lnu.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Kajtazi, Miranda
Publications (10 of 25) Show all publications
Zec, M. & Kajtazi, M. (2015). Examining how IT Professionals in SMEs Take Decisions About Implementing Cyber Security Strategy. In: Proceedings of the 9th European Conference on IS Management and Evaluation (ECIME 2015): . Paper presented at 9th European Conference on Information Management and Evaluation (ECIME), SEP 21-22, 2015, Univ W England, Bristol, ENGLAND (pp. 231-239). Academic Conferences Limited
Open this publication in new window or tab >>Examining how IT Professionals in SMEs Take Decisions About Implementing Cyber Security Strategy
2015 (English)In: Proceedings of the 9th European Conference on IS Management and Evaluation (ECIME 2015), Academic Conferences Limited, 2015, p. 231-239Conference paper, Published paper (Refereed)
Abstract [en]

With the significant growth of cyber space, business organizations have become more alert than ever before that cyber security must be considered seriously and that there is a need to develop up-to-date security measures. It has become an increasing trend that cyber-attackers concentrate more on small and medium than on large enterprises, due to their known vulnerability towards cyber security. In exchange of successful cyber security measures in organizations, the security risks must be taken into consideration more closely that could be helpful for re-thinking their decision-making on cyber security. This article develops a theoretical framework on cyber security with three aspects taken in consideration: organizational, technological and psychological, that deserves the attention of IT professionals while and after creating cyber security measures in their SMEs. The first two aspects (organizational and technological) focus on understanding the IT professionals' decision-making process, while the third aspect (psychological) focuses on understanding the IT professionals' post decision-making reactions. Firstly, the organizational aspect presupposes that the ones who create cyber security measures are exposed to unclear and undefined decision processes and rights that lead to system vulnerabilities. Secondly, the technological aspect focuses on disclosing how many IT professionals in their organizations fail to meet foundational technological measures, such as the existence of Internet firewall, logs of system events, existence of hardware and software inventory list, data backup, antivirus software and password rules. Lastly, the psychological aspect, explains how post cyber security decisions made by IT professionals may have a contra-effect on the organization. Our data analyses collected based on interviews with IT professionals across 6 organizations (SMEs) show that cyber security is yet to be developed among SMEs, an issue that must not be taken lightly. Results show that the IT professionals in these organizations need to strengthen and develop their security thinking, in order to decrease the vulnerability of informational assets among SMEs. We believe that a perspective on understanding decision-making processes upon the cyber security measures by IT professionals in SMEs may bring a theoretical redirection in the literature, as well as an important feedback to practice.

Place, publisher, year, edition, pages
Academic Conferences Limited, 2015
Series
Proceedings of the European Conference on Information Management and Evaluation, ISSN 2048-8912
Keywords
cyber security, SMEs, IT professionals, decision-making, security counter measures
National Category
Computer and Information Sciences
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-51992 (URN)000371980300028 ()2-s2.0-84994175636 (Scopus ID)978-1-910810-56-9 (ISBN)9781910810545 (ISBN)
Conference
9th European Conference on Information Management and Evaluation (ECIME), SEP 21-22, 2015, Univ W England, Bristol, ENGLAND
Available from: 2016-04-08 Created: 2016-04-08 Last updated: 2018-01-10Bibliographically approved
Kajtazi, M., Bulgurcu, B., Cavusoglu, H. & Benbasat, I. (2014). Assessing Sunk Cost Effect on Employees’ Intentions to Violate Information Security Policies in Organizations. In: Sprague, RH (Ed.), Proceedings of the 47th Annual Hawaii International Conference on System Sciences: . Paper presented at 47th Hawaii International Conference on System Sciences, 6-9 jan. 2014, Waikoloa (pp. 3169-3177). IEEE Press
Open this publication in new window or tab >>Assessing Sunk Cost Effect on Employees’ Intentions to Violate Information Security Policies in Organizations
2014 (English)In: Proceedings of the 47th Annual Hawaii International Conference on System Sciences / [ed] Sprague, RH, IEEE Press, 2014, p. 3169-3177Conference paper, Published paper (Refereed)
Abstract [en]

It has been widely known that employees pose insider threats to the information and technology resources of an organization. In this paper, we develop a model to explain insiders' intentional violation of the requirements of an information security policy. We propose sunk cost as a mediating factor. We test our research model on data collected from three information-intensive organizations in banking and pharmaceutical industries (n=502). Our results show that sunk cost acts as a mediator between the proposed antecedents of sunk cost (i.e., completion effect and goal in congruency) and intentions to violate the ISP. We discuss the implications of our results for developing theory and for re-designing current security agendas that could help improve compliance behavior in the future.

Place, publisher, year, edition, pages
IEEE Press, 2014
Series
Proceedings of the Annual Hawaii International Conference on System Sciences, ISSN 1060-3425
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31178 (URN)10.1109/HICSS.2014.393 (DOI)000343806603035 ()2-s2.0-84902267599 (Scopus ID)978-1-4799-2504-9 (ISBN)
Conference
47th Hawaii International Conference on System Sciences, 6-9 jan. 2014, Waikoloa
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Kajtazi, M. (2013). Assessing Escalation of Commitment as an Antecedent of Noncompliance with Information Security Policy. (Doctoral dissertation). Växjö: Linnaeus University Press
Open this publication in new window or tab >>Assessing Escalation of Commitment as an Antecedent of Noncompliance with Information Security Policy
2013 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

For organizations, emphasizing investments in security technology has become the norm. Trending security technologies are important for an organization’s information security strategy. Organizations commonly use such technologies to enforce information security policy (ISP) compliance on the part of their employees, to ensure the security of their information resources. Yet, it seems that employees frequently establish rules of their own for complying with the ISP. Questioning this concern, the present dissertation addresses employees’ violation of information security rules and regulations. The motivation is based on the concern that information security policy noncompliance is largely influenced by escalation of commitment. Escalation is a phenomenon that explains how employees in organizations often get involved in nonperforming tasks, commonly reflecting the tendency of persistence, when investments of resources have been initiated. This dissertation develops an integrated model based on Self-Justification theory, Prospect theory, and Approach Avoidance theory, that centres on two main factors of noncompliance, namely self-justification and sunk costs. These factors act as mediating mechanisms to explain the dependent factor of the willingness to engage in noncompliant behaviour. The theoretical model is empirically tested with a data set that represents responses from 639 respondents across 27 organizations using the scenario-based survey approach. The results of this dissertation present a dual outcome. For theory, our theoretical framework not only enriches the literature on information security by proving that escalation behaviour is an antecedent of noncompliance, but also generates new insights about the escalation of commitment literature. The findings suggest that employees’ cognitive traits are escalation’s main antecedents that present the necessary stimulation to violate an ISP, while employees’ emotional traits do not influence such stimulation when overpowered by cognitive traits. Our results also suggest that employees engaged in nonperforming tasks often become noncompliant, even though they were complying before. In principle, the findings show that employees prioritize the completion of their tasks, rather than their commitment to comply with the ISP, and thus become noncompliant. In practice, our results show that employees’ willingness to engage in noncompliant behaviour is largely influenced by self-justification and sunk costs. The main results suggest that (a) self-justification is largely driven by the benefits of noncompliance outweighing the costs of compliance; (b) sunk costs are largely driven by the completion effect; (c) the benefit of noncompliance is a significant factor in self-justification, partially mediated by its influence on the willingness to engage in noncompliance; and (d) the completion effect is a significant factor in the sunk costs, fully mediated by its influence on the willingness to engage in noncompliance. This dissertation advocates that further research is needed to account for and explain noncompliant behaviour by utilizing escalation theories in more depth, and that such an account requires an innovative and empirically driven effort.

Place, publisher, year, edition, pages
Växjö: Linnaeus University Press, 2013. p. 164
Series
Linnaeus University Dissertations ; 164/2013
Keywords
Information security policy; Escalation of commitment; Noncompliance behaviour; Self-justification; Sunk cost.
National Category
Computer and Information Sciences
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-29524 (URN)978-91-87427-44-2 (ISBN)
Public defence
2013-09-19, Weber, Hus K, Vaxjo, 13:15 (English)
Opponent
Supervisors
Available from: 2013-11-10 Created: 2013-10-09 Last updated: 2018-01-11Bibliographically approved
Kajtazi, M., Cavusoglu, H., Benbasat, I. & Haftor, D. (2013). Assessing Self-Justification as an Antecedent of Noncompliance with Information Security Policies. In: ACIS 2013: Information systems: Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems: . Paper presented at Information Systems: Transforming the Future: 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne (pp. 1-12). RMIT University
Open this publication in new window or tab >>Assessing Self-Justification as an Antecedent of Noncompliance with Information Security Policies
2013 (English)In: ACIS 2013: Information systems: Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems, RMIT University , 2013, p. 1-12Conference paper, Published paper (Refereed)
Abstract [en]

This paper aims to extend our knowledge about employees’ noncompliance with Information Security Policies (ISPs), focusing on employees’ self-justification as a result of escalation of commitment that may trigger noncompliance behaviour. Escalation presents a situation when employees must decide whether to persist or withdraw from nonperforming tasks at work. Drawing on self-justification theory and prospect theory, our model presents two escalation factors in explaining employee’s willingness to engage in noncompliance behaviour with ISPs: self-justification and risk perceptions. We also propose that perceived benefits of noncompliance and perceived costs of compliance, at the intersection of cognitive and emotional driven acts influence self-justification. The model is tested based on 376 respondents from banking industry. The results show that while self-justification has a significant impact on willingness, risk perceptions do not moderate their relation. We suggest that future research should explore the roles of self-justification in noncompliance to a greater extent.

Place, publisher, year, edition, pages
RMIT University, 2013
National Category
Social Sciences Interdisciplinary Information Systems, Social aspects
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-40111 (URN)2-s2.0-84923879940 (Scopus ID)9780992449506 (ISBN)
Conference
Information Systems: Transforming the Future: 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne
Available from: 2015-02-13 Created: 2015-02-13 Last updated: 2018-01-11Bibliographically approved
Kajtazi, M. & Cavusoglu, H. (2013). Guilt Proneness as a Mechanism Towards Information Security Policy Compliance. In: ACIS 2013: Information Systems:Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne. Paper presented at 24th Australasian Conference on Information Systems, 4-6 December, 2013, Melbourne. RMIT University
Open this publication in new window or tab >>Guilt Proneness as a Mechanism Towards Information Security Policy Compliance
2013 (English)In: ACIS 2013: Information Systems:Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne, RMIT University , 2013Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we develop a theoretical framework for understanding the role guilt proneness plays in the Information Security Policy (ISP) compliance. We define guilt proneness as an emotional personality trait indicative of a predisposition to experience a negative feeling about ISP violation. We develop a research model based on the theory of planned behaviour, guilt proneness theory and rational choice theory to explain employees’ intentions to comply with ISPs by incorporating the guilt proneness as a moderator between benefit of compliance and benefit of violation as perceived by employees and their attitude towards compliance. Identifying the roles of predispositions like guilt proneness in the ISP compliance will have interesting theoretical and practical implications in the area of information security.

Place, publisher, year, edition, pages
RMIT University, 2013
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31173 (URN)2-s2.0-84923879943 (Scopus ID)
Conference
24th Australasian Conference on Information Systems, 4-6 December, 2013, Melbourne
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Kajtazi, M. & Bulgurcu, B. (2013). Information Security Policy Compliance: An Empirical Study on Escalation of Commitment. In: 19th Americas Conference on Information Systems (AMCIS 2013): Hyperconnected World : Anything Anywhere, Anytime. Paper presented at 19th Americas Conference on Information Systems, August 15-17, 2013, Chicago (pp. 2011-2020). AIS Electronic Library (AISeL), 3
Open this publication in new window or tab >>Information Security Policy Compliance: An Empirical Study on Escalation of Commitment
2013 (English)In: 19th Americas Conference on Information Systems (AMCIS 2013): Hyperconnected World : Anything Anywhere, Anytime, AIS Electronic Library (AISeL) , 2013, Vol. 3, p. 2011-2020Conference paper, Published paper (Refereed)
Abstract [en]

This study aims to facilitate a new understanding on employees’ attitude towards compliance with the requirements of their information security policy (ISPs) through the lens of escalation. Escalation presents a situation in which employees must decide whether to persist in or withdraw from a non-performing task. Drawing on the Theory of Planned Behavior (TPB) and Agency Theory, our model delineates three mediating factors in explaining attitude: work impediment, information asymmetry, and safety of resources. We also propose information security awareness as an independent variable having an indirect effect on attitude through mediating factors. The proposed model is tested using the data collected from 376 employees working in the banking industry. The results of the PLS analyses show that while information asymmetry and safety of resources have significant impacts on attitude, work impediment does not. The results also show that ISA has significant impact on all three mediating factors.

Place, publisher, year, edition, pages
AIS Electronic Library (AISeL), 2013
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31174 (URN)2-s2.0-84893234429 (Scopus ID)978-1-62993-394-8 (ISBN)
Conference
19th Americas Conference on Information Systems, August 15-17, 2013, Chicago
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Haftor, D. & Kajtazi, M. (2012). Information Based Business Models: a Research Direction. In: Proceedings of the 9th International Conference in Business and Information (BAI 2012): . Paper presented at 9th International Conference in Business and Information (BAI 2012); Sapporo, Japan, July 3-5..
Open this publication in new window or tab >>Information Based Business Models: a Research Direction
2012 (English)In: Proceedings of the 9th International Conference in Business and Information (BAI 2012), 2012Conference paper, Oral presentation with published abstract (Refereed)
National Category
Business Administration
Research subject
Economy, Business administration
Identifiers
urn:nbn:se:lnu:diva-28133 (URN)
Conference
9th International Conference in Business and Information (BAI 2012); Sapporo, Japan, July 3-5.
Available from: 2013-08-14 Created: 2013-08-14 Last updated: 2016-11-21Bibliographically approved
Kajtazi, M. (2012). Information Inadequacy: the Lack of Needed Information in Human, Social and Industrial Affairs. In: Magda David Hercheui, Diane Whitehouse, William McIver Jr. & Jackie Phahlamohlaka (Ed.), ICT Critical Infrastructures and Society: 10th IFIP TC 9 International Conference on Human Choice and Computers, HCC10 2012, Amsterdam, The Netherlands, September 27-28, 2012. Proceedings. Paper presented at 10th IFIP TC 9 Conference on Human Choice and Computers (HCC10 2012), Amsterdam, The Netherlands, September 27-28, 2012 (pp. 320-329). Paper presented at 10th IFIP TC 9 Conference on Human Choice and Computers (HCC10 2012), Amsterdam, The Netherlands, September 27-28, 2012. Springer
Open this publication in new window or tab >>Information Inadequacy: the Lack of Needed Information in Human, Social and Industrial Affairs
2012 (English)In: ICT Critical Infrastructures and Society: 10th IFIP TC 9 International Conference on Human Choice and Computers, HCC10 2012, Amsterdam, The Netherlands, September 27-28, 2012. Proceedings / [ed] Magda David Hercheui, Diane Whitehouse, William McIver Jr. & Jackie Phahlamohlaka, Springer, 2012, p. 320-329Chapter in book (Refereed)
Abstract [en]

This study investigates the phenomenon of the lack of needed information, predominantly experienced through difficulties in human, social and industrial affairs. The key concern is, thus, to understand what really causes the lack of needed information. Answers to this concern have been provided from an array of studies mostly focused in the area of information management. However, the literature shows that there is no comprehensive a priori theory to guide an empirical investigation on this matter. Thus, the empirical investigation conducted here is based on grounded theory approach that investigates fifty cases, where the lack of needed information is clearly manifested. The empirical investigation suggests that the phenomenon of the lack of needed information seems to emerge because of diverse factors, ranging from political and cultural structures, through human individual capabilities, and ending with procedural and technological artefacts. The results present an initial outline for a possible future theory of information inadequacy.

Place, publisher, year, edition, pages
Springer, 2012
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; 386
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31175 (URN)10.1007/978-3-642-33332-3_29 (DOI)2-s2.0-84870917717 (Scopus ID)978-3-642-33331-6 (ISBN)
Conference
10th IFIP TC 9 Conference on Human Choice and Computers (HCC10 2012), Amsterdam, The Netherlands, September 27-28, 2012
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Haftor, D., Kajtazi, M. & Mirijamdotter, A. (2011). A Review of Information Logistics Research Publications. Paper presented at BIS 2011 International Workshops and BPSC International Conference, Poznan, Poland, June 2011. Lecture Notes in Business Information Processing, 97, 244-255
Open this publication in new window or tab >>A Review of Information Logistics Research Publications
2011 (English)In: Lecture Notes in Business Information Processing, ISSN 1865-1348, E-ISSN 1865-1356, Vol. 97, p. 244-255Article in journal (Refereed) Published
Abstract [en]

Information Logistics’ has presented itself as an intellectual and professional domain addressing the question of timely providence of the right information. A question that emerges then is: What is Information Logistics? To answer this question, a comprehensive review of research publications was conducted, where ‘Information Logistics’ was featured in the publication title. A detailed analysis of the content of these publications identified eleven different research directions, where five are currently active, all in Europe. Among various findings, the results show that these research directions have been pursued independently of each other, addressing different kinds of research questions and contexts, utilising different research approaches, and therefore generating a variety of unrelated research results. All the reviewed research here shows that there are numerous unmet empirical needs in our human and social affairs, as well as a need for intra-disciplinary developments, which calls for a joint mobilisation of the research efforts.

Place, publisher, year, edition, pages
Berlin Heidelberg: Springer Berlin/Heidelberg, 2011
Keywords
Information Need, Lack of Information, Literature Review, Content Analysis.
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-25701 (URN)10.1007/978-3-642-25370-6_24 (DOI)2-s2.0-81255156990 (Scopus ID)978-3-642-25369-0 (ISBN)978-3-642-25370-6 (ISBN)
Conference
BIS 2011 International Workshops and BPSC International Conference, Poznan, Poland, June 2011
Available from: 2013-05-18 Created: 2013-05-18 Last updated: 2018-01-11Bibliographically approved
Kajtazi, M. (2011). An Exploration of Information Inadequacy: Instances that Cause the Lack of Needed Information. (Licentiate dissertation). Växjö: Linnaeus University
Open this publication in new window or tab >>An Exploration of Information Inadequacy: Instances that Cause the Lack of Needed Information
2011 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Information is one of the most essential resources in our contemporary societies, as it guideshuman thinking, planning and subsequent actions, which in turn generates consequencesthat are desired or not. The Lehman Brothers bankruptcy in 2008, the tsunami in Indonesiain 2004, the Space Shuttle Challenger destruction in 1986 are just three instances ofdramatic situations, emerging continuously, where information plays a crucial role. Thisstudy investigates the phenomenon of the lack of needed information, predominantlyexperienced with difficulties in human, social and industrial affairs. Consequently, thechallenge is to understand why such situations emerge. Two approaches are utilized toexplore this challenge using an interpretivist tradition. The first is a hermeneutic approach,the second a grounded theory approach. The first approach – theoretically oriented –investigates numerous theoretical bodies, selected with the assumption that they can explainthe addressed challenge. The results show that there are no comprehensive theoreticalbodies that can fully account for the phenomenon of the lack of needed information.Furthermore, there is no consensus on what “information” is – the very core of thechallenge, which gave the foundations for a formulation of an alternative notion ofinformation and is instrumental for the present investigation. Thus, no a priori theory isused to guide the empirical investigation. The second approach – empirically oriented –investigates fifty empirical cases, where the lack of needed information is clearly manifested.The results present an initial outline for a possible future theory of information inadequacy,constituted by the dichotomy of information-lack and information-overflow. Informationlackis dominated by: “information is non-existent”, “information is insufficient”, “information is censored” and “information is undelivered”. Whereas, information-overflow isdominated by: “information is ambiguous”, “information is redundant”, “information isirrelevant” and “information is undervalued”. The two main dichotomous characteristics andtheir interrelations result in patterns of various information inadequacies. The keyconclusion of the present study is that while dramatic situations are increasing everyday,there is as yet no theoretical body designed to comprehensively account for the phenomenonin context; only partial accounts are found. Thus, the empirical investigation suggests thatthe phenomenon of the lack of needed information seems to emerge because of diversefactors, ranging from political and cultural structures, through human individualcapabilities, and ending with procedural and technological artefacts. This study advocatesthat further research is needed to fully account for and explain instances of the lack ofneeded information, and that such an account requires an innovative and interdisciplinary focus.

Place, publisher, year, edition, pages
Växjö: Linnaeus University, 2011. p. 188
Keywords
information, information inadequacy, information lack, information overflow, hermeneutic approach, grounded theory approach
National Category
Computer and Information Sciences
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-11864 (URN)
Presentation
2011-05-16, Tegner, Linnaeus University, Växjö, 14:15 (English)
Opponent
Supervisors
Available from: 2011-05-25 Created: 2011-05-23 Last updated: 2018-01-12Bibliographically approved
Organisations

Search in DiVA

Show all publications