oru.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Assessing Escalation of Commitment as an Antecedent of Noncompliance with Information Security Policy
Institutionen för informatik (IK), Linnéuniversitetet, Växjö, Sweden.
2013 (Engelska)Doktorsavhandling, monografi (Övrigt vetenskapligt)
Abstract [en]

For organizations, emphasizing investments in security technology has become the norm. Trending security technologies are important for an organization’s information security strategy. Organizations commonly use such technologies to enforce information security policy (ISP) compliance on the part of their employees, to ensure the security of their information resources. Yet, it seems that employees frequently establish rules of their own for complying with the ISP. Questioning this concern, the present dissertation addresses employees’ violation of information security rules and regulations. The motivation is based on the concern that information security policy noncompliance is largely influenced by escalation of commitment. Escalation is a phenomenon that explains how employees in organizations often get involved in nonperforming tasks, commonly reflecting the tendency of persistence, when investments of resources have been initiated. This dissertation develops an integrated model based on Self-Justification theory, Prospect theory, and Approach Avoidance theory, that centres on two main factors of noncompliance, namely self-justification and sunk costs. These factors act as mediating mechanisms to explain the dependent factor of the willingness to engage in noncompliant behaviour. The theoretical model is empirically tested with a data set that represents responses from 639 respondents across 27 organizations using the scenario-based survey approach. The results of this dissertation present a dual outcome. For theory, our theoretical framework not only enriches the literature on information security by proving that escalation behaviour is an antecedent of noncompliance, but also generates new insights about the escalation of commitment literature. The findings suggest that employees’ cognitive traits are escalation’s main antecedents that present the necessary stimulation to violate an ISP, while employees’ emotional traits do not influence such stimulation when overpowered by cognitive traits. Our results also suggest that employees engaged in nonperforming tasks often become noncompliant, even though they were complying before. In principle, the findings show that employees prioritize the completion of their tasks, rather than their commitment to comply with the ISP, and thus become noncompliant. In practice, our results show that employees’ willingness to engage in noncompliant behaviour is largely influenced by self-justification and sunk costs. The main results suggest that (a) self-justification is largely driven by the benefits of noncompliance outweighing the costs of compliance; (b) sunk costs are largely driven by the completion effect; (c) the benefit of noncompliance is a significant factor in self-justification, partially mediated by its influence on the willingness to engage in noncompliance; and (d) the completion effect is a significant factor in the sunk costs, fully mediated by its influence on the willingness to engage in noncompliance. This dissertation advocates that further research is needed to account for and explain noncompliant behaviour by utilizing escalation theories in more depth, and that such an account requires an innovative and empirically driven effort.

Ort, förlag, år, upplaga, sidor
Växjö: Linnaeus University Press , 2013. , s. 164
Nyckelord [en]
Information security policy; Escalation of commitment; Noncompliance behaviour; Self-justification; Sunk cost.
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Data- och informationsvetenskap, Informatik
Identifikatorer
URN: urn:nbn:se:oru:diva-62325ISBN: 978-91-87427-44-2 (tryckt)OAI: oai:DiVA.org:oru-62325DiVA, id: diva2:1156391
Disputation
2013-09-19, Weber, Hus K, Växjö, 13:15 (Engelska)
Opponent
Handledare
Tillgänglig från: 2013-11-10 Skapad: 2017-11-13 Senast uppdaterad: 2018-05-29

Open Access i DiVA

Fulltext saknas i DiVA

Sök vidare i DiVA

Av författaren/redaktören
Kajtazi, Miranda
Data- och informationsvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 79 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf