crossref","unstructured":"Ackerman,\n M.,\n \n \n Darrell\n T.,\n and\n\t\t\t\t\t\tWeitznerD. J.\n 2001.\n\t\t\t\t\tPrivacy in context.\n\t\t\t\t\tHuman-Computer Interaction16\n\t\t\t\t\t(2\/4):\n\t\t\t\t\t167\u2013176.\n\t\t\t\t\thttps:\/\/doi.org\/10.1207\/S15327051HCI16234_03","DOI":"10.1207\/S15327051HCI16234_03"},{"key":"2024082915330741400_i1558-7959-34-2-47-Arpaci1","doi-asserted-by":"crossref","unstructured":"Arpaci,\n I.,\n \n \n Kilicer\n K.,\n and\n\t\t\t\t\t\tBardakciS.\n 2015.\n\t\t\t\t\tEffects of security and privacy concerns on educational use of cloud services.\n\t\t\t\t\tComputers in Human Behavior45:\n\t\t\t\t\t93\u201398.\n\t\t\t\t\thttps:\/\/doi.org\/10.1016\/j.chb.2014.11.075","DOI":"10.1016\/j.chb.2014.11.075"},{"key":"2024082915330741400_i1558-7959-34-2-47-Bansal1","doi-asserted-by":"crossref","unstructured":"Bansal,\n G.,\n and\n\t\t\t\t\t\tZahediF. M.\n 2015.\n\t\t\t\t\tTrust violation and repair: The information privacy perspective.\n\t\t\t\t\tDecision Support Systems71:\n\t\t\t\t\t62\u201377.\n\t\t\t\t\thttps:\/\/doi.org\/10.1016\/j.dss.2015.01.009","DOI":"10.1016\/j.dss.2015.01.009"},{"key":"2024082915330741400_i1558-7959-34-2-47-Chen1","doi-asserted-by":"crossref","unstructured":"Chen,\n Z.,\n and\n\t\t\t\t\t\tYoonJ.\n 2010.\n\t\t\t\t\tIT Auditing to Assure a Secure Cloud Computing.\n\t\t\t\t\tProceedings of the 2010 6th World Congress on Services, 253\u2013259, Miami, FL, July 5\u201310.","DOI":"10.1109\/SERVICES.2010.118"},{"key":"2024082915330741400_i1558-7959-34-2-47-Cline1","unstructured":"Cline,\n J.\n \n \n 2007.\n\t\t\t\t\tMind the GAPP: Accountants bring GAAP-like principles to the privacy sphere.\n\t\t\t\t\tAvailable at: https:\/\/www.computerworld.com\/article\/2538201\/mind-the-gapp--accountants-bring-gaap-like-principles-to-the-privacy-sphere.html"},{"key":"2024082915330741400_i1558-7959-34-2-47-Coss1","doi-asserted-by":"crossref","unstructured":"Coss,\n D.,\n and\n\t\t\t\t\t\tDhillonG.\n 2019.\n\t\t\t\t\tCloud privacy objectives: A value based approach.\n\t\t\t\t\tInformation and Computer Security Journal27\n\t\t\t\t\t(2):\n\t\t\t\t\t189\u2013220.","DOI":"10.1108\/ICS-05-2017-0034"},{"key":"2024082915330741400_i1558-7959-34-2-47-Csikszentmihalyi1","unstructured":"Csikszentmihalyi,\n M.\n \n \n 1996.\n\t\t\t\t\tCreativity: Flow and Psychology of Discovery and Invention.\n\t\t\t\t\tNew York, NY:\n\t\t\t\t\tHarper Collins."},{"key":"2024082915330741400_i1558-7959-34-2-47-Davis1","doi-asserted-by":"crossref","unstructured":"Davis,\n F. D.\n \n \n 1989.\n\t\t\t\t\tPerceived usefulness, perceived ease of use, and user acceptance of information technology.\n\t\t\t\t\tMIS Quarterly13\n\t\t\t\t\t(3):\n\t\t\t\t\t319\u2013340.\n\t\t\t\t\thttps:\/\/doi.org\/10.2307\/249008","DOI":"10.2307\/249008"},{"key":"2024082915330741400_i1558-7959-34-2-47-Dhillon1","doi-asserted-by":"crossref","unstructured":"Dhillon,\n G.,\n and\n\t\t\t\t\t\tKolkowskaE.\n 2011.\n\t\t\t\t\tCan a cloud be really secure? A Socratic dialogue.\n\t\t\t\t\tInComputers, Privacy and Data Protection: An Element of Choice,\n\t\t\t\t\tedited byGutwirthS.,PoulletY.,De HertP., and\n\t\t\t\t\t\tLeenesR. ,\n\t\t\t\t\t345\u2013360.\n\t\t\t\t\tDordrecht, The Netherlands:\n\t\t\t\t\tSpringer.","DOI":"10.1007\/978-94-007-0641-5_16"},{"key":"2024082915330741400_i1558-7959-34-2-47-Doelitzscher1","doi-asserted-by":"crossref","unstructured":"Doelitzscher,\n F.,\n \n \n Reich\n C.,\n \n \n Knahl\n M.,\n and\n\t\t\t\t\t\tClarkeN.\n 2013.\n\t\t\t\t\tUnderstanding cloud audits.\n\t\t\t\t\tInPrivacy and Security for Cloud Computing,\n\t\t\t\t\t125\u2013163.\n\t\t\t\t\tLondon, U.K.:\n\t\t\t\t\tSpringer.","DOI":"10.1007\/978-1-4471-4189-1_4"},{"key":"2024082915330741400_i1558-7959-34-2-47-Geerts1","doi-asserted-by":"crossref","unstructured":"Geerts,\n G. L.\n \n \n 2011.\n\t\t\t\t\tA design science research methodology and its application to accounting information systems research.\n\t\t\t\t\tInternational Journal of Accounting Information Systems12\n\t\t\t\t\t(2):\n\t\t\t\t\t142\u2013151.\n\t\t\t\t\thttps:\/\/doi.org\/10.1016\/j.accinf.2011.02.004","DOI":"10.1016\/j.accinf.2011.02.004"},{"key":"2024082915330741400_i1558-7959-34-2-47-Gellman1","unstructured":"Gellman,\n R.\n \n \n 2009.\n\t\t\t\t\tPrivacy in the clouds: Risks to privacy and confidentiality from cloud computing.\n\t\t\t\t\tAvailable at: https:\/\/gato-docs.its.txstate.edu\/vpit-security\/policies\/WPF_Cloud_Privacy_Report.pdf"},{"key":"2024082915330741400_i1558-7959-34-2-47-Hevner1","unstructured":"Hevner,\n A. R.\n \n \n 2007.\n\t\t\t\t\tThe three cycle view of design science research.\n\t\t\t\t\tScandinavian Journal of Information Systems19\n\t\t\t\t\t(2):\n\t\t\t\t\t87\u201392."},{"key":"2024082915330741400_i1558-7959-34-2-47-Hevner2","doi-asserted-by":"crossref","unstructured":"Hevner,\n A. R.,\n \n \n March\n S. T.,\n \n \n Park\n J.,\n and\n\t\t\t\t\t\tRamS.\n 2004.\n\t\t\t\t\tDesign science in information systems research.\n\t\t\t\t\tMIS Quarterly28\n\t\t\t\t\t(1):\n\t\t\t\t\t75\u2013105.\n\t\t\t\t\thttps:\/\/doi.org\/10.2307\/25148625","DOI":"10.2307\/25148625"},{"key":"2024082915330741400_i1558-7959-34-2-47-Iivari1","unstructured":"Iivari,\n J.\n \n \n 2007.\n\t\t\t\t\tA paradigmatic analysis of information systems as a design science.\n\t\t\t\t\tScandinavian Journal of Information Systems19\n\t\t\t\t\t(2):\n\t\t\t\t\t39\u201364."},{"key":"2024082915330741400_i1558-7959-34-2-47-Jaeger1","doi-asserted-by":"crossref","unstructured":"Jaeger,\n P. T.,\n \n \n Lin\n J.,\n and\n\t\t\t\t\t\tGrimesJ. M.\n 2008.\n\t\t\t\t\tCloud computing and information policy: Computing in a policy cloud?Journal of Information Technology & Politics5\n\t\t\t\t\t(3):\n\t\t\t\t\t269\u2013283.\n\t\t\t\t\thttps:\/\/doi.org\/10.1080\/19331680802425479","DOI":"10.1080\/19331680802425479"},{"key":"2024082915330741400_i1558-7959-34-2-47-Katzan1","doi-asserted-by":"crossref","unstructured":"Katzan,\n H.,\n Jr.\n \n \n 2010.\n\t\t\t\t\tOn the privacy of cloud computing.\n\t\t\t\t\tInternational Journal of Management & Information Systems14\n\t\t\t\t\t(2).","DOI":"10.19030\/ijmis.v14i2.824"},{"key":"2024082915330741400_i1558-7959-34-2-47-Keeney1","unstructured":"Keeney,\n R. L.\n \n \n 1994.\n\t\t\t\t\tCreativity in decision making with value-focused thinking.\n\t\t\t\t\tSloan Management Review35\n\t\t\t\t\t(4):\n\t\t\t\t\t33."},{"key":"2024082915330741400_i1558-7959-34-2-47-Kitzinger1","doi-asserted-by":"crossref","unstructured":"Kitzinger,\n J.\n \n \n 1994.\n\t\t\t\t\tThe methodology of focus groups: The importance of interaction between research participants.\n\t\t\t\t\tSociology of Health & Illness16\n\t\t\t\t\t(1):\n\t\t\t\t\t103\u2013121.\n\t\t\t\t\thttps:\/\/doi.org\/10.1111\/1467-9566.ep11347023","DOI":"10.1111\/1467-9566.ep11347023"},{"key":"2024082915330741400_i1558-7959-34-2-47-Kuechler1","doi-asserted-by":"crossref","unstructured":"Kuechler,\n W.,\n and\n\t\t\t\t\t\tVaishnaviV.\n 2008.\n\t\t\t\t\tThe emergence of design research in information systems in North America.\n\t\t\t\t\tJournal of Design Research7\n\t\t\t\t\t(1):\n\t\t\t\t\t1\u201316.\n\t\t\t\t\thttps:\/\/doi.org\/10.1504\/JDR.2008.019897","DOI":"10.1504\/JDR.2008.019897"},{"key":"2024082915330741400_i1558-7959-34-2-47-March1","doi-asserted-by":"crossref","unstructured":"March,\n S. T.,\n and\n\t\t\t\t\t\tStoreyV. C.\n 2008.\n\t\t\t\t\tDesign science in the information systems discipline: An introduction to the special issue on design science research.\n\t\t\t\t\tMIS Quarterly32\n\t\t\t\t\t(4):\n\t\t\t\t\t725\u2013730.\n\t\t\t\t\thttps:\/\/doi.org\/10.2307\/25148869","DOI":"10.2307\/25148869"},{"key":"2024082915330741400_i1558-7959-34-2-47-Marshall1","doi-asserted-by":"crossref","unstructured":"Marshall,\n K.\n \n \n 1999.\n\t\t\t\t\tHas technology introduced new ethical problems?Journal of Business Ethics19\n\t\t\t\t\t(1):\n\t\t\t\t\t81\u201390.\n\t\t\t\t\thttps:\/\/doi.org\/10.1023\/A:1006154023743","DOI":"10.1023\/A:1006154023743"},{"key":"2024082915330741400_i1558-7959-34-2-47-Mell1","doi-asserted-by":"crossref","unstructured":"Mell,\n P.,\n and\n\t\t\t\t\t\tGranceT.\n 2011.\n\t\t\t\t\tThe NIST definition of cloud computing. Special Publication 800-145.\n\t\t\t\t\tAvailable at: https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-145\/final","DOI":"10.6028\/NIST.SP.800-145"},{"key":"2024082915330741400_i1558-7959-34-2-47-Nakayama1","unstructured":"Nakayama,\n M.,\n \n \n Chen\n C.,\n and\n\t\t\t\t\t\tTaylorC.\n 2017.\n\t\t\t\t\tThe effects of perceived functionality and usability on privacy and security concerns about cloud application adoptions.\n\t\t\t\t\tJournal of Information Systems Applied Research10\n\t\t\t\t\t(2):\n\t\t\t\t\t4\u201311."},{"key":"2024082915330741400_i1558-7959-34-2-47-Pearson1","doi-asserted-by":"crossref","unstructured":"Pearson,\n S.,\n and\n\t\t\t\t\t\tCharlesworthA.\n 2009.\n\t\t\t\t\tAccountability as a way forward for privacy protection in the cloud.\n\t\t\t\t\tCloud Computing5931:\n\t\t\t\t\t131\u2013144.","DOI":"10.1007\/978-3-642-10665-1_12"},{"key":"2024082915330741400_i1558-7959-34-2-47-Peffers1","doi-asserted-by":"crossref","unstructured":"Peffers,\n K.,\n \n \n Tuunanen\n T.,\n \n \n Rothenberger\n M. A.,\n and\n\t\t\t\t\t\tChatterjeeS.\n 2007.\n\t\t\t\t\tA design science research methodology for information systems research.\n\t\t\t\t\tJournal of Management Information Systems24\n\t\t\t\t\t(3):\n\t\t\t\t\t45\u201377.\n\t\t\t\t\thttps:\/\/doi.org\/10.2753\/MIS0742-1222240302","DOI":"10.2753\/MIS0742-1222240302"},{"key":"2024082915330741400_i1558-7959-34-2-47-Prosser1","doi-asserted-by":"crossref","unstructured":"Prosser,\n W.\n \n \n 1960.\n\t\t\t\t\tPrivacy.\n\t\t\t\t\tCalifornia Law Review48\n\t\t\t\t\t(3):\n\t\t\t\t\t383\u2013423.\n\t\t\t\t\thttps:\/\/doi.org\/10.2307\/3478805","DOI":"10.2307\/3478805"},{"key":"2024082915330741400_i1558-7959-34-2-47-Samonas1","unstructured":"Samonas,\n S.,\n and\n\t\t\t\t\t\tCossD.\n 2014.\n\t\t\t\t\tThe CIA strikes back: Redefining confidentiality, integrity, and availability in security.\n\t\t\t\t\tJournal of Information System Security10\n\t\t\t\t\t(2):\n\t\t\t\t\t21\u201345."},{"key":"2024082915330741400_i1558-7959-34-2-47-Schmidt1","doi-asserted-by":"crossref","unstructured":"Schmidt,\n P. J.,\n \n \n Wood\n J. T.,\n and\n\t\t\t\t\t\tGrabskiS. V.\n 2016.\n\t\t\t\t\tBusiness in the cloud: Research questions on governance, audit, and assurance.\n\t\t\t\t\tJournal of Information Systems30\n\t\t\t\t\t(3):\n\t\t\t\t\t173\u2013189.\n\t\t\t\t\thttps:\/\/doi.org\/10.2308\/isys-51494","DOI":"10.2308\/isys-51494"},{"key":"2024082915330741400_i1558-7959-34-2-47-Sidgman1","doi-asserted-by":"crossref","unstructured":"Sidgman,\n J.,\n and\n\t\t\t\t\t\tCromptonM.\n 2016.\n\t\t\t\t\tValuing personal data to foster privacy: A thought experiment and opportunities for research.\n\t\t\t\t\tJournal of Information Systems30\n\t\t\t\t\t(2):\n\t\t\t\t\t169\u2013181.\n\t\t\t\t\thttps:\/\/doi.org\/10.2308\/isys-51429","DOI":"10.2308\/isys-51429"},{"key":"2024082915330741400_i1558-7959-34-2-47-Simon1","unstructured":"Simon,\n H. A.\n \n \n 1996.\n\t\t\t\t\tThe Sciences of the Artificial.\n\t\t\t\t\t3rd edition.\n\t\t\t\t\tCambridge, MA:\n\t\t\t\t\tMIT Press."},{"key":"2024082915330741400_i1558-7959-34-2-47-Toy1","doi-asserted-by":"crossref","unstructured":"Toy,\n A.,\n and\n\t\t\t\t\t\tHayD. C.\n 2015.\n\t\t\t\t\tPrivacy auditing standards.\n\t\t\t\t\tAuditing: A Journal of Practice & Theory34\n\t\t\t\t\t(3):\n\t\t\t\t\t181\u2013199.\n\t\t\t\t\thttps:\/\/doi.org\/10.2308\/ajpt-50932","DOI":"10.2308\/ajpt-50932"},{"key":"2024082915330741400_i1558-7959-34-2-47-Tremblay1","doi-asserted-by":"crossref","unstructured":"Tremblay,\n M. C.\n \n \n ,\n \n \n Hevner\n A. R.,\n and\n\t\t\t\t\t\tBerndtD. J.\n 2010.\n\t\t\t\t\tThe use of focus groups in design science research.\n\t\t\t\t\tInDesign Research in Information Systems,\n\t\t\t\t\t121\u2013143.\n\t\t\t\t\tNew York, NY:\n\t\t\t\t\tSpringer.","DOI":"10.1007\/978-1-4419-5653-8_10"},{"key":"2024082915330741400_i1558-7959-34-2-47-Wang1","doi-asserted-by":"crossref","unstructured":"Wang,\n C.,\n \n \n Wang\n Q.,\n \n \n Ren\n K.,\n and\n\t\t\t\t\t\tLouW.\n 2010.\n\t\t\t\t\tPrivacy-Preserving Public Auditing for Data Storage Security in Cloud Computing.\n\t\t\t\t\t2010 Proceedings of IEEE INFOCOM, 1\u20139, San Diego, CA, March 14\u201319.","DOI":"10.1109\/INFCOM.2010.5462173"},{"key":"2024082915330741400_i1558-7959-34-2-47-Weiser1","doi-asserted-by":"crossref","unstructured":"Weiser,\n M.\n \n \n 1991.\n\t\t\t\t\tThe computer for the 21st Century.\n\t\t\t\t\tScientific American265\n\t\t\t\t\t(3):\n\t\t\t\t\t94\u2013104.\n\t\t\t\t\thttps:\/\/doi.org\/10.1038\/scientificamerican0991-94","DOI":"10.1038\/scientificamerican0991-94"},{"key":"2024082915330741400_i1558-7959-34-2-47-Zhou1","doi-asserted-by":"crossref","unstructured":"Zhou,\n M.,\n \n \n Zhang\n R.,\n \n \n Xie\n W.,\n \n \n Qian\n W.,\n and\n\t\t\t\t\t\tZhouA.\n 2010.\n\t\t\t\t\tSecurity and Privacy in Cloud Computing: A Survey.\n\t\t\t\t\tProceedings of the 2010 Sixth International Conference on Semantics, Knowledge and Grids (SKG), 105\u2013112, Beijing, China, November 1\u20133.","DOI":"10.1109\/SKG.2010.19"}],"container-title":["Journal of Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/34\/2\/47\/9511\/i1558-7959-34-2-47.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/34\/2\/47\/9511\/i1558-7959-34-2-47.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T17:14:12Z","timestamp":1724951652000},"score":1,"resource":{"primary":{"URL":"https:\/\/publications.aaahq.org\/jis\/article\/34\/2\/47\/1159\/A-Framework-for-Auditing-and-Strategizing-to"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12,31]]},"references-count":36,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2019,12,31]]},"published-print":{"date-parts":[[2020,6,1]]}},"URL":"https:\/\/doi.org\/10.2308\/isys-17-046","relation":{},"ISSN":["1558-7959","0888-7985"],"issn-type":[{"value":"1558-7959","type":"electronic"},{"value":"0888-7985","type":"print"}],"subject":[],"published":{"date-parts":[[2019,12,31]]}}}