Information Management & Computer Security Validation of a biases model in strategic security decision making

Purpose – Funding agencies such as the Office of Naval Research, Department of Homeland Security, and others, have reduced funding for non‐tactical operations. Simultaneously, organizations are squeezing their overhead budgets (where security initiatives fall) and are focusing more on revenue generation given current economic climates. Thus, in both governmental sectors and in commercial settings, there are reasons to believe that strategic security initiatives are being sacrificed, and those that survive must be compelling. To assist organizational leaders with these difficult choices, it is critical to understand biases that affect decisions about strategic security initiatives. The purpose of this paper is to validate and empirically test the predictability of a theoretical model, from which implications can be made for research and practice.Design/methodology/approach – Using behavioral decision theory, a randomized longitudinal study was conducted over three years with a multinational corporation wit...

[1]  M. Porter How Competitive Forces Shape Strategy , 1989 .

[2]  A. Tversky,et al.  Choice under Conflict: The Dynamics of Deferred Decision , 1992 .

[3]  John P. Meyer,et al.  Commitment to organizations and occupations: Extension and test of a three-component conceptualization. , 1993 .

[4]  Keith E. Stanovich,et al.  Discrepancies Between Normative and Descriptive Models of Decision Making and the Understanding/Acceptance Principle , 1999, Cognitive Psychology.

[5]  A. Kellerman,et al.  The Constitution of Society : Outline of the Theory of Structuration , 2015 .

[6]  Sofie Pilemalm,et al.  The 14 Layered Framework for Including Social and Organisational Aspects in Security Management , 2011, Inf. Manag. Comput. Secur..

[7]  M. Goldberg,et al.  What to Convey in Antismoking Advertisements for Adolescents: The use of Protection Motivation Theory to Identify Effective Message Themes , 2003 .

[8]  Robert A. Burgelman,et al.  Strategic Dissonance , 1996 .

[9]  Rex B. Kline,et al.  Principles and Practice of Structural Equation Modeling , 1998 .

[10]  Steven W Sender Systematic Agreement: A Theory of Organizational Alignment. , 1997 .

[11]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[12]  Richard N. Cardozo,et al.  The new venture growth: Functional differentiation and the need for human resource development interventions , 1998 .

[13]  V. Goel,et al.  Smarter Than We Think , 2008, Psychological science.

[14]  Izak Benbasat,et al.  Explanations From Intelligent Systems: Theoretical Foundations and Implications for Practice , 1999, MIS Q..

[15]  Thomas Mussweiler,et al.  Subliminal anchoring: Judgmental consequences and underlying mechanisms , 2005 .

[16]  M. Porter What is strategy , 2000 .

[17]  R. Buehler,et al.  Exploring the "planning fallacy": Why people underestimate their task completion times. , 1994 .

[18]  Miguel A. Vadillo,et al.  Illusion of Control , 2013, Experimental psychology.

[19]  William R. Synnott,et al.  The Information Weapon: Winning Customers and Markets With Technology , 1987 .

[20]  Duane T. Wegener,et al.  Elaboration and consequences of anchored estimates: An attitudinal perspective on numerical anchoring , 2008 .

[21]  E. C. Poulton Behavioral Decision Theory: Preface , 1994 .

[22]  Brian Everitt,et al.  Applied multivariate statistics for the social sciences: James Stevens: Lawrence Erlbaum, Hillsdale, N.J. , 1989 .

[23]  A. Giddens,et al.  Reflexive Modernization: Politics, Tradition and Aesthetics in the Modern Social Order , 1994 .

[24]  P. Jarzabkowski Shaping Strategy as a Structuration Process , 2008 .

[25]  Anna J. Schwartz,et al.  Monetary Trends in the United States and United Kingdom: Their Relation to Income, Prices, and Interest Rates, 1867–1975 , 1982 .

[26]  J. Birkinshaw,et al.  Organizational Ambidexterity: Antecedents, Outcomes, and Moderators , 2008 .

[27]  James Brian Quinn,et al.  Managing Strategic Change , 1989 .

[28]  J. Neumann,et al.  Theory of Games and Economic Behavior. , 1945 .

[29]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[30]  C. Prahalad,et al.  Strategy as stretch and leverage. , 1993, Harvard business review.

[31]  I. Ajzen Intuitive theories of events and the effects of base-rate information on prediction. , 1977 .

[32]  E. Hutchins Cognition in the wild , 1995 .

[33]  Edward E. Smith,et al.  Typicality and reasoning fallacies , 1990, Memory & cognition.

[34]  A. Tversky,et al.  Extensional versus intuitive reasoning: the conjunction fallacy in probability judgment , 1983 .

[35]  G Narasimham,et al.  Development of scientific reasoning biases: cognitive versus ego-protective explanations. , 1998, Developmental psychology.

[36]  A Pollatsek,et al.  Beliefs underlying random sampling , 1984, Memory & cognition.

[37]  A. Garnham,et al.  Thinking and Reasoning , 1994 .

[38]  Allen C. Amason Distinguishing the Effects of Functional and Dysfunctional Conflict on Strategic Decision Making: Resolving a Paradox for Top Management Teams , 1996 .

[39]  G. Loewenstein,et al.  Preferences for sequences of outcomes. , 1993 .

[40]  Wynne W. Chin,et al.  On the use, usefulness, and ease of use of structural equation modeling in MIS research: a note of caution , 1995 .

[41]  H. Wellman,et al.  Cognitive development: foundational theories of core domains. , 1992, Annual review of psychology.

[42]  A. Bandura Social cognitive theory of self-regulation☆ , 1991 .

[43]  Roy J. Lewicki,et al.  Temporal orientation and perceived control as determinants of risk-taking. , 1966 .

[44]  I. Levin,et al.  Common and distinct factors in decision making under ambiguity and risk: A psychometric study of individual differences , 2007 .

[45]  J. van den Ende,et al.  Decision Making at Different Levels of the Organization and the Impact of New Information Technology , 2002 .

[46]  Evangelos A. Kiountouzis,et al.  Information Management & Computer Security Formulating information systems risk management strategies through cultural theory , 2016 .

[47]  Colin Camerer Behavioral Game Theory: Experiments in Strategic Interaction , 2003 .

[48]  V. Venkatesh,et al.  AGE DIFFERENCES IN TECHNOLOGY ADOPTION DECISIONS: IMPLICATIONS FOR A CHANGING WORK FORCE , 2000 .

[49]  Richard P. Larrick,et al.  Who uses the normative rules of choice , 1993 .

[50]  David Klahr,et al.  Information Processing Approaches to Cognitive Development , 1988 .

[51]  Duane T. Wegener,et al.  The Flexible Correction Model: The Role of Naive Theories of Bias in Bias Correction , 1997 .

[52]  B. Tabachnick,et al.  Using Multivariate Statistics , 1983 .

[53]  Mason A. Carpenter,et al.  STRATEGIC SATISFICING? A BEHAVIORAL--AGENCY THEORY PERSPECTIVE ON STOCK REPURCHASE PROGRAM ANNOUNCEMENTS , 2003 .

[54]  Roger Bennett,et al.  Managing conflict between marketing and other functions within charitable organisations , 2004 .

[55]  Barbara M. Byrne,et al.  Structural equation modeling with AMOS , 2010 .

[56]  Todd J. Thorsteinson,et al.  Anchoring effects on performance judgments , 2008 .

[57]  F. Strack,et al.  Explaining the Enigmatic Anchoring Effect: Mechanisms of Selective Accessibility , 1997 .

[58]  Daniel M. Oppenheimer,et al.  Anchors aweigh: A demonstration of cross-modality anchoring and magnitude priming , 2008, Cognition.

[59]  Ralph Stacey,et al.  Managing the unknowable : strategic boundaries between order and chaos in organizations , 1992 .

[60]  Timothy D. Wilson,et al.  When the Stakes are High: A Limit to the Illusion-of-Control Effect , 1990 .

[61]  A. Tversky,et al.  The hot hand in basketball: On the misperception of random sequences , 1985, Cognitive Psychology.

[62]  Mark Simon,et al.  The Relationship between Overconfidence and the Introduction of Risky Products: Evidence from a Field Study , 2003 .

[63]  Theresa K. Lant,et al.  Information Cuesand Decision Making , 2002 .

[64]  Michael A. Hitt,et al.  Institutional Ownership Differences and International Diversification: The Effects of Boards of Directors and Technological Opportunity , 2003 .

[65]  A. Tversky,et al.  The Disjunction Effect in Choice under Uncertainty , 1992 .

[66]  A. Tversky,et al.  Subjective Probability: A Judgment of Representativeness , 1972 .

[67]  Charles R. Greer Strategy and Human Resources: A General Managerial Perspective , 1995 .

[68]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[69]  R Schulz,et al.  Long-term effects of control and predictability-enhancing interventions: findings and ethical issues. , 1978, Journal of personality and social psychology.

[70]  Lisa Dorn,et al.  Making sense of invulnerability at work—a qualitative study of police drivers , 2003 .

[71]  M. Welsh,et al.  Advocacy, Performance, and Threshold Influences on Decisions to Terminate New Product Development , 2003 .

[72]  Yuval Elovici,et al.  Optimizing Investment Decisions in Selecting Information Security Remedies , 2011, Inf. Manag. Comput. Secur..

[73]  Barbara Tversky,et al.  A Reconciliation of the Evidence on Eyewitness Testimony: Comments on McCloskey and Zaragoza , 1989 .

[74]  Henry Mintzberg,et al.  The Fall and Rise of Strategic Planning , 1994 .

[75]  Michael Workman,et al.  Expert decision support system use, disuse, and misuse: a study using the theory of planned behavior , 2005, Comput. Hum. Behav..

[76]  Eldar Shafir,et al.  Choosing versus rejecting: Why some options are both better and worse than others , 1993, Memory & cognition.

[77]  Chi-Hyon Lee,et al.  Within-Industry Diversification and Firm Performance in the Presence of Network Externalities: Evidence From the Software Industry , 2008 .

[78]  J. Neumann,et al.  Theory of Games and Economic Behavior. , 1945 .

[79]  T. Grothmann,et al.  People at Risk of Flooding: Why Some Residents Take Precautionary Action While Others Do Not , 2006 .

[80]  Michael Workman,et al.  Advancements in technologies: new opportunities to investigate factors contributing to differential technology and information use , 2007 .

[81]  J. Pennings,et al.  A Strategic Contingencies' Theory of Intraorganizational Power , 1971 .

[82]  John W. Polak,et al.  Behavioural Decision Theory , 1998 .

[83]  Muhammad Afzal,et al.  Security mistakes in information system deployment projects , 2011, Inf. Manag. Comput. Secur..

[84]  Richard P. Larrick,et al.  Teaching the Use of Cost-Benefit Reasoning in Everyday Life , 1990 .

[85]  Tom Pyszczynski,et al.  Why Do We Need What We Need? A Terror Management Perspective on the Roots of Human Social Motivation , 1997 .

[86]  Curtis M. Grimm,et al.  The Red Queen Effect: Competitive Actions And Firm Performance , 2008 .

[87]  J. Stevens Applied Multivariate Statistics for the Social Sciences , 1986 .

[88]  F. Terrell,et al.  The illusion of control among depressed patients. , 1979, Journal of abnormal psychology.

[89]  A. Tversky,et al.  Prospect theory: analysis of decision under risk , 1979 .