Unrealistic optimism on information security management

Information security is a critical issue that many firms face these days. While increasing incidents of information security breaches have generated extensive publicity, previous studies repeatedly expose low levels of managerial awareness and commitment, a key obstacle to achieving a good informati...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 31; no. 2; pp. 221 - 232
Main Authors Rhee, Hyeun-Suk, Ryu, Young U., Kim, Cheong-Tag
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.03.2012
Elsevier Sequoia S.A
Subjects
Awareness
Bias
Commitments
Computer information security
Controllability
Data integrity
Emission
Information security
Low level
Management information systems
Optimistic bias
Perceived controllability
Perception
Perceptions
Posture
Risk management
Risk perception
Security management
Studies
Optimistic bias
Risk perception
Risk management
Information security
Awareness
Perceived controllability
Online AccessGet full text
ISSN0167-4048
1872-6208
DOI10.1016/j.cose.2011.12.001

Cover

Abstract Information security is a critical issue that many firms face these days. While increasing incidents of information security breaches have generated extensive publicity, previous studies repeatedly expose low levels of managerial awareness and commitment, a key obstacle to achieving a good information security posture. The main motivation of our study emanates from this phenomenon that the increased vulnerability to information security breaches is coupled with the low level of managerial awareness and commitment regarding information security threats. We report this dissonance by addressing a cognitive bias called optimistic bias. Using a survey, we study if MIS executives are subject to such a bias in their vulnerability perceptions of information security. We find that they demonstrate optimistic bias in risk perception on information security domain. The extent of this optimistic bias is greater with a distant comparison target with fewer information sharing activities. This optimistic bias is also found to be related to perception of controllability with information security threats. In order to overcome the effects of optimistic bias, firms need more security awareness training and systematic treatments of security threats instead of relying on ad hoc approach to security measure implementation.
AbstractList Information security is a critical issue that many firms face these days. While increasing incidents of information security breaches have generated extensive publicity, previous studies repeatedly expose low levels of managerial awareness and commitment, a key obstacle to achieving a good information security posture. The main motivation of our study emanates from this phenomenon that the increased vulnerability to information security breaches is coupled with the low level of managerial awareness and commitment regarding information security threats. We report this dissonance by addressing a cognitive bias called optimistic bias. Using a survey, we study if MIS executives are subject to such a bias in their vulnerability perceptions of information security. We find that they demonstrate optimistic bias in risk perception on information security domain. The extent of this optimistic bias is greater with a distant comparison target with fewer information sharing activities. This optimistic bias is also found to be related to perception of controllability with information security threats. In order to overcome the effects of optimistic bias, firms need more security awareness training and systematic treatments of security threats instead of relying on ad hoc approach to security measure implementation.
Information security is a critical issue that many firms face these days. While increasing incidents of information security breaches have generated extensive publicity, previous studies repeatedly expose low levels of managerial awareness and commitment, a key obstacle to achieving a good information security posture. The main motivation of our study emanates from this phenomenon that the increased vulnerability to information security breaches is coupled with the low level of managerial awareness and commitment regarding information security threats. We report this dissonance by addressing a cognitive bias called optimistic bias. Using a survey, we study if MIS executives are subject to such a bias in their vulnerability perceptions of information security. We find that they demonstrate optimistic bias in risk perception on information security domain. The extent of this optimistic bias is greater with a distant comparison target with fewer information sharing activities. This optimistic bias is also found to be related to perception of controllability with information security threats. In order to overcome the effects of optimistic bias, firms need more security awareness training and systematic treatments of security threats instead of relying on ad hoc approach to security measure implementation. [PUBLICATION ABSTRACT]
Author Ryu, Young U.
Kim, Cheong-Tag
Rhee, Hyeun-Suk
Author_xml – sequence: 1
  givenname: Hyeun-Suk
  surname: Rhee
  fullname: Rhee, Hyeun-Suk
  email: sukrhee@gmail.com
  organization: United Nations – Asian and Pacific Training Centre for Information and Communication Technology for Development (UN-APCICT), 7-50 Songdo-dong, Yeonsu-gu, Incheon, South Korea
– sequence: 2
  givenname: Young U.
  surname: Ryu
  fullname: Ryu, Young U.
  email: ryoung@utdallas.edu
  organization: School of Management, The University of Texas at Dallas, Mail Stop SM 33, 800 W. Campbell Rd., Richardson, TX 75090-3021, United States
– sequence: 3
  givenname: Cheong-Tag
  surname: Kim
  fullname: Kim, Cheong-Tag
  email: ctkim@snu.ac.kr
  organization: Department of Psychology, School of Social Science, Seoul National University, 599 Gwanak-ro, Gwanak-gu, Seoul 151-742, South Korea
BookMark eNp9kD1PwzAQhi1UJNrCH2CqmFgSbMdxHIkFVXxJlVjobDnOBblK7GI7SP33OJSpQ6e74Xle3b0LNLPOAkK3BOcEE_6wy7ULkFNMSE5ojjG5QHMiKppxisUMzRNUZQwzcYUWIewSUHEh5qjaWg-qNyEavXL7aAYThpWzK2M75wcVTdoD6NGbeFgNyqovGMDGa3TZqT7Azf9cou3L8-f6Ldt8vL6vnzaZLjiOWY27gqim5aXu0qq00g1rSNVUpCaYtxwLohhWjFasKcu6qBlXLaNF3QisOS6W6P6Yu_fue4QQZTpQQ98rC24MMn1fcyZYOaF3J-jOjd6m62RNC8poaiJB4ghp70Lw0Elt4t-X0SvTp7wpksudnAqVU6GSUJn6Sio9UffeDMofzkuPRwlSST8GvAzagNXQGg86ytaZc_ov6KSQNA
CODEN CPSEDU
CitedBy_id crossref_primary_10_1108_ICS_02_2023_0023
crossref_primary_10_1016_j_chb_2021_106791
crossref_primary_10_1108_ICS_06_2017_0042
crossref_primary_10_1145_3462766_3462770
crossref_primary_10_1080_08874417_2020_1864680
crossref_primary_10_1108_TG_11_2019_0112
crossref_primary_10_4018_IJSITA_2018070103
crossref_primary_10_1080_08874417_2015_11645769
crossref_primary_10_1016_j_indmarman_2023_04_001
crossref_primary_10_1016_j_chb_2017_10_007
crossref_primary_10_1108_IMCS_07_2013_0053
crossref_primary_10_1080_0144929X_2023_2230305
crossref_primary_10_1108_INTR_04_2022_0238
crossref_primary_10_12677_AP_2022_123100
crossref_primary_10_3790_zverswiss_2024_1430701
crossref_primary_10_4236_jis_2023_142007
crossref_primary_10_1016_j_cose_2023_103099
crossref_primary_10_1016_j_actpsy_2023_103990
crossref_primary_10_1016_j_im_2023_103753
crossref_primary_10_1007_s11573_020_00972_4
crossref_primary_10_1016_j_cose_2021_102403
crossref_primary_10_1080_08874417_2019_1650676
crossref_primary_10_1007_s13369_020_04524_4
crossref_primary_10_1016_j_tifs_2020_11_017
crossref_primary_10_4018_JCIT_2018070104
crossref_primary_10_1108_JEIM_06_2018_0110
crossref_primary_10_1108_ICS_08_2017_0058
crossref_primary_10_1016_j_cose_2015_04_006
crossref_primary_10_62273_TRBS2965
crossref_primary_10_2753_MIS0742_1222300202
crossref_primary_10_1108_ICS_09_2018_0106
crossref_primary_10_1016_j_cose_2022_103046
crossref_primary_10_1016_j_chb_2017_05_038
crossref_primary_10_1109_ACCESS_2021_3122433
crossref_primary_10_1145_3210530_3210538
crossref_primary_10_1093_cybsec_tyad018
crossref_primary_10_1016_j_cose_2014_10_007
crossref_primary_10_1016_j_ssci_2021_105240
crossref_primary_10_1108_ICS_12_2018_0138
crossref_primary_10_1016_j_ijcip_2015_12_003
crossref_primary_10_1016_j_cose_2023_103249
crossref_primary_10_1142_S0219622015500364
crossref_primary_10_1371_journal_pone_0238739
crossref_primary_10_3182_20130606_3_XK_4037_00045
crossref_primary_10_1002_hbe2_312
crossref_primary_10_4018_IJSSE_2017100101
crossref_primary_10_1108_ICS_09_2015_0041
crossref_primary_10_1109_ACCESS_2023_3243183
crossref_primary_10_1108_IMDS_08_2024_0752
crossref_primary_10_1109_MITP_2016_27
crossref_primary_10_1007_s10796_016_9714_2
crossref_primary_10_1016_j_ijinfomgt_2015_11_009
crossref_primary_10_1016_j_cose_2024_103812
crossref_primary_10_1093_cybsec_tyaf005
crossref_primary_10_2139_ssrn_4170550
crossref_primary_10_1016_j_cose_2016_05_004
crossref_primary_10_1016_j_cose_2014_05_003
crossref_primary_10_1108_ITP_09_2019_0458
crossref_primary_10_1080_08874417_2019_1697860
crossref_primary_10_1016_j_martra_2022_100065
crossref_primary_10_1371_journal_pone_0163050
crossref_primary_10_4018_IJISP_291702
Cites_doi 10.1046/j.1365-2575.2001.00099.x
10.1111/j.1559-1816.1993.tb01088.x
10.1037/0033-2909.84.5.888
10.1007/BF03394867
10.2307/249574
10.1080/08870449408407475
10.1037/0022-3514.39.5.806
10.2307/2667105
10.1108/09685220010371394
10.1037/0033-2909.90.2.245
10.1521/jscp.1996.15.1.9
10.1016/S0167-4048(02)00504-7
10.1177/0146167284103006
10.1257/jep.11.1.109
10.1037/0022-3514.43.1.5
10.1037/0022-3514.58.3.472
10.1287/isre.1.3.255
10.1016/0378-7206(91)90024-V
10.2307/249551
10.1037/0022-3514.65.4.781
10.1037/0022-3514.67.3.366
10.1177/001872675400700202
10.1111/j.2044-8295.1993.tb02461.x
10.1080/09654310701747936
10.1037/0022-3514.68.5.804
10.2307/3151718
10.1287/mnsc.36.4.422
10.1037/0022-3514.50.3.502
10.2307/249452
10.1207/S15324834BASP2104_4
10.1016/0883-9026(88)90020-1
10.1521/jscp.1996.15.1.53
10.1111/j.1559-1816.1996.tb01778.x
10.1023/A:1024119208153
10.1086/468160
10.1086/467732
10.5465/AMJ.2005.17843947
10.1037/h0076486
10.1287/mnsc.33.11.1404
10.1037/0033-2909.106.2.231
10.1016/0001-4575(89)90024-9
10.1177/0146167291175001
10.1037/0022-3514.32.2.311
10.1007/BF00846146
10.1016/S0167-4048(00)04021-9
10.1521/soco.1986.4.4.353
10.1080/0887044022000004920
10.1111/j.1467-6494.1995.tb00315.x
10.1521/jscp.1996.15.1.1
10.1111/j.2044-8309.1994.tb01035.x
10.1111/0272-4332.204041
10.1207/S15327957PSPR0501_5
10.2307/2685844
10.1016/0001-6918(92)90054-H
ContentType Journal Article
Copyright 2011 Elsevier Ltd
Copyright Elsevier Sequoia S.A. Mar 2012
Copyright_xml – notice: 2011 Elsevier Ltd
– notice: Copyright Elsevier Sequoia S.A. Mar 2012
DBID AAYXX
CITATION
7SC
8FD
JQ2
K7.
L7M
L~C
L~D
DOI 10.1016/j.cose.2011.12.001
DatabaseName CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
ProQuest Criminal Justice (Alumni)
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
ProQuest Criminal Justice (Alumni)
Technology Research Database
Computer and Information Systems Abstracts – Academic
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
DatabaseTitleList
ProQuest Criminal Justice (Alumni)
Computer and Information Systems Abstracts
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1872-6208
EndPage 232
ExternalDocumentID 2593947851
10_1016_j_cose_2011_12_001
S0167404811001441
Genre Feature
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1RT
1~.
1~5
29F
4.4
457
4G.
5GY
5VS
7-5
71M
8P~
9JN
AACTN
AAEDT
AAEDW
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
ABBOA
ABFSI
ABMAC
ABXDB
ABYKQ
ACDAQ
ACGFO
ACGFS
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADHUB
ADJOM
ADMUD
AEBSH
AEKER
AENEX
AFFNX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
E.L
EBS
EFJIC
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-2
G-Q
GBLVA
GBOLZ
HLX
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG8
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RIG
RNS
ROL
RPZ
RXW
SBC
SBM
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TAE
TN5
TWZ
WH7
WUQ
XJE
XPP
XSW
YK3
ZMT
~G-
AATTM
AAXKI
AAYWO
AAYXX
ABJNI
ABWVN
ACRPL
ACVFH
ADCNI
ADNMO
AEIPS
AEUPX
AFJKZ
AFPUW
AFXIZ
AGCQF
AGQPQ
AGRNS
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
BNPGV
CITATION
SSH
7SC
8FD
EFKBS
JQ2
K7.
L7M
L~C
L~D
ID FETCH-LOGICAL-c360t-90f31abd65cf0f3acacb4b17b719106d6081a40a4274b5593946ad4239b80c603
IEDL.DBID AIKHN
ISSN 0167-4048
IngestDate Thu Sep 04 22:15:19 EDT 2025
Mon Jul 14 07:39:23 EDT 2025
Tue Jul 01 03:48:11 EDT 2025
Thu Apr 24 22:51:07 EDT 2025
Fri Feb 23 02:20:12 EST 2024
IsPeerReviewed true
IsScholarly true
Issue 2
Keywords Optimistic bias
Risk perception
Risk management
Information security
Awareness
Perceived controllability
Language English
License https://www.elsevier.com/tdm/userlicense/1.0
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c360t-90f31abd65cf0f3acacb4b17b719106d6081a40a4274b5593946ad4239b80c603
Notes SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-2
content type line 23
PQID 923242208
PQPubID 46289
PageCount 12
ParticipantIDs proquest_miscellaneous_1019648450
proquest_journals_923242208
crossref_citationtrail_10_1016_j_cose_2011_12_001
crossref_primary_10_1016_j_cose_2011_12_001
elsevier_sciencedirect_doi_10_1016_j_cose_2011_12_001
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate March 2012
2012-3-00
20120301
PublicationDateYYYYMMDD 2012-03-01
PublicationDate_xml – month: 03
  year: 2012
  text: March 2012
PublicationDecade 2010
PublicationPlace Amsterdam
PublicationPlace_xml – name: Amsterdam
PublicationTitle Computers & security
PublicationYear 2012
Publisher Elsevier Ltd
Elsevier Sequoia S.A
Publisher_xml – name: Elsevier Ltd
– name: Elsevier Sequoia S.A
References Buehler, Griffin, Ross (bib19) 1994; 67
Patrick, Skinner, Connell (bib69) 1993; 65
Tajfel, Turner (bib83) 1986
McKenna (bib61) 1993; 84
Power (bib71) 2001; 7
Bandura, Reese, Adams (bib12) 1982; 43
Nosworthy (bib66) 2000; 19
Harris (bib39) 1996; 15
Straub (bib80) 1990; 1
Armitage, Conner, Loach, Willerts (bib9) 1999; 21
Brown (bib17) 1986; 4
Hoorens, Buunk (bib44) 1993; 23
Klein, Helweg-Larsen (bib48) 2002; 17
Babcock, Loewenstein (bib11) 1997; 11
Weinstein (bib87) 1987; 10
Ajzen, Fishbein (bib5) 1977; 84
CERT (bib21) 2002
Harris, Middleton (bib40) 1994; 33
Will (bib89) 1981; 90
Efron, Gong (bib28) 1983; 37
Adams (bib1) 1999
Laplace (bib51) 1951
Chin (bib22) 1998
Suarez (bib82) 2005; 48
(bib73) 2009
Hoorens (bib43) 1996; 15
Baron, Hershey, Kunreuther (bib13) 2000; 20
Schwarzer (bib76) 1994; 9
Niederman, Brancheau, Wetherbe (bib65) 1991; 14
Straub, Welke (bib81) 1998; 22
Wood (bib90) 1989; 106
DTI (bib26) 2004
Scarfone, Souppaya, Cody, Orebaugh (bib75) 2008
ISO (bib45) 2005
Loewenstein, Issacharoff, Camerer, Babcock (bib54) 1993; 22
Lohmoller (bib55) 1986
Helweg-Larsen, Shepperd (bib41) 2001; 5
MacCrimmon, Wehrung (bib58) 1990; 36
Langer (bib50) 1975; 32
Rothman, Klein, Weinstein (bib74) 1996; 26
Dhillon, Backhouse (bib25) 2001; 11
March, Shapira (bib59) 1987; 33
GAO (bib36) 1999
Smith (bib79) 1989; 11
Ozer, Bandura (bib68) 1990; 58
Zakay (bib91) 1984; 34
Armstrong, Overton (bib10) 1977; 51
Loch, Carr, Warkentin (bib53) 1992; 16
Skinner (bib78) 1995
Kankanhalli, Teo, Tan, Wei (bib47) 1996; 12
Flyvbjerg (bib33) 2004
Mitnick, Simon (bib64) 2002
Wayment, Taylor (bib85) 1995; 63
Baskerville (bib14) 1989
Kahneman, Tversky (bib46) 1979; vol. 12
Miller, Ross (bib62) 1975; 82
Camp, Wolfram (bib20) 2000
Ernst & Young (bib30) 2004
Otten, van der Pligt (bib67) 1992; 80
Ahuja (bib2) 2000; 45
Brewer (bib16) 1991; 17
Dutta, Roy (bib27) 2003
Weinstein (bib86) 1980; 39
Mitnick (bib63) 2003; 81
Ajzen (bib4) 2002/2006
Goodhue, Straub (bib37) 1991; 20
Applied Computer Research, Inc. (bib7) 2004
Weinstein, Klein (bib88) 1996; 15
Perloff, Fetzer (bib70) 1986; 50
Cooper, Woo, Dunkelberg (bib23) 1988; 3
Lovallo, Kahneman (bib57) 2003; 81
DeJoy (bib24) 1989; 21
Hair, Anderson, Tatham, Black (bib38) 1998
Festinger (bib31) 1954; 7
Masters, Keil (bib60) 1987
Levine, Green (bib52) 1984; 10
Fornell, Bookstein (bib32) 1982; 19
Flyvbjerg (bib34) 2008; 16
GAO (bib35) 1998
Hone, Eloff (bib42) 2002; 21
Erenberg (bib29) 2005
Alicke, Klotz, Breitenbecher, Yurak, Vredenburg (bib3) 1995; 68
Becker, Rosenstock (bib15) 1987; 2
Varian (bib84) 2002
Priest, Klein (bib72) 1984; 13
Applied Computer Research, Inc. (bib8) 2004
AOL/NCSA (bib6) 2004
Lohmoller (bib56) 1989
Kunreuther, Heal (bib49) 2003; 26
Siponen (bib77) 2000; 8
Hair (10.1016/j.cose.2011.12.001_bib38) 1998
Smith (10.1016/j.cose.2011.12.001_bib79) 1989; 11
Kankanhalli (10.1016/j.cose.2011.12.001_bib47) 1996; 12
Dhillon (10.1016/j.cose.2011.12.001_bib25) 2001; 11
Skinner (10.1016/j.cose.2011.12.001_bib78) 1995
Loch (10.1016/j.cose.2011.12.001_bib53) 1992; 16
Helweg-Larsen (10.1016/j.cose.2011.12.001_bib41) 2001; 5
ISO (10.1016/j.cose.2011.12.001_bib45) 2005
Ajzen (10.1016/j.cose.2011.12.001_bib4) 2002
Camp (10.1016/j.cose.2011.12.001_bib20) 2000
Harris (10.1016/j.cose.2011.12.001_bib40) 1994; 33
McKenna (10.1016/j.cose.2011.12.001_bib61) 1993; 84
Rothman (10.1016/j.cose.2011.12.001_bib74) 1996; 26
Lohmoller (10.1016/j.cose.2011.12.001_bib55) 1986
Flyvbjerg (10.1016/j.cose.2011.12.001_bib33) 2004
Brewer (10.1016/j.cose.2011.12.001_bib16) 1991; 17
Goodhue (10.1016/j.cose.2011.12.001_bib37) 1991; 20
Siponen (10.1016/j.cose.2011.12.001_bib77) 2000; 8
Fornell (10.1016/j.cose.2011.12.001_bib32) 1982; 19
Ozer (10.1016/j.cose.2011.12.001_bib68) 1990; 58
Straub (10.1016/j.cose.2011.12.001_bib81) 1998; 22
Buehler (10.1016/j.cose.2011.12.001_bib19) 1994; 67
Power (10.1016/j.cose.2011.12.001_bib71) 2001; 7
Hoorens (10.1016/j.cose.2011.12.001_bib43) 1996; 15
Niederman (10.1016/j.cose.2011.12.001_bib65) 1991; 14
Tajfel (10.1016/j.cose.2011.12.001_bib83) 1986
Chin (10.1016/j.cose.2011.12.001_bib22) 1998
Armstrong (10.1016/j.cose.2011.12.001_bib10) 1977; 51
Hoorens (10.1016/j.cose.2011.12.001_bib44) 1993; 23
Weinstein (10.1016/j.cose.2011.12.001_bib87) 1987; 10
Kunreuther (10.1016/j.cose.2011.12.001_bib49) 2003; 26
Dutta (10.1016/j.cose.2011.12.001_bib27) 2003
Scarfone (10.1016/j.cose.2011.12.001_bib75) 2008
Babcock (10.1016/j.cose.2011.12.001_bib11) 1997; 11
Alicke (10.1016/j.cose.2011.12.001_bib3) 1995; 68
GAO (10.1016/j.cose.2011.12.001_bib35) 1998
Suarez (10.1016/j.cose.2011.12.001_bib82) 2005; 48
Priest (10.1016/j.cose.2011.12.001_bib72) 1984; 13
Bandura (10.1016/j.cose.2011.12.001_bib12) 1982; 43
Levine (10.1016/j.cose.2011.12.001_bib52) 1984; 10
Ernst & Young (10.1016/j.cose.2011.12.001_bib30) 2004
Patrick (10.1016/j.cose.2011.12.001_bib69) 1993; 65
Weinstein (10.1016/j.cose.2011.12.001_bib88) 1996; 15
Langer (10.1016/j.cose.2011.12.001_bib50) 1975; 32
Armitage (10.1016/j.cose.2011.12.001_bib9) 1999; 21
Ajzen (10.1016/j.cose.2011.12.001_bib5) 1977; 84
Harris (10.1016/j.cose.2011.12.001_bib39) 1996; 15
Efron (10.1016/j.cose.2011.12.001_bib28) 1983; 37
Zakay (10.1016/j.cose.2011.12.001_bib91) 1984; 34
Applied Computer Research, Inc. (10.1016/j.cose.2011.12.001_bib8) 2004
Nosworthy (10.1016/j.cose.2011.12.001_bib66) 2000; 19
Varian (10.1016/j.cose.2011.12.001_bib84) 2002
Miller (10.1016/j.cose.2011.12.001_bib62) 1975; 82
AOL/NCSA (10.1016/j.cose.2011.12.001_bib6) 2004
(10.1016/j.cose.2011.12.001_bib73) 2009
GAO (10.1016/j.cose.2011.12.001_bib36) 1999
Kahneman (10.1016/j.cose.2011.12.001_bib46) 1979; vol. 12
Loewenstein (10.1016/j.cose.2011.12.001_bib54) 1993; 22
Ahuja (10.1016/j.cose.2011.12.001_bib2) 2000; 45
Hone (10.1016/j.cose.2011.12.001_bib42) 2002; 21
Adams (10.1016/j.cose.2011.12.001_bib1) 1999
DTI (10.1016/j.cose.2011.12.001_bib26) 2004
MacCrimmon (10.1016/j.cose.2011.12.001_bib58) 1990; 36
Erenberg (10.1016/j.cose.2011.12.001_bib29) 2005
Baskerville (10.1016/j.cose.2011.12.001_bib14) 1989
Mitnick (10.1016/j.cose.2011.12.001_bib64) 2002
Otten (10.1016/j.cose.2011.12.001_bib67) 1992; 80
Perloff (10.1016/j.cose.2011.12.001_bib70) 1986; 50
Wood (10.1016/j.cose.2011.12.001_bib90) 1989; 106
Festinger (10.1016/j.cose.2011.12.001_bib31) 1954; 7
Masters (10.1016/j.cose.2011.12.001_bib60) 1987
Brown (10.1016/j.cose.2011.12.001_bib17) 1986; 4
Becker (10.1016/j.cose.2011.12.001_bib15) 1987; 2
Klein (10.1016/j.cose.2011.12.001_bib48) 2002; 17
March (10.1016/j.cose.2011.12.001_bib59) 1987; 33
Mitnick (10.1016/j.cose.2011.12.001_bib63) 2003; 81
DeJoy (10.1016/j.cose.2011.12.001_bib24) 1989; 21
Wayment (10.1016/j.cose.2011.12.001_bib85) 1995; 63
Lohmoller (10.1016/j.cose.2011.12.001_bib56) 1989
Weinstein (10.1016/j.cose.2011.12.001_bib86) 1980; 39
Cooper (10.1016/j.cose.2011.12.001_bib23) 1988; 3
Applied Computer Research, Inc. (10.1016/j.cose.2011.12.001_bib7) 2004
Laplace (10.1016/j.cose.2011.12.001_bib51) 1951
Will (10.1016/j.cose.2011.12.001_bib89) 1981; 90
Flyvbjerg (10.1016/j.cose.2011.12.001_bib34) 2008; 16
Lovallo (10.1016/j.cose.2011.12.001_bib57) 2003; 81
CERT (10.1016/j.cose.2011.12.001_bib21) 2002
Straub (10.1016/j.cose.2011.12.001_bib80) 1990; 1
Baron (10.1016/j.cose.2011.12.001_bib13) 2000; 20
Schwarzer (10.1016/j.cose.2011.12.001_bib76) 1994; 9
References_xml – volume: 20
  start-page: 413
  year: 2000
  end-page: 427
  ident: bib13
  article-title: Determinants of priority for risk reduction: the role of worry
  publication-title: Risk Analysis
– volume: 10
  start-page: 481
  year: 1987
  end-page: 500
  ident: bib87
  article-title: Unrealistic optimism about susceptibility to health problems: conclusions from a community-wide sample
  publication-title: Journal of Behavioral Medicine
– volume: vol. 12
  start-page: 313
  year: 1979
  end-page: 327
  ident: bib46
  article-title: Intuitive prediction: biases and corrective procedures
  publication-title: Forecasting: TIMS studies in management Science
– volume: 11
  start-page: 109
  year: 1997
  end-page: 126
  ident: bib11
  article-title: Explaining bargaining impasse: the role of self-serving biases
  publication-title: The Journal of Economic Perspectives
– year: 2004
  ident: bib30
  article-title: Global information security survey 2004
– year: 1998
  ident: bib35
  article-title: Information security management: learning from leading organizations
– volume: 19
  start-page: 337
  year: 2000
  ident: bib66
  article-title: Implementing information security in the 21st century: do you have the balancing factors?
  publication-title: Computers and Security
– volume: 84
  start-page: 39
  year: 1993
  end-page: 50
  ident: bib61
  article-title: It won’t happen to me: unrealistic optimism or illusion of control?
  publication-title: British Journal of Psychology
– volume: 34
  start-page: 233
  year: 1984
  end-page: 240
  ident: bib91
  article-title: The influence of a perceived event’s controllability on its subjective occurrence probability
  publication-title: The Psychological Record
– year: 2002
  ident: bib21
  article-title: Home computer security
– volume: 16
  start-page: 173
  year: 1992
  end-page: 186
  ident: bib53
  article-title: Threats to information systems: today’s reality, yesterday’s understanding
  publication-title: MIS Quarterly
– volume: 22
  start-page: 441
  year: 1998
  end-page: 469
  ident: bib81
  article-title: Coping with systems risk: security planning models for management decision making
  publication-title: MIS Quarterly
– year: 2005
  ident: bib29
  article-title: What type of disputes are best suited for alternative dispute resolution—an analysis in the space of the odds of litigation
  publication-title: Proceedings of the Fourth Annual Meetings of Israeli Law & Economics Association (ILEA)
– volume: 67
  start-page: 366
  year: 1994
  end-page: 381
  ident: bib19
  article-title: Exploring the “planning fallacy”: why people underestimate their task completion time
  publication-title: Journal of Personality and Social Psychology
– volume: 5
  start-page: 74
  year: 2001
  end-page: 95
  ident: bib41
  article-title: Do moderators of the optimistic bias affect personal or target risk estimates? A review of the literature
  publication-title: Personality and Social Psychology Review
– year: 1989
  ident: bib56
  article-title: Latent variable path modeling with partial least squares
– volume: 68
  start-page: 804
  year: 1995
  end-page: 825
  ident: bib3
  article-title: Personal contact, individuation, and the better-than-average effect
  publication-title: Journal of Personality and Social Psychology
– year: 2002/2006
  ident: bib4
  article-title: Constructing a TpB questionnaire: conceptual and methodological considerations
– year: 1999
  ident: bib36
  article-title: Information security risk assessment: practice of leading organizations
– volume: 65
  start-page: 781
  year: 1993
  end-page: 791
  ident: bib69
  article-title: What motivates children’s behavior and emotion? The joint effects of perceived control and autonomy in the academic domain
  publication-title: Journal of Personality and Social Psychology
– volume: 26
  start-page: 1213
  year: 1996
  end-page: 1236
  ident: bib74
  article-title: Absolute and relative biases in estimations of personal risk
  publication-title: Journal of Applied Social Psychology
– volume: 17
  start-page: 475
  year: 1991
  end-page: 482
  ident: bib16
  article-title: The social self: on being the same and different at the same time
  publication-title: Personality and Social Psychology Bulletin
– volume: 11
  start-page: 127
  year: 2001
  end-page: 153
  ident: bib25
  article-title: Current directions in IS security research: toward socio-organizational perspectives
  publication-title: Information Systems Journal
– year: 2004
  ident: bib33
  article-title: Procedures for dealing with Optimism Bias in Transport Planning: Guidance Document
– volume: 10
  start-page: 385
  year: 1984
  end-page: 393
  ident: bib52
  article-title: Acquisition of relative performance information: the roles of intrapersonal and interpersonal comparison
  publication-title: Personality and Social Psychology Bulletin
– volume: 23
  start-page: 291
  year: 1993
  end-page: 302
  ident: bib44
  article-title: Social comparison of health risks: locus of control, the person-positivity bias, and unrealistic optimism
  publication-title: Journal of Applied Social Psychology
– volume: 80
  start-page: 325
  year: 1992
  end-page: 346
  ident: bib67
  article-title: Risk and behavior: the mediating role of risk appraisal
  publication-title: Acta Psychologica
– volume: 43
  start-page: 5
  year: 1982
  end-page: 21
  ident: bib12
  article-title: Microanalysis and fear arousal as a function of differential levels of perceived self-efficacy
  publication-title: Journal of Personality and Social Psychology
– volume: 4
  start-page: 353
  year: 1986
  end-page: 376
  ident: bib17
  article-title: Evaluations of self and others: self enhancement biases in social judgments
  publication-title: Social Cognition
– volume: 51
  start-page: 71
  year: 1977
  end-page: 86
  ident: bib10
  article-title: Estimating non-response bias in mail surveys
  publication-title: Journal of Marketing
– volume: 63
  start-page: 329
  year: 1995
  end-page: 357
  ident: bib85
  article-title: Self evaluation processes: motives, information use, and self-esteem
  publication-title: Journal of Personality
– year: 1999
  ident: bib1
  article-title: Cars, cholera, and cows: the management of risk and uncertainty
– year: 2005
  ident: bib45
  article-title: Information technology—security techniques—code of practice for information security management
– volume: 15
  start-page: 53
  year: 1996
  end-page: 67
  ident: bib43
  article-title: Self-favoring biases for positive and negative characteristics: independent phenomena?
  publication-title: Journal of Social and Clinical Psychology
– volume: 82
  start-page: 213
  year: 1975
  end-page: 225
  ident: bib62
  article-title: Self-serving biases in attribution of causality: fact or fiction?
  publication-title: Psychological Bulletin
– volume: 14
  start-page: 475
  year: 1991
  end-page: 500
  ident: bib65
  article-title: Information systems management issues for the 1990s
  publication-title: MIS Quarterly
– year: 1995
  ident: bib78
  article-title: Perceived control, motivation, and coping
– year: 2009
  ident: bib73
  article-title: NIST. Recommended security controls for federal information systems and organizations
– volume: 84
  start-page: 888
  year: 1977
  end-page: 918
  ident: bib5
  article-title: Attitude-behavior relations: a theoretical analysis and review of empirical research
  publication-title: Psychological Bulletin
– volume: 19
  start-page: 440
  year: 1982
  end-page: 452
  ident: bib32
  article-title: Two structural equation models: LISREL and PLS applied to consumer exit-voice theory
  publication-title: Journal of Marketing Research
– volume: 33
  start-page: 319
  year: 1994
  end-page: 386
  ident: bib40
  article-title: The illusion of control and optimism about health: on being less at risk but no more in control than others
  publication-title: British Journal of Social Psychology
– year: 2004
  ident: bib7
  article-title: Directory of Top Computer Executives: Spring 2004 Eastern U.S. Edition
– volume: 12
  start-page: 35
  year: 1996
  end-page: 53
  ident: bib47
  article-title: An integrative study of information systems security effectiveness
  publication-title: International Journal of Information Systems
– volume: 90
  start-page: 245
  year: 1981
  end-page: 271
  ident: bib89
  article-title: Downward comparison principles in social psychology
  publication-title: Psychological Bulletin
– year: 1998
  ident: bib22
  article-title: The partial least squares approach for structural equation modeling
  publication-title: Modern methods for business research
– start-page: 11
  year: 1987
  end-page: 54
  ident: bib60
  article-title: Generic comparison processes in human judgment and behavior
  publication-title: Social comparison, social justice, and relative deprivation
– year: 1998
  ident: bib38
  article-title: Multivariate data analysis
– volume: 15
  start-page: 1
  year: 1996
  end-page: 8
  ident: bib88
  article-title: Unrealistic optimism: present and future
  publication-title: Journal of Social and Clinical Psychology
– volume: 11
  start-page: 205
  year: 1989
  end-page: 210
  ident: bib79
  article-title: Computer security—threats, vulnerabilities and countermeasures
  publication-title: Information Age
– volume: 58
  start-page: 472
  year: 1990
  end-page: 486
  ident: bib68
  article-title: Mechanisms governing empowerment effects: a self-efficacy analysis
  publication-title: Journal of Personality and Social Psychology
– volume: 21
  start-page: 301
  year: 1999
  end-page: 316
  ident: bib9
  article-title: Different perceptions of control: applying an extended theory of planned behavior to legal and illegal drug use
  publication-title: Basic and Applied Social Psychology
– volume: 21
  start-page: 402
  year: 2002
  end-page: 409
  ident: bib42
  article-title: Information security policy: what do international security standards say?
  publication-title: Computers and Security
– year: 2004
  ident: bib6
  article-title: AOL/NCSA online safety study
– volume: 22
  start-page: 135
  year: 1993
  end-page: 159
  ident: bib54
  article-title: Self-serving assessment of fairness and pretrial bargaining
  publication-title: The Journal of Legal Studies
– volume: 21
  start-page: 333
  year: 1989
  end-page: 340
  ident: bib24
  article-title: The optimistic bias and traffic accident perception
  publication-title: Accident Analysis and Prevention
– volume: 20
  start-page: 13
  year: 1991
  end-page: 27
  ident: bib37
  article-title: Security concerns of system users: a study of perceptions of the adequacy of security
  publication-title: Information & Management
– year: 2004
  ident: bib26
  article-title: Information security survey 2004
– start-page: 241
  year: 1989
  end-page: 255
  ident: bib14
  article-title: Logical control specifications: an approach to information systems security
  publication-title: Systems Development for Human Progress
– volume: 45
  start-page: 425
  year: 2000
  end-page: 455
  ident: bib2
  article-title: Collaboration networks, structural holes, and innovation: a longitudinal study
  publication-title: Administrative Science Quarterly
– volume: 15
  start-page: 9
  year: 1996
  end-page: 52
  ident: bib39
  article-title: Sufficient grounds for optimism? The relationship between perceived controllability and optimistic bias
  publication-title: Journal of Social and Clinical Psychology
– year: 1951
  ident: bib51
  article-title: A philosophical essay on probabilities
– volume: 37
  start-page: 36
  year: 1983
  end-page: 48
  ident: bib28
  article-title: A leisurely look at the bootstrap, the jackknife, and cross-validation
  publication-title: The American Statistician
– volume: 36
  start-page: 422
  year: 1990
  end-page: 435
  ident: bib58
  article-title: Characteristics of risk taking executives
  publication-title: Management Science
– volume: 33
  start-page: 1404
  year: 1987
  end-page: 1418
  ident: bib59
  article-title: Managerial perspectives on risk and risk taking
  publication-title: Management Science
– volume: 50
  start-page: 502
  year: 1986
  end-page: 510
  ident: bib70
  article-title: Self-other judgments and perceived vulnerability to victimization
  publication-title: Journal of Personality and Social Psychology
– volume: 81
  start-page: 18
  year: 2003
  end-page: 20
  ident: bib63
  article-title: Best practice: are you the weak link?
  publication-title: Harvard Business Review
– year: 1986
  ident: bib55
  article-title: LVPLS 1.8: latent variables path analysis with partial least squares estimations. Program manual
– volume: 8
  start-page: 31
  year: 2000
  end-page: 41
  ident: bib77
  article-title: A conceptual foundation for organizational information security awareness
  publication-title: Information Management and Computer Security
– volume: 7
  start-page: 1
  year: 2001
  end-page: 18
  ident: bib71
  article-title: CSI/FBI computer crime and security survey
  publication-title: Computer Security Issues and Trends
– year: 2002
  ident: bib84
  article-title: System reliability and free riding
  publication-title: Proceedings of the First Workshop on the Economics of Information Security
– start-page: 7
  year: 1986
  end-page: 24
  ident: bib83
  article-title: The social identity theory of inter-group behavior
  publication-title: Psychology of inter-group relations
– volume: 26
  start-page: 231
  year: 2003
  end-page: 249
  ident: bib49
  article-title: Interdependent security
  publication-title: Journal of Risk and Uncertainty
– year: 2004
  ident: bib8
  article-title: Directory of Top Computer Executives: Spring 2004 Western U.S. Edition
– year: 2008
  ident: bib75
  article-title: Technical guide to information security testing and assessment
– volume: 81
  start-page: 56
  year: 2003
  end-page: 63
  ident: bib57
  article-title: Delusions of success: how optimism undermines executives’ decisions
  publication-title: Harvard Business Review
– volume: 9
  start-page: 161
  year: 1994
  end-page: 180
  ident: bib76
  article-title: Optimism, vulnerability, and self-beliefs as health-related cognitions: a systematic overview
  publication-title: Psychology and Health
– volume: 39
  start-page: 806
  year: 1980
  end-page: 820
  ident: bib86
  article-title: Unrealistic optimism about future life events
  publication-title: Journal of Personality and Social Psychology
– volume: 2
  start-page: 245
  year: 1987
  end-page: 249
  ident: bib15
  article-title: Comparing social learning theory and the health belief model
  publication-title: Advances in Health Education and Promotion
– volume: 48
  start-page: 710
  year: 2005
  end-page: 720
  ident: bib82
  article-title: Network effects revisited: the role of strong ties in technology adoption
  publication-title: Academy of Management Journal
– volume: 7
  start-page: 117
  year: 1954
  end-page: 140
  ident: bib31
  article-title: A theory of social comparison process
  publication-title: Human Relations
– year: 2003
  ident: bib27
  article-title: The dynamics of organizational information security
  publication-title: Proceedings of the Twenty Fourth International Conference on Information System: 921–927 Seattle, WA
– volume: 17
  start-page: 437
  year: 2002
  end-page: 466
  ident: bib48
  article-title: Perceived controllability and the optimistic bias: a meta-analytic review
  publication-title: Psychology and Health
– volume: 1
  start-page: 255
  year: 1990
  end-page: 276
  ident: bib80
  article-title: Effective IS security: an empirical study
  publication-title: Information Systems Research
– volume: 13
  start-page: 1
  year: 1984
  end-page: 55
  ident: bib72
  article-title: The selection of disputes for litigation
  publication-title: The Journal of Legal Studies
– volume: 16
  start-page: 3
  year: 2008
  end-page: 21
  ident: bib34
  article-title: Curbing optimism bias and strategic misrepresentation in planning: reference class forecasting in practice
  publication-title: European Planning Studies
– year: 2000
  ident: bib20
  article-title: Pricing security
  publication-title: Proceedings of the Third CERT Information Survivability Workshop: 31–39, Boston, MA
– volume: 3
  start-page: 97
  year: 1988
  end-page: 108
  ident: bib23
  article-title: Entrepreneurs’ perceived chances for success
  publication-title: Journal of Business Venturing
– volume: 106
  start-page: 231
  year: 1989
  end-page: 248
  ident: bib90
  article-title: Theory and research concerning social comparisons of personal attributes
  publication-title: Psychological Bulletin
– volume: 32
  start-page: 311
  year: 1975
  end-page: 328
  ident: bib50
  article-title: The illusion of control
  publication-title: Journal of Personality and Social Psychology
– year: 2002
  ident: bib64
  article-title: The art of deception: controlling the human element of security
– volume: 2
  start-page: 245
  year: 1987
  ident: 10.1016/j.cose.2011.12.001_bib15
  article-title: Comparing social learning theory and the health belief model
  publication-title: Advances in Health Education and Promotion
– volume: 11
  start-page: 127
  year: 2001
  ident: 10.1016/j.cose.2011.12.001_bib25
  article-title: Current directions in IS security research: toward socio-organizational perspectives
  publication-title: Information Systems Journal
  doi: 10.1046/j.1365-2575.2001.00099.x
– volume: 23
  start-page: 291
  year: 1993
  ident: 10.1016/j.cose.2011.12.001_bib44
  article-title: Social comparison of health risks: locus of control, the person-positivity bias, and unrealistic optimism
  publication-title: Journal of Applied Social Psychology
  doi: 10.1111/j.1559-1816.1993.tb01088.x
– year: 2002
  ident: 10.1016/j.cose.2011.12.001_bib84
  article-title: System reliability and free riding
– volume: 84
  start-page: 888
  year: 1977
  ident: 10.1016/j.cose.2011.12.001_bib5
  article-title: Attitude-behavior relations: a theoretical analysis and review of empirical research
  publication-title: Psychological Bulletin
  doi: 10.1037/0033-2909.84.5.888
– volume: 34
  start-page: 233
  year: 1984
  ident: 10.1016/j.cose.2011.12.001_bib91
  article-title: The influence of a perceived event’s controllability on its subjective occurrence probability
  publication-title: The Psychological Record
  doi: 10.1007/BF03394867
– year: 1989
  ident: 10.1016/j.cose.2011.12.001_bib56
– volume: 16
  start-page: 173
  issue: 2
  year: 1992
  ident: 10.1016/j.cose.2011.12.001_bib53
  article-title: Threats to information systems: today’s reality, yesterday’s understanding
  publication-title: MIS Quarterly
  doi: 10.2307/249574
– volume: 9
  start-page: 161
  year: 1994
  ident: 10.1016/j.cose.2011.12.001_bib76
  article-title: Optimism, vulnerability, and self-beliefs as health-related cognitions: a systematic overview
  publication-title: Psychology and Health
  doi: 10.1080/08870449408407475
– volume: 39
  start-page: 806
  year: 1980
  ident: 10.1016/j.cose.2011.12.001_bib86
  article-title: Unrealistic optimism about future life events
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.39.5.806
– volume: 45
  start-page: 425
  year: 2000
  ident: 10.1016/j.cose.2011.12.001_bib2
  article-title: Collaboration networks, structural holes, and innovation: a longitudinal study
  publication-title: Administrative Science Quarterly
  doi: 10.2307/2667105
– volume: 8
  start-page: 31
  year: 2000
  ident: 10.1016/j.cose.2011.12.001_bib77
  article-title: A conceptual foundation for organizational information security awareness
  publication-title: Information Management and Computer Security
  doi: 10.1108/09685220010371394
– volume: 90
  start-page: 245
  year: 1981
  ident: 10.1016/j.cose.2011.12.001_bib89
  article-title: Downward comparison principles in social psychology
  publication-title: Psychological Bulletin
  doi: 10.1037/0033-2909.90.2.245
– year: 2002
  ident: 10.1016/j.cose.2011.12.001_bib21
– volume: 15
  start-page: 9
  year: 1996
  ident: 10.1016/j.cose.2011.12.001_bib39
  article-title: Sufficient grounds for optimism? The relationship between perceived controllability and optimistic bias
  publication-title: Journal of Social and Clinical Psychology
  doi: 10.1521/jscp.1996.15.1.9
– volume: 81
  start-page: 18
  year: 2003
  ident: 10.1016/j.cose.2011.12.001_bib63
  article-title: Best practice: are you the weak link?
  publication-title: Harvard Business Review
– year: 2002
  ident: 10.1016/j.cose.2011.12.001_bib4
– year: 2004
  ident: 10.1016/j.cose.2011.12.001_bib7
– year: 2004
  ident: 10.1016/j.cose.2011.12.001_bib8
– volume: 21
  start-page: 402
  year: 2002
  ident: 10.1016/j.cose.2011.12.001_bib42
  article-title: Information security policy: what do international security standards say?
  publication-title: Computers and Security
  doi: 10.1016/S0167-4048(02)00504-7
– volume: 12
  start-page: 35
  issue: 4
  year: 1996
  ident: 10.1016/j.cose.2011.12.001_bib47
  article-title: An integrative study of information systems security effectiveness
  publication-title: International Journal of Information Systems
– volume: 10
  start-page: 385
  year: 1984
  ident: 10.1016/j.cose.2011.12.001_bib52
  article-title: Acquisition of relative performance information: the roles of intrapersonal and interpersonal comparison
  publication-title: Personality and Social Psychology Bulletin
  doi: 10.1177/0146167284103006
– volume: 11
  start-page: 109
  issue: 1
  year: 1997
  ident: 10.1016/j.cose.2011.12.001_bib11
  article-title: Explaining bargaining impasse: the role of self-serving biases
  publication-title: The Journal of Economic Perspectives
  doi: 10.1257/jep.11.1.109
– volume: 43
  start-page: 5
  year: 1982
  ident: 10.1016/j.cose.2011.12.001_bib12
  article-title: Microanalysis and fear arousal as a function of differential levels of perceived self-efficacy
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.43.1.5
– volume: 58
  start-page: 472
  year: 1990
  ident: 10.1016/j.cose.2011.12.001_bib68
  article-title: Mechanisms governing empowerment effects: a self-efficacy analysis
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.58.3.472
– year: 1995
  ident: 10.1016/j.cose.2011.12.001_bib78
– year: 2002
  ident: 10.1016/j.cose.2011.12.001_bib64
– volume: 1
  start-page: 255
  issue: 3
  year: 1990
  ident: 10.1016/j.cose.2011.12.001_bib80
  article-title: Effective IS security: an empirical study
  publication-title: Information Systems Research
  doi: 10.1287/isre.1.3.255
– volume: 20
  start-page: 13
  year: 1991
  ident: 10.1016/j.cose.2011.12.001_bib37
  article-title: Security concerns of system users: a study of perceptions of the adequacy of security
  publication-title: Information & Management
  doi: 10.1016/0378-7206(91)90024-V
– volume: 22
  start-page: 441
  issue: 4
  year: 1998
  ident: 10.1016/j.cose.2011.12.001_bib81
  article-title: Coping with systems risk: security planning models for management decision making
  publication-title: MIS Quarterly
  doi: 10.2307/249551
– volume: 65
  start-page: 781
  year: 1993
  ident: 10.1016/j.cose.2011.12.001_bib69
  article-title: What motivates children’s behavior and emotion? The joint effects of perceived control and autonomy in the academic domain
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.65.4.781
– year: 1999
  ident: 10.1016/j.cose.2011.12.001_bib1
– volume: 67
  start-page: 366
  year: 1994
  ident: 10.1016/j.cose.2011.12.001_bib19
  article-title: Exploring the “planning fallacy”: why people underestimate their task completion time
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.67.3.366
– volume: 7
  start-page: 117
  year: 1954
  ident: 10.1016/j.cose.2011.12.001_bib31
  article-title: A theory of social comparison process
  publication-title: Human Relations
  doi: 10.1177/001872675400700202
– volume: 84
  start-page: 39
  year: 1993
  ident: 10.1016/j.cose.2011.12.001_bib61
  article-title: It won’t happen to me: unrealistic optimism or illusion of control?
  publication-title: British Journal of Psychology
  doi: 10.1111/j.2044-8295.1993.tb02461.x
– volume: 16
  start-page: 3
  issue: 1
  year: 2008
  ident: 10.1016/j.cose.2011.12.001_bib34
  article-title: Curbing optimism bias and strategic misrepresentation in planning: reference class forecasting in practice
  publication-title: European Planning Studies
  doi: 10.1080/09654310701747936
– volume: 68
  start-page: 804
  year: 1995
  ident: 10.1016/j.cose.2011.12.001_bib3
  article-title: Personal contact, individuation, and the better-than-average effect
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.68.5.804
– volume: 19
  start-page: 440
  year: 1982
  ident: 10.1016/j.cose.2011.12.001_bib32
  article-title: Two structural equation models: LISREL and PLS applied to consumer exit-voice theory
  publication-title: Journal of Marketing Research
  doi: 10.2307/3151718
– volume: 36
  start-page: 422
  year: 1990
  ident: 10.1016/j.cose.2011.12.001_bib58
  article-title: Characteristics of risk taking executives
  publication-title: Management Science
  doi: 10.1287/mnsc.36.4.422
– volume: 50
  start-page: 502
  year: 1986
  ident: 10.1016/j.cose.2011.12.001_bib70
  article-title: Self-other judgments and perceived vulnerability to victimization
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.50.3.502
– volume: 14
  start-page: 475
  issue: 4
  year: 1991
  ident: 10.1016/j.cose.2011.12.001_bib65
  article-title: Information systems management issues for the 1990s
  publication-title: MIS Quarterly
  doi: 10.2307/249452
– volume: 21
  start-page: 301
  year: 1999
  ident: 10.1016/j.cose.2011.12.001_bib9
  article-title: Different perceptions of control: applying an extended theory of planned behavior to legal and illegal drug use
  publication-title: Basic and Applied Social Psychology
  doi: 10.1207/S15324834BASP2104_4
– volume: 3
  start-page: 97
  year: 1988
  ident: 10.1016/j.cose.2011.12.001_bib23
  article-title: Entrepreneurs’ perceived chances for success
  publication-title: Journal of Business Venturing
  doi: 10.1016/0883-9026(88)90020-1
– year: 2003
  ident: 10.1016/j.cose.2011.12.001_bib27
  article-title: The dynamics of organizational information security
– year: 1998
  ident: 10.1016/j.cose.2011.12.001_bib35
– volume: 15
  start-page: 53
  year: 1996
  ident: 10.1016/j.cose.2011.12.001_bib43
  article-title: Self-favoring biases for positive and negative characteristics: independent phenomena?
  publication-title: Journal of Social and Clinical Psychology
  doi: 10.1521/jscp.1996.15.1.53
– volume: 26
  start-page: 1213
  year: 1996
  ident: 10.1016/j.cose.2011.12.001_bib74
  article-title: Absolute and relative biases in estimations of personal risk
  publication-title: Journal of Applied Social Psychology
  doi: 10.1111/j.1559-1816.1996.tb01778.x
– year: 1999
  ident: 10.1016/j.cose.2011.12.001_bib36
– year: 2004
  ident: 10.1016/j.cose.2011.12.001_bib6
– year: 2004
  ident: 10.1016/j.cose.2011.12.001_bib33
– year: 2005
  ident: 10.1016/j.cose.2011.12.001_bib45
– volume: 26
  start-page: 231
  year: 2003
  ident: 10.1016/j.cose.2011.12.001_bib49
  article-title: Interdependent security
  publication-title: Journal of Risk and Uncertainty
  doi: 10.1023/A:1024119208153
– volume: 7
  start-page: 1
  issue: 2
  year: 2001
  ident: 10.1016/j.cose.2011.12.001_bib71
  article-title: CSI/FBI computer crime and security survey
  publication-title: Computer Security Issues and Trends
– volume: 51
  start-page: 71
  year: 1977
  ident: 10.1016/j.cose.2011.12.001_bib10
  article-title: Estimating non-response bias in mail surveys
  publication-title: Journal of Marketing
– year: 2009
  ident: 10.1016/j.cose.2011.12.001_bib73
– volume: 22
  start-page: 135
  issue: 1
  year: 1993
  ident: 10.1016/j.cose.2011.12.001_bib54
  article-title: Self-serving assessment of fairness and pretrial bargaining
  publication-title: The Journal of Legal Studies
  doi: 10.1086/468160
– volume: vol. 12
  start-page: 313
  year: 1979
  ident: 10.1016/j.cose.2011.12.001_bib46
  article-title: Intuitive prediction: biases and corrective procedures
– year: 1998
  ident: 10.1016/j.cose.2011.12.001_bib22
  article-title: The partial least squares approach for structural equation modeling
– volume: 13
  start-page: 1
  issue: 1
  year: 1984
  ident: 10.1016/j.cose.2011.12.001_bib72
  article-title: The selection of disputes for litigation
  publication-title: The Journal of Legal Studies
  doi: 10.1086/467732
– volume: 11
  start-page: 205
  issue: 4
  year: 1989
  ident: 10.1016/j.cose.2011.12.001_bib79
  article-title: Computer security—threats, vulnerabilities and countermeasures
  publication-title: Information Age
– volume: 48
  start-page: 710
  issue: 4
  year: 2005
  ident: 10.1016/j.cose.2011.12.001_bib82
  article-title: Network effects revisited: the role of strong ties in technology adoption
  publication-title: Academy of Management Journal
  doi: 10.5465/AMJ.2005.17843947
– volume: 82
  start-page: 213
  year: 1975
  ident: 10.1016/j.cose.2011.12.001_bib62
  article-title: Self-serving biases in attribution of causality: fact or fiction?
  publication-title: Psychological Bulletin
  doi: 10.1037/h0076486
– start-page: 11
  year: 1987
  ident: 10.1016/j.cose.2011.12.001_bib60
  article-title: Generic comparison processes in human judgment and behavior
– volume: 33
  start-page: 1404
  year: 1987
  ident: 10.1016/j.cose.2011.12.001_bib59
  article-title: Managerial perspectives on risk and risk taking
  publication-title: Management Science
  doi: 10.1287/mnsc.33.11.1404
– volume: 106
  start-page: 231
  year: 1989
  ident: 10.1016/j.cose.2011.12.001_bib90
  article-title: Theory and research concerning social comparisons of personal attributes
  publication-title: Psychological Bulletin
  doi: 10.1037/0033-2909.106.2.231
– start-page: 241
  year: 1989
  ident: 10.1016/j.cose.2011.12.001_bib14
  article-title: Logical control specifications: an approach to information systems security
– year: 1986
  ident: 10.1016/j.cose.2011.12.001_bib55
– year: 2000
  ident: 10.1016/j.cose.2011.12.001_bib20
  article-title: Pricing security
– volume: 21
  start-page: 333
  year: 1989
  ident: 10.1016/j.cose.2011.12.001_bib24
  article-title: The optimistic bias and traffic accident perception
  publication-title: Accident Analysis and Prevention
  doi: 10.1016/0001-4575(89)90024-9
– year: 2005
  ident: 10.1016/j.cose.2011.12.001_bib29
  article-title: What type of disputes are best suited for alternative dispute resolution—an analysis in the space of the odds of litigation
– year: 2004
  ident: 10.1016/j.cose.2011.12.001_bib30
– volume: 17
  start-page: 475
  year: 1991
  ident: 10.1016/j.cose.2011.12.001_bib16
  article-title: The social self: on being the same and different at the same time
  publication-title: Personality and Social Psychology Bulletin
  doi: 10.1177/0146167291175001
– volume: 32
  start-page: 311
  year: 1975
  ident: 10.1016/j.cose.2011.12.001_bib50
  article-title: The illusion of control
  publication-title: Journal of Personality and Social Psychology
  doi: 10.1037/0022-3514.32.2.311
– volume: 10
  start-page: 481
  year: 1987
  ident: 10.1016/j.cose.2011.12.001_bib87
  article-title: Unrealistic optimism about susceptibility to health problems: conclusions from a community-wide sample
  publication-title: Journal of Behavioral Medicine
  doi: 10.1007/BF00846146
– year: 2004
  ident: 10.1016/j.cose.2011.12.001_bib26
– volume: 19
  start-page: 337
  year: 2000
  ident: 10.1016/j.cose.2011.12.001_bib66
  article-title: Implementing information security in the 21st century: do you have the balancing factors?
  publication-title: Computers and Security
  doi: 10.1016/S0167-4048(00)04021-9
– volume: 4
  start-page: 353
  year: 1986
  ident: 10.1016/j.cose.2011.12.001_bib17
  article-title: Evaluations of self and others: self enhancement biases in social judgments
  publication-title: Social Cognition
  doi: 10.1521/soco.1986.4.4.353
– volume: 17
  start-page: 437
  year: 2002
  ident: 10.1016/j.cose.2011.12.001_bib48
  article-title: Perceived controllability and the optimistic bias: a meta-analytic review
  publication-title: Psychology and Health
  doi: 10.1080/0887044022000004920
– volume: 63
  start-page: 329
  year: 1995
  ident: 10.1016/j.cose.2011.12.001_bib85
  article-title: Self evaluation processes: motives, information use, and self-esteem
  publication-title: Journal of Personality
  doi: 10.1111/j.1467-6494.1995.tb00315.x
– year: 1998
  ident: 10.1016/j.cose.2011.12.001_bib38
– volume: 15
  start-page: 1
  year: 1996
  ident: 10.1016/j.cose.2011.12.001_bib88
  article-title: Unrealistic optimism: present and future
  publication-title: Journal of Social and Clinical Psychology
  doi: 10.1521/jscp.1996.15.1.1
– start-page: 7
  year: 1986
  ident: 10.1016/j.cose.2011.12.001_bib83
  article-title: The social identity theory of inter-group behavior
– volume: 33
  start-page: 319
  year: 1994
  ident: 10.1016/j.cose.2011.12.001_bib40
  article-title: The illusion of control and optimism about health: on being less at risk but no more in control than others
  publication-title: British Journal of Social Psychology
  doi: 10.1111/j.2044-8309.1994.tb01035.x
– volume: 20
  start-page: 413
  year: 2000
  ident: 10.1016/j.cose.2011.12.001_bib13
  article-title: Determinants of priority for risk reduction: the role of worry
  publication-title: Risk Analysis
  doi: 10.1111/0272-4332.204041
– volume: 5
  start-page: 74
  year: 2001
  ident: 10.1016/j.cose.2011.12.001_bib41
  article-title: Do moderators of the optimistic bias affect personal or target risk estimates? A review of the literature
  publication-title: Personality and Social Psychology Review
  doi: 10.1207/S15327957PSPR0501_5
– volume: 37
  start-page: 36
  year: 1983
  ident: 10.1016/j.cose.2011.12.001_bib28
  article-title: A leisurely look at the bootstrap, the jackknife, and cross-validation
  publication-title: The American Statistician
  doi: 10.2307/2685844
– year: 2008
  ident: 10.1016/j.cose.2011.12.001_bib75
– year: 1951
  ident: 10.1016/j.cose.2011.12.001_bib51
– volume: 81
  start-page: 56
  issue: 7
  year: 2003
  ident: 10.1016/j.cose.2011.12.001_bib57
  article-title: Delusions of success: how optimism undermines executives’ decisions
  publication-title: Harvard Business Review
– volume: 80
  start-page: 325
  year: 1992
  ident: 10.1016/j.cose.2011.12.001_bib67
  article-title: Risk and behavior: the mediating role of risk appraisal
  publication-title: Acta Psychologica
  doi: 10.1016/0001-6918(92)90054-H
SSID ssj0017688
Score 2.3123503
Snippet Information security is a critical issue that many firms face these days. While increasing incidents of information security breaches have generated extensive...
SourceID proquest
crossref
elsevier
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 221
SubjectTerms Awareness
Bias
Commitments
Computer information security
Controllability
Data integrity
Emission
Information security
Low level
Management information systems
Optimistic bias
Perceived controllability
Perception
Perceptions
Posture
Risk management
Risk perception
Security management
Studies
Title Unrealistic optimism on information security management
URI https://dx.doi.org/10.1016/j.cose.2011.12.001
https://www.proquest.com/docview/923242208
https://www.proquest.com/docview/1019648450
Volume 31
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwED6VsrDwRpRHFSQ2FOokjhuPCFEVECxQic2ynVgC0bSi7cpv5y5xIoEQA1sedhLd2feIP38HcG6lQa2mJtQi5yGXxoUZeuUwcuhbEplbWRXte3gU4wm_e0lfOnDd7IUhWKW3_bVNr6y1vzLw0hzMX18HTxWAnuhOiEaI0-b19TiRIu3C-tXt_fixXUzAiDprKb6xg987U8O8CBZeM3nSX0FfG-YX__TDUlfuZ7QNmz5uDK7qT9uBTlHuwlZTkyHwU3QPhhMcD0RqiO2CGdoD1OM0mJWBZ0glPQQLX7QumLbgl32YjG6er8ehL44Q2kSwZSiZSyJtcpFah4faamu4iYZmiBkYE7lAX6850xzTToNpQyK50DnR_ZmMWcGSA-iWs7I4hKBwjoqoW5cZw4UwpmAUJsVSOIfmgPcgakSirGcOpwIW76qBiL0pEqMiMaooJpxcDy7aPvOaN-PP1mkjafVN-woN-5_9jhu1KD_3FkpWQWLMsh6ctXdR2LQSostitlrQ46TgGU_Z0T_ffAwbeBbXaLQT6C4_VsUphidL04e1y8-o7wfhF2Qw4o4
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3PT4MwFG6WedCLv41z_sDEm8GVUQo9msVl6raLW7JbQwtNZhwsbrv6t_seFBKN2cEbgRbIe-33XuHr9wi500KBVwPlxjxhLhPKuBFEZdczEFt8kWhRFO0bjflgyl5mwaxBetVeGKRVWuwvMb1Aa3umY63ZWc7nnbeCQI9yJygjxHDz-g4L_BB5fQ9fNc_Dg3w6qgW-obndOVOSvJAUXup44jdBWxnmj-j0C6eL4NM_JPs2a3Qeyxc7Io00OyYHVUUGx07QExJOYTSgpCG0c3JAA_Diwskzx-qjoheclS1Z5yxq6sspmfafJr2Ba0sjuNrndO0KanwvVgkPtIHDWMdaMeWFKoT1F-UJh0gfMxozWHQqWDT4gvE4QbE_FVHNqX9GmlmepefESY3BEuraREoxzpVKKSZJXcGNATBgLeJVJpHa6oZj-YoPWRHE3iWaUaIZpddFllyL3Nd9lqVqxtbWQWVp-cP3EmB9a7925RZpZ95KiiJF7NKoRW7rq2Bs_A8SZ2m-WeHtBGcRC-jFP598Q3YHk9FQDp_Hr22yB1e6JS_tkjTXn5v0ChKVtbouBuI3SljjWQ
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Unrealistic+optimism+on+information+security+management&rft.jtitle=Computers+%26+security&rft.au=Rhee%2C+Hyeun-Suk&rft.au=Ryu%2C+Young+U&rft.au=Kim%2C+Cheong-Tag&rft.date=2012-03-01&rft.issn=0167-4048&rft.volume=31&rft.issue=2&rft.spage=221&rft.epage=232&rft_id=info:doi/10.1016%2Fj.cose.2011.12.001&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon