University of Oulu

Shao, X., Siponen, M. and Pahnila, S. To calculate or to follow others : how do information security managers make investment decisions? in Proceedings of the 52nd Hawaii International Conference on System Sciences, January 8-11 2019, Grand Wailea, Maui, pp. 4885-4894. http://hdl.handle.net/10125/59926

To calculate or to follow others : how do information security managers make investment decisions?

Saved in:
Author: Shao, Xiuyan1; Siponen, Mikko2; Pahnila, Seppo1
Organizations: 1University of Oulu
2University of Jyväskylä
Format: article
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 0.5 MB)
Persistent link: http://urn.fi/urn:nbn:fi-fe2019101633414
Language: English
Published: Hawaii International Conference on System Sciences, 2019
Publish Date: 2019-10-16
Description:

Abstract

Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents managers from applying cost- benefit analysis in practice. Instead, information security managers may follow experts’ recommendations or the practices of other organizations. The present paper examines factors that influence information security managers’ investment decisions from the reputational herding perspective. The study was conducted using survey questionnaire data collected from 106 organizations in Finland. The findings of the study reveal that the ability and reputation of the security manager and the strength of the information about the security investment significantly motivate the security manager to discount his or her own information. Herding, as a following strategy, together with mandatory requirements are significant motivations for information security investment.

see all

ISBN Print: 978-0-9981331-2-6
Pages: 4885 - 4894
Host publication: Proceedings of the 52nd Hawaii International Conference on System Sciences, January 8-11 2019, Grand Wailea, Maui
Conference: Hawaii International Conference on System Sciences
Type of Publication: A4 Article in conference proceedings
Field of Science: 113 Computer and information sciences
Subjects:
Copyright information: Attribution-NonCommercial-NoDerivatives 4.0 International (https://creativecommons.org/licenses/by-nc-nd/4.0/
  https://creativecommons.org/licenses/by-nc-nd/4.0/