oru.sePublications
Change search
Refine search result
1 - 15 of 15
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Haftor, Darek
    et al.
    School of Computer Science, Physics and Mathematics, Linnaeus University, Växjö, Sweden.
    Kajtazi, Miranda
    School of Computer Science, Physics and Mathematics, Linnaeus University, Växjö, Sweden.
    Information Based Business Models: a Research Direction2012In: Proceedings of the 9th International Conference in Business and Information (BAI 2012), 2012Conference paper (Refereed)
  • 2.
    Haftor, Darek
    et al.
    Stockholm University, Stockholm, Sweden.
    Kajtazi, Miranda
    Linnaeus University, Växjö, Sweden.
    Mirijamdotter, Anita
    Linnaeus University, Växjö, Sweden.
    Information Logistics as a Guide for Research and Practice of e-Maintenance Operations2011In: International Journal of Performability Engineering, ISSN 0973-1318, Vol. 7, no 6, p. 593-603Article in journal (Refereed)
    Abstract [en]

    Although the development of e-maintenance operations is understood to offer promising opportunities, it seems to be mainly driven by Information and Communication Technologies (ICT) applications development. This is unfortunate, as ICT has no value in itself; rather its benefit comes from the way in which it is utilized within its particular context. Thus, a conceptual framework is proposed to guide both the practice and the research of e-maintenance operations. The framework combines an Industrial Value Chain with a Buyer-Consumer Value Chain, where their intersections articulated in terms of categories derived from Information Logistics. This provides a structure for the conception of e-maintenance that needs to be populated with published research and current e-maintenance practice. This may uncover white spaces where research efforts deserve particular attention and are driven by value generation – for instance, economic. A brief case study, from a leading European truck-manufacturer, illustrates the proposed conceptual framework in application.

  • 3.
    Kajtazi, Miranda
    School of Computer Science, Physics and Mathematics, Linnaeus University, Växjö, Sweden.
    Information inadequacy: The lack of needed information in human, social and industrial affairs2012In: ICT Critical Infrastructures and Society: 10th IFIP TC 9 International Conference on Human Choice and Computers, HCC10 2012, Amsterdam, The Netherlands, September 27-28, 2012. Proceedings / [ed] Magda David Hercheui, Diane Whitehouse, William McIver Jr. & Jackie Phahlamohlaka, Springer , 2012, p. 320-329Conference paper (Refereed)
    Abstract [en]

    This study investigates the phenomenon of the lack of needed information, predominantly experienced through difficulties in human, social and industrial affairs. The key concern is, thus, to understand what really causes the lack of needed information. Answers to this concern have been provided from an array of studies mostly focused in the area of information management. However, the literature shows that there is no comprehensive a priori theory to guide an empirical investigation on this matter. Thus, the empirical investigation conducted here is based on grounded theory approach that investigates fifty cases, where the lack of needed information is clearly manifested. The empirical investigation suggests that the phenomenon of the lack of needed information seems to emerge because of diverse factors, ranging from political and cultural structures, through human individual capabilities, and ending with procedural and technological artefacts. The results present an initial outline for a possible future theory of information inadequacy.

  • 4.
    Kajtazi, Miranda
    et al.
    Örebro University, Örebro University School of Business.
    Bulgurcu, Burcu
    Boston College, Boston, USA.
    A Theoretical Perspective on Rationalization of Insider Computer Abuse2014Conference paper (Refereed)
  • 5.
    Kajtazi, Miranda
    et al.
    Linnaeus University, Växjö, Sweden.
    Bulgurcu, Burcu
    Boston College, Boston, USA.
    Information Security Policy Compliance: An Empirical Study on Escalation of Commitment2013In: 19th Americas Conference on Information Systems (AMCIS 2013): Hyperconnected World : Anything Anywhere, Anytime, Red Hook, N.Y.: Curran Associates, Inc., 2013, p. 2011-2020Conference paper (Refereed)
    Abstract [en]

    This study aims to facilitate a new understanding on employees’ attitude towards compliance with the requirements of their information security policy (ISPs) through the lens of escalation. Escalation presents a situation in which employees must decide whether to persist in or withdraw from a non-performing task. Drawing on the Theory of Planned Behavior (TPB) and Agency Theory, our model delineates three mediating factors in explaining attitude: work impediment, information asymmetry, and safety of resources. We also propose information security awareness as an independent variable having an indirect effect on attitude through mediating factors. The proposed model is tested using the data collected from 376 employees working in the banking industry. The results of the PLS analyses show that while information asymmetry and safety of resources have significant impacts on attitude, work impediment does not. The results also show that ISA has significant impact on all three mediating factors.

  • 6.
    Kajtazi, Miranda
    et al.
    Department of Informatic, Linnaeus University, Växjö, Sweden.
    Bulgurcu, Burcu
    Boston College, Boston , USA.
    Cavusoglu, Hasan
    Sauder school of Business, University of British Columbia, Vancouver, British Columbia.
    Benbasat, Izak
    Sauder school of Business, University of British Columbia, Vancouver, British Columbia.
    Assessing Sunk Cost Effect on Employees'€™ Intentions to Violate Information Security Policies in Organizations2014Conference paper (Refereed)
    Abstract [en]

    It has been widely known that employees pose insider threats to the information and technology resources of an organization. In this paper, we develop a model to explain insiders' intentional violation of the requirements of an information security policy. We propose sunk cost as a mediating factor. We test our research model on data collected from three information-intensive organizations in banking and pharmaceutical industries (n=502). Our results show that sunk cost acts as a mediator between the proposed antecedents of sunk cost (i.e., completion effect and goal in congruency) and intentions to violate the ISP. We discuss the implications of our results for developing theory and for re-designing current security agendas that could help improve compliance behavior in the future.

  • 7.
    Kajtazi, Miranda
    et al.
    Linnaeus University, Växjö, Sweden .
    Cavusoglu, Hasan
    University of British Columbia, Vancouver, Canada .
    Guilt Proneness as a Mechanism Towards Information Security Policy Compliance2013In: Proceedings of the 24th Australasian Conference on Information Systems, Royal Melbourne Institute of Technology (RMIT) , 2013Conference paper (Refereed)
    Abstract [en]

    In this paper, we develop a theoretical framework for understanding the role guilt proneness plays in the Information Security Policy (ISP) compliance. We define guilt proneness as an emotional personality trait indicative of a predisposition to experience a negative feeling about ISP violation. We develop a research model based on the theory of planned behaviour, guilt proneness theory and rational choice theory to explain employees’ intentions to comply with ISPs by incorporating the guilt proneness as a moderator between benefit of compliance and benefit of violation as perceived by employees and their attitude towards compliance. Identifying the roles of predispositions like guilt proneness in the ISP compliance will have interesting theoretical and practical implications in the area of information security.

  • 8.
    Kajtazi, Miranda
    et al.
    Linnaeus University, Växjö, Sweden .
    Cavusoglu, Hasan
    University of British Columbia, Vancouver, Canada .
    Benbasat, Izak
    University of British Columbia, Vancouver, Canada .
    Haftor, Darek
    Linnaeus University, Växjö, Sweden .
    Assessing Self-Justification as an Antecedent of Noncompliance with Information Security Policies2013In: Proceedings of the 24th Australasian Conference on Information Systems, Royal Melbourne Institute of Technology (RMIT) , 2013, p. 1-12Conference paper (Refereed)
    Abstract [en]

    This paper aims to extend our knowledge about employees’ noncompliance with Information Security Policies (ISPs), focusing on employees’ self-justification as a result of escalation of commitment that may trigger noncompliance behaviour. Escalation presents a situation when employees must decide whether to persist or withdraw from nonperforming tasks at work. Drawing on self-justification theory and prospect theory, our model presents two escalation factors in explaining employee’s willingness to engage in noncompliance behaviour with ISPs: self-justification and risk perceptions. We also propose that perceived benefits of noncompliance and perceived costs of compliance, at the intersection of cognitive and emotional driven acts influence self-justification. The model is tested based on 376 respondents from banking industry. The results show that while self-justification has a significant impact on willingness, risk perceptions do not moderate their relation. We suggest that future research should explore the roles of self-justification in noncompliance to a greater extent.

  • 9.
    Kajtazi, Miranda
    et al.
    Örebro University, Örebro University School of Business. Department of Informatics, Lunds universitet, Ekonomihögskolan, Lund, Sweden.
    Cavusoglu, Hasan
    Sauder School of Business, University of British Columbia, Vancouver, Canada.
    Benbasat, Izak
    Sauder School of Business, University of British Columbia, Vancouver, Canada.
    Haftor, Darek
    Företagsekonomiska Institutionen, Uppsala Universitet, Uppsala, Sweden.
    Escalation of commitment as an antecedent to noncompliance with information security policy2018In: Information and Computer Security, ISSN 2056-4961, Vol. 26, no 2, p. 171-193Article in journal (Refereed)
    Abstract [en]

    Purpose: This study aims to identify antecedents to noncompliance behavior influenced by decision contexts where investments in time, effort and resources are devoted to a task - referred to as a task unlikely to be completed without violating the organization's information security policy (ISP).

    Design/methodology/approach: An empirical test of the suggested relationships in the proposed model was conducted through a field study using the survey method for data collection. Pre-tests, pre-study, main study and a follow-up study compose the frame of our methodology where more than 500 respondents are involved across different organizations.

    Findings: The results confirm that the antecedents that explain the escalation of commitment behavior in terms of the effect of lost assets, such as time, effort and other resources, give us a new lens to understand noncompliance behavior; employees seem to escalate their commitments to the completion of their tasks at the expense of becoming noncompliant with ISP.

    Research limitations/implications: One of the key areas that requires further attention from this study is to better understand the role of risk perceptions on employee behavior when dealing with value conflicts. Depending on how risk-averse or risk seeking an employee is, the model showed no significant support in either case to influence their noncompliance behavior. The authors therefore argue that employees' noncompliance may be influenced by more powerful beliefs, such as self-justification and sunk costs.

    Practical implications: The results show that when employees are caught in tasks undergoing difficulties, they are more likely to increase noncompliance behavior. By understanding better how project obstacles result in such tasks, security managers can define new mechanisms to counter employees' shift from compliance to noncompliance.

    Social implications: Apart from encouraging compliance with enforcement mechanisms (using direct behavioral controls like sanctions or rewards), indirect behavior controls may also encourage compliance. The authors suggest that the ISPs should state that the organization would take positive actions toward task completion and help their employees to resolve their problems quickly.

    Originality/value: This study is the first to tackle escalation of commitment theories and use antecedents that explain the effect of lost assets, such as time, effort and other resources can also explain noncompliance with ISP in terms of the value conflicts, where employees would often choose to forego compliance at the expense of finishing their tasks.

  • 10.
    Kajtazi, Miranda
    et al.
    Lund University, Lund, Sweden.
    Haftor, Darek
    Institutionen för datavetenskap, fysik och matematik (DFM), Linnéuniversitetet, Växjö, Sweden.
    Information Inadequacy: Instances that Causes the Lack of Needed Information2012In: The 5th Workshop on Information Logistics and Knowledge Supply (ILOG2012), at the 11th International Conference on Perspectives in Business Informatics Research (BIR2012): Nizhny Novgorod, Russia, September 24-26, 2012. Proceedings: “Satellite Workshops & Doctoral Consortium.”, Springer, 2012, p. 7-17Conference paper (Refereed)
  • 11.
    Kajtazi, Miranda
    et al.
    Linnaeus University, Växjö, Sweden.
    Haftor, Darek M.
    Stockholm University, Stockholm, Sweden.
    Exploring the Notion of Information: A Proposal for a Multifaced Understanding2011In: tripleC (cognition, communication, co-operation): Journal for a Global Sustainable Information Society / Unified Theory of Information Research Group, ISSN 1726-670X, E-ISSN 1726-670X, Vol. 9, no 2, p. 305-315Article in journal (Refereed)
    Abstract [en]

    Man’s notion of ‘information’ is essential as it guides human thinking, planning, and consequent actions. Situationssuch as the Haiti earthquake in 2010, the financial crisis in Greece in 2010, and the oil slick in the Gulf of Mexico in2010 are just a few instances of constant growing empirical dilemmas in our global society where information plays a centralrole. The meaning of what information is has clear implications for how we deal with it in our practical lives, which in turnmay give rise to situations that we would prefer to be without. In this sense, the notion of information has evidently presentedthe need to question what it really means and how it dominates the functioning of our global society. To address thisfundamental issue of information, two questions are explored and presented in this paper: What notions of information aredominating the scholarly literature? And what are the differences between these notions? To answer these questions, wehave conducted a comprehensive literature survey of more than two hundred scholarly publications. Detailed analyses ofthe content of these publications identified four kinds of forms of information notions. The results show that these four formspresent diverse and opposing views of the notion of information, labelled as the ‘quartet model of information’. These addressdifferent foci, contexts, and challenges. In addition, we propose an alternative and novel understanding of the notionof information, associated with how information functions in our global society. This understanding offers a new perspectiveintended to address significant needs of the information society.

  • 12.
    Kajtazi, Miranda
    et al.
    Linnaeus University, Växjö, Sweden.
    Haftor, Darek
    Stockholm University, Stockholm, Sweden.
    Mirijamdotter, Anita
    Linnaeus University, Växjö, Sweden.
    Information Inadequacy: Some Causes of Failures in Human and Social Affairs2011In: Electronic Journal of Information Systems Evaluation, ISSN 1566-6379, E-ISSN 1566-6379, Vol. 14, no 1, p. 63-72Article in journal (Refereed)
    Abstract [en]

    In this paper, we develop a conceptual model for understanding human-related information practices and their behavioural activities. Our focus is on forging new possibilities to explore and improve the contemporary dilemma when human activities fail due to the lack of the needed information, which is here understood as information inadequacy. More precisely, information inadequacy is defined as vulnerable and inadequate information, composed by the dichotomy of information lack and/or of information overflow, which imposes complexities and unexpected behaviour on human, social and industrial affairs. By exploring the lack of needed information in human, social and industrial affairs, we conducted an inquiry into different empirical situations manifesting information inadequacy, subsequently examining the various theoretical bodies that relate to information inadequacy. The key question was: Which theories may explicate the key human behavioural patterns that cause information inadequacy? To answer this question, our paper presents initial guidance with a systematic approach that focuses on evaluating and further improving research and practice in terms of information relevance. The empirical cases are largely based on major human, social and industrial dysfunctions: the Lehman Brothers' bankruptcy 2008, and the Enron bankruptcy 2001, the disasters of the Columbia space shuttle in 2003, and the Challenger in 1986. The analyses are examined through theories of information behaviour that influence communication processes where two or more different actors are required to engage in activities of communicating information. The results include the identification of four information exchange patterns: influenced, intentional, hindered, and unaware. Furthermore, we discuss the implications of the model for practice with information. The paper concludes by reviewing the role of information inadequacy in economic, social and political contexts that remain challenging.

  • 13.
    Kajtazi, Miranda
    et al.
    Örebro University, Örebro University School of Business. Linnaeus University, Växjö, Sweden.
    Kolkowska, Ella
    Örebro University, Örebro University School of Business.
    Bulgurcu, Burcu
    Boston College, Boston Ma, USA.
    New Insights Into Understanding Manager’s Intentions to Overlook ISP Violation in Organizations through Escalation of Commitment Factors2015In: Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), Pöymouth: Plymouth University , 2015Conference paper (Refereed)
    Abstract [en]

    This paper addresses managers’ intentions to overlook their employees’ Information Security Policy (ISP) violation, in circumstances when on-going projects have to be completed and delivered even if ISP violation must take place to do so. The motivation is based on the concern that ISP violation can be influenced by escalation of commitment factors. Escalation is a phenomenon that explains how employees in organizations often get involved in nonperforming projects, commonly reflecting the tendency of persistence, when investments of resources have been initiated. We develop a theoretical understanding based on Escalation of Commitment theory that centres on two main factors of noncompliance, namely completion effect and sunk costs. We tested our theoretical concepts in a pilot study, based on qualitative and quantitative data received from 16 respondents from the IT – industry, each representing one respondent from the management level. The results show that while some managers are very strict about not accepting any form of ISP violation in their organization, their beliefs start to change when they realize that such form of violation may occur when their employees are closer to completion of a project. Our in-depth interviews with 3 respondents in the follow-up study, confirm the tension created between compliance with the ISP and the completion of the project. The results indicate that the larger the investments of time, efforts and money in a project, the more the managers consider that violation is acceptable

  • 14.
    Sarkheyli, A.
    et al.
    Department of Informatics, Lund University, Lund, Sweden.
    Alias, R. A.
    Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia.
    Carlsson, S.
    Department of Informatics, Lund University, Lund, Sweden.
    Kajtazi, Miranda
    Department of Informatics, Lund University, Lund, Sweden.
    Conceptualizing knowledge risk governance as a moderator to potentially reduce the risks in knowledge sharing2016In: Pacific Asia Conference on Information Systems, PACIS 2016: Proceedings, Chiayi: College of Management, National Chung Cheng University , 2016Conference paper (Refereed)
    Abstract [en]

    Recent developments in Knowledge Sharing (KS) have heightened the need for security. However, there has been little discussion about 'how to' integrate security into KS models effectively. This research addresses this gap by proposing a KS Risk Governance (KSRG) framework and research model based on the framework to integrate security into KS through Knowledge Risk Governance (KRG). The role of KRG in the model is identified as a moderator which would influence on the risks of KS. The potential constructs for the model are identified through literature review. Social Exchange Theory (SET) is selected as theoretical framework to describe the KS behaviour and identify the formative constructs of KRG. The results of this study indicate that (1) SET factors are positively associated with KS behaviour, (2) KRG moderated the relationship between the SET factors and KS behaviour and (3) KS via KRG as a moderating construct will reduce the risks of KS. Therefore, KSRG framework provides a helpful guideline for senior managers auditing their organization's current KS strategy and requirements for reduction of KS risks.

  • 15.
    Zec, Milos
    et al.
    Department of Informatics, Linnaeus University, Växjö, Sweden.
    Kajtazi, Miranda
    Örebro University, Örebro University School of Business. Department of Informatics, Linnaeus University, Växjö, Sweden.
    Examining how IT Professionals in SMEs Take Decisions About Implementing Cyber Security Strategy2015In: PROCEEDINGS OF 9TH EUROPEAN CONFERENCE ON IS MANAGEMENT AND EVALUATION (ECIME 2015), Academic Conferences Limited, 2015, p. 231-239Conference paper (Refereed)
    Abstract [en]

    With the significant growth of cyber space, business organizations have become more alert than ever before that cyber security must be considered seriously and that there is a need to develop up-to-date security measures. It has become an increasing trend that cyber-attackers concentrate more on small and medium than on large enterprises, due to their known vulnerability towards cyber security. In exchange of successful cyber security measures in organizations, the security risks must be taken into consideration more closely that could be helpful for re-thinking their decision-making on cyber security. This article develops a theoretical framework on cyber security with three aspects taken in consideration: organizational, technological and psychological, that deserves the attention of IT professionals while and after creating cyber security measures in their SMEs. The first two aspects (organizational and technological) focus on understanding the IT professionals' decision-making process, while the third aspect (psychological) focuses on understanding the IT professionals' post decision-making reactions. Firstly, the organizational aspect presupposes that the ones who create cyber security measures are exposed to unclear and undefined decision processes and rights that lead to system vulnerabilities. Secondly, the technological aspect focuses on disclosing how many IT professionals in their organizations fail to meet foundational technological measures, such as the existence of Internet firewall, logs of system events, existence of hardware and software inventory list, data backup, antivirus software and password rules. Lastly, the psychological aspect, explains how post cyber security decisions made by IT professionals may have a contra-effect on the organization. Our data analyses collected based on interviews with IT professionals across 6 organizations (SMEs) show that cyber security is yet to be developed among SMEs, an issue that must not be taken lightly. Results show that the IT professionals in these organizations need to strengthen and develop their security thinking, in order to decrease the vulnerability of informational assets among SMEs. We believe that a perspective on understanding decision-making processes upon the cyber security measures by IT professionals in SMEs may bring a theoretical redirection in the literature, as well as an important feedback to practice.

1 - 15 of 15
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf