Incentive Alignment and Risk Perception: An Information Security Application

Technologies and procedures for effectively securing the enterprise in cyberspace exist, but are largely underdeployed. Reasons for this shortcoming include the neglect of the role of stakeholder perceptions in organizational reward systems, and misaligned incentives for effective allocation of reso...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on engineering management 2013-05, Vol.60 (2), p.238-246
Hauptverfasser: Farahmand, Fariborz, Atallah, Mikhail J., Spafford, Eugene H.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Technologies and procedures for effectively securing the enterprise in cyberspace exist, but are largely underdeployed. Reasons for this shortcoming include the neglect of the role of stakeholder perceptions in organizational reward systems, and misaligned incentives for effective allocation of resources. We present a methodology for practitioners to employ, with examples for identification of perverse incentives-situations where the interests of a manager or employee are not aligned with those of the organization-and for estimation of the damage caused by incentive misalignment. We present our revision to the risk perception model developed by Fischhoff and Slovic. We also present the results of our findings from our interviews of 42 information security executives across the U.S. about the role of risk perception and incentives in information security decisions. We discuss how to identify and to correct misalignments, to develop efficient incentive structures, and to include perceptual principles and security governance in making information security a property of the organizational environment. This research contributes to the practice and theory of information security, and has several implications for practitioners and researchers in the alignment of incentives and symmetrization of information across organizations.
ISSN:0018-9391
1558-0040
DOI:10.1109/TEM.2012.2185801