Shall We Follow? Impact of Reputation Concern on Information Security Managers’ Investment Decisions
Shao, X., Siponen, M., & Liu, F. (2020). Shall We Follow? Impact of Reputation Concern on Information Security Managers’ Investment Decisions. Computers and Security, 97, Article 101961. https://doi.org/10.1016/j.cose.2020.101961
Julkaistu sarjassa
Computers and SecurityPäivämäärä
2020Tekijänoikeudet
© 2020 Elsevier Ltd. All rights reserved.
Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline practices. The present paper uses reputational herding theory to explain the decision made by infosec managers to use a “let's follow others” strategy in this context. Based on a sample of 106 organizations in Finland, we find that infosec managers’ ability to accurately predict the benefit of infosec investment, as well as their reputations, have significant effects on motivating them to discount their own information. Infosec managers’ discounting of their own information, together with the strength of information that relates to infosec investment and mandatory requirements, motivates infosec investment. Our empirical results highlight the “let's follow others” strategy as an important alternative to cost–benefit analysis in terms of budgeting for infosec investment.
...
Julkaisija
Elsevier BVISSN Hae Julkaisufoorumista
0167-4048Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/41655516
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisätietoja rahoituksesta
This work was supported by Zhishan Youth Scholar Program of Southeast University, Jiangsu Specially-Appointed Professor Program (No. 3051107219003), and National Social Science Foundation of China (No. 6614000050).Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
To Calculate or To Follow Others : How Do Information Security Managers Make Investment Decisions?
Shao, Xiuyan; Siponen, Mikko; Pahnila, Seppo (University of Hawai'i at Manoa, 2019)Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents ... -
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Organisational GDPR Investments and Impacts
Hirvonen, Pauliina (Academic Conferences International, 2023)The aim of this empirical multi-case study is to understand the GDPR investments and impacts of the organisations. Among these, the measuring experiences related to GDPR and information security (Isec), and the future ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ... -
Case study of why information security investment fail?
Toivanen, Hanna (2015)Tämä tutkielma keskittyy tietoturvainvestointien päätöksentekoprosessiin. Ta- voitteena on tutkia miksi tietoturvainvestointipäätös hylätään. Tutkimuksen teoreettinen tausta perustuu aiemmin suoritettuun tutkimukseen, mikä ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.