Incentive Alignment and Risk Perception: An Information Security Application
| Autor: | Eugene H. Spafford, Fariborz Farahmand, Mikhail J. Atallah |
|---|---|
| Rok vydání: | 2013 |
| Předmět: |
Knowledge management
business.industry Strategy and Management media_common.quotation_subject Information security Risk perception Reward system Identification (information) Incentive Information security management Perception Electrical and Electronic Engineering business Risk management media_common |
| Zdroj: | IEEE Transactions on Engineering Management. 60:238-246 |
| ISSN: | 1558-0040 0018-9391 |
| DOI: | 10.1109/tem.2012.2185801 |
| Popis: | Technologies and procedures for effectively securing the enterprise in cyberspace exist, but are largely underdeployed. Reasons for this shortcoming include the neglect of the role of stakeholder perceptions in organizational reward systems, and misaligned incentives for effective allocation of resources. We present a methodology for practitioners to employ, with examples for identification of perverse incentives—situations where the interests of a manager or employee are not aligned with those of the organization—and for estimation of the damage caused by incentive misalignment. We present our revision to the risk perception model developed by Fischhoff and Slovic. We also present the results of our findings from our interviews of 42 information security executives across the U.S. about the role of risk perception and incentives in information security decisions. We discuss how to identify and to correct misalignments, to develop efficient incentive structures, and to include perceptual principles and security governance in making information security a property of the organizational environment. This research contributes to the practice and theory of information security, and has several implications for practitioners and researchers in the alignment of incentives and symmetrization of information across organizations. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|