Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Perception deception: security risks created by optimistic perceptions

Perception deception: security risks created by optimistic perceptions Purpose – The purpose of the paper is to determine whether management’s optimistic perceptions of their organization’s level of information security preparedness can ultimately result in increased information security risks. Design/methodology/approach – A case study was conducted in a financial institution. In all, 24 employees were interviewed. These employees came from all functional areas and various positions, from tellers to executives. Interviews were conducted, internal policies and examiners’ reports were made available and access was given to observe the employees during working hours and to observe the facilities after hours. Findings – Executives were overly optimistic about the level of information security at their organization. These optimistic perceptions guided security priorities; however, the findings show that their perceptions were misguided leaving their organization open to increased security threats. More specifically, the results show that optimist perceptions by management can put an organization’s information at risk. Originality/value – The paper uses existing theory and evaluates it in a “real-world” setting. For security research, it can be difficult to get honest responses from questionnaires; however, the hands-on approach provided a deeper insight to the problem of optimistic perceptions in an organizational setting. For practitioners, the case can raise managements’ awareness of perceptional inaccuracies, resulting in more informed information security decisions and ultimately improved security for their organization. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Journal of Systems and Information Technology Emerald Publishing

Perception deception: security risks created by optimistic perceptions

Loading next page...
 
/lp/emerald-publishing/perception-deception-security-risks-created-by-optimistic-perceptions-ES1hJRj36I
Publisher
Emerald Publishing
Copyright
Copyright © Emerald Group Publishing Limited
ISSN
1328-7265
DOI
10.1108/JSIT-07-2015-0062
Publisher site
See Article on Publisher Site

Abstract

Purpose – The purpose of the paper is to determine whether management’s optimistic perceptions of their organization’s level of information security preparedness can ultimately result in increased information security risks. Design/methodology/approach – A case study was conducted in a financial institution. In all, 24 employees were interviewed. These employees came from all functional areas and various positions, from tellers to executives. Interviews were conducted, internal policies and examiners’ reports were made available and access was given to observe the employees during working hours and to observe the facilities after hours. Findings – Executives were overly optimistic about the level of information security at their organization. These optimistic perceptions guided security priorities; however, the findings show that their perceptions were misguided leaving their organization open to increased security threats. More specifically, the results show that optimist perceptions by management can put an organization’s information at risk. Originality/value – The paper uses existing theory and evaluates it in a “real-world” setting. For security research, it can be difficult to get honest responses from questionnaires; however, the hands-on approach provided a deeper insight to the problem of optimistic perceptions in an organizational setting. For practitioners, the case can raise managements’ awareness of perceptional inaccuracies, resulting in more informed information security decisions and ultimately improved security for their organization.

Journal

Journal of Systems and Information TechnologyEmerald Publishing

Published: Mar 14, 2016

There are no references for this article.