Unrealistic optimism on information security management

Information security is a critical issue that many firms face these days. While increasing incidents of information security breaches have generated extensive publicity, previous studies repeatedly expose low levels of managerial awareness and commitment, a key obstacle to achieving a good informati...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 31; no. 2; pp. 221 - 232
Main Authors Rhee, Hyeun-Suk, Ryu, Young U., Kim, Cheong-Tag
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.03.2012
Elsevier Sequoia S.A
Subjects
Awareness
Bias
Commitments
Computer information security
Controllability
Data integrity
Emission
Information security
Low level
Management information systems
Optimistic bias
Perceived controllability
Perception
Perceptions
Posture
Risk management
Risk perception
Security management
Studies
Optimistic bias
Risk perception
Risk management
Information security
Awareness
Perceived controllability
Online AccessGet full text
ISSN0167-4048
1872-6208
DOI10.1016/j.cose.2011.12.001

Cover

More Information
Summary:Information security is a critical issue that many firms face these days. While increasing incidents of information security breaches have generated extensive publicity, previous studies repeatedly expose low levels of managerial awareness and commitment, a key obstacle to achieving a good information security posture. The main motivation of our study emanates from this phenomenon that the increased vulnerability to information security breaches is coupled with the low level of managerial awareness and commitment regarding information security threats. We report this dissonance by addressing a cognitive bias called optimistic bias. Using a survey, we study if MIS executives are subject to such a bias in their vulnerability perceptions of information security. We find that they demonstrate optimistic bias in risk perception on information security domain. The extent of this optimistic bias is greater with a distant comparison target with fewer information sharing activities. This optimistic bias is also found to be related to perception of controllability with information security threats. In order to overcome the effects of optimistic bias, firms need more security awareness training and systematic treatments of security threats instead of relying on ad hoc approach to security measure implementation.
Bibliography:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-2
content type line 23
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2011.12.001