![]() ![]() People are in general responsive to actual risks imposed on them. Similarly, in order for managers to understand the need for information systems safeguards and to exercise necessary security practices, they must perceive their own vulnerability associated with the information system. What really makes people to commit themselves to take a precautionary and preventive action (e.g., quitting smoking) is their perception that the accident may occur to them. For example, a smoker knows that smoking is related to lung cancer. However, an understanding of threats alone seems insufficient to motivate one to take actual actions. Awareness of information security is the vigilance in understanding various information security threats and in perceiving vulnerability related to these threats. Information security refers to the preservation of confidentiality, integrity, and availability of information and the systems that use, store, and transmit information (ISO., 2005, Smith, 1989). These surveys and other studies in information security consistently report that a lack of manager and user awareness is the number one obstacle to achieving a good information security posture (CERT., 2002, DTI., 2004, Ernst and Young, 2004, Goodhue and Straub, 1991, Loch et al., 1992, Niederman et al., 1991, Siponen, 2000, Straub and Welke, 1998). Several surveys have indicated that the challenges associated with information security are far from resolved. This greater connectivity has increased the vulnerability of information systems to various security threats. In order to overcome the effects of optimistic bias, firms need more security awareness training and systematic treatments of security threats instead of relying on ad hoc approach to security measure implementation.īusiness environments continue to change with increasing dependence on information technology and pervasive use of the Internet. This optimistic bias is also found to be related to perception of controllability with information security threats. The extent of this optimistic bias is greater with a distant comparison target with fewer information sharing activities. We find that they demonstrate optimistic bias in risk perception on information security domain. Using a survey, we study if MIS executives are subject to such a bias in their vulnerability perceptions of information security. We report this dissonance by addressing a cognitive bias called optimistic bias. The main motivation of our study emanates from this phenomenon that the increased vulnerability to information security breaches is coupled with the low level of managerial awareness and commitment regarding information security threats. While increasing incidents of information security breaches have generated extensive publicity, previous studies repeatedly expose low levels of managerial awareness and commitment, a key obstacle to achieving a good information security posture. Information security is a critical issue that many firms face these days. ![]()
0 Comments
Leave a Reply. |