Escalation of commitment and information security: Theories and implications

被引:4
作者
Chulkov D.V. [1 ]
机构
[1] School of Business, Indiana University, Kokomo, IN
来源
Information and Computer Security | 2017年 / 25卷 / 05期
关键词
Escalation of commitment; Information security; IT management; MIS;
D O I
10.1108/ICS-02-2016-0015
中图分类号
学科分类号
摘要
Purpose - This study aims to explore the challenges that the escalation of commitment poses to information security. Design/methodology/approach - Two distinct scenarios of escalation behavior are presented based on literature review. Psychological, organizational and economic theories on escalation of commitment are reviewed and applied to the area of information security. Findings - Escalation of commitment involves continuation of a course of action after receiving negative information about it. In the information security compliance context, escalation affects a firm when an employee decides to break the firm's information security policy to complete a failing task. In the information security investment context, escalation occurs if a manager continues investment in policies and solutions that are ineffective because of psychological, organizational or economic factors. Both of these types of escalation may be prevented with de-escalation techniques including a change in management or rotation of duties, monitoring, auditing and governance mechanisms. Practical implications - Implications of escalation of commitment behavior for information security decision-makers and for future research are discussed. Originality/value - This study complements the literature by establishing the context of escalation of commitment in decisions related to information security and reviewing managerial and economic theories on escalation of commitment. © Emerald Publishing Limited.
引用
收藏
页码:580 / 592
页数:12
相关论文
共 53 条
[1]  
Arkes H., Blumer C., The psychology of sunk cost, Organizational Behaviour and Human Decision Processes, 35, 1, pp. 124-140, (1985)
[2]  
Benaroch M., Kauffman R., A case for using real options pricing analysis to evaluate information technology project investments, Information Systems Research, 10, 1, pp. 70-86, (1999)
[3]  
Brockner J., The escalation of commitment to a failing course of action: Toward theoretical progress, Academy of Management Review, 17, 1, pp. 39-61, (1992)
[4]  
Brockner J., Rubin J., Entrapment in Escalating Conflicts: A Social Psychological Analysis, (1985)
[5]  
Bulgurcu B., Cavusoglu H., Benbasat I., Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness, MIS Quarterly, 34, pp. 523-548, (2010)
[6]  
Campbell K., Gordon L., Loeb M., Zhou L., The economic cost of publicly announced information security breaches: Empirical evidence from the stock market, Journal of Computer Security, 11, 3, pp. 431-448, (2003)
[7]  
Cavusoglu H., Cavusoglu H., Raghunathan S., Economics of IT security management: Four improvements to current security practices, Communications of the Association for Information Systems, 14, pp. 65-75, (2004)
[8]  
Cavusoglu H., Making sound security investment decisions, Journal of Information Privacy & Security, 6, pp. 53-71, (2010)
[9]  
Chulkov D., Desai M., Escalation and premature termination in MIS projects: The role of real options, Information Management & Computer Security, 16, 4, pp. 324-335, (2008)
[10]  
Conlon D., Garland H., The role of project completion information in resource allocation decisions, Academy of Management Journal, 36, 2, pp. 402-413, (1993)
123456