lnu.sePublications
Change search
Link to record
Permanent link

Direct link
Kajtazi, Miranda
Publications (10 of 26) Show all publications
Zec, M. & Kajtazi, M. (2015). Examining how IT Professionals in SMEs Take Decisions About Implementing Cyber Security Strategy. In: Proceedings of the 9th European Conference on IS Management and Evaluation (ECIME 2015): . Paper presented at 9th European Conference on Information Management and Evaluation (ECIME), SEP 21-22, 2015, Univ W England, Bristol, ENGLAND (pp. 231-239). Academic Conferences Limited
Open this publication in new window or tab >>Examining how IT Professionals in SMEs Take Decisions About Implementing Cyber Security Strategy
2015 (English)In: Proceedings of the 9th European Conference on IS Management and Evaluation (ECIME 2015), Academic Conferences Limited, 2015, p. 231-239Conference paper, Published paper (Refereed)
Abstract [en]

With the significant growth of cyber space, business organizations have become more alert than ever before that cyber security must be considered seriously and that there is a need to develop up-to-date security measures. It has become an increasing trend that cyber-attackers concentrate more on small and medium than on large enterprises, due to their known vulnerability towards cyber security. In exchange of successful cyber security measures in organizations, the security risks must be taken into consideration more closely that could be helpful for re-thinking their decision-making on cyber security. This article develops a theoretical framework on cyber security with three aspects taken in consideration: organizational, technological and psychological, that deserves the attention of IT professionals while and after creating cyber security measures in their SMEs. The first two aspects (organizational and technological) focus on understanding the IT professionals' decision-making process, while the third aspect (psychological) focuses on understanding the IT professionals' post decision-making reactions. Firstly, the organizational aspect presupposes that the ones who create cyber security measures are exposed to unclear and undefined decision processes and rights that lead to system vulnerabilities. Secondly, the technological aspect focuses on disclosing how many IT professionals in their organizations fail to meet foundational technological measures, such as the existence of Internet firewall, logs of system events, existence of hardware and software inventory list, data backup, antivirus software and password rules. Lastly, the psychological aspect, explains how post cyber security decisions made by IT professionals may have a contra-effect on the organization. Our data analyses collected based on interviews with IT professionals across 6 organizations (SMEs) show that cyber security is yet to be developed among SMEs, an issue that must not be taken lightly. Results show that the IT professionals in these organizations need to strengthen and develop their security thinking, in order to decrease the vulnerability of informational assets among SMEs. We believe that a perspective on understanding decision-making processes upon the cyber security measures by IT professionals in SMEs may bring a theoretical redirection in the literature, as well as an important feedback to practice.

Place, publisher, year, edition, pages
Academic Conferences Limited, 2015
Series
Proceedings of the European Conference on Information Management and Evaluation, ISSN 2048-8912
Keywords
cyber security, SMEs, IT professionals, decision-making, security counter measures
National Category
Computer and Information Sciences
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-51992 (URN)000371980300028 ()2-s2.0-84994175636 (Scopus ID)978-1-910810-56-9 (ISBN)9781910810545 (ISBN)
Conference
9th European Conference on Information Management and Evaluation (ECIME), SEP 21-22, 2015, Univ W England, Bristol, ENGLAND
Available from: 2016-04-08 Created: 2016-04-08 Last updated: 2018-01-10Bibliographically approved
Kajtazi, M., Kolkowska, E. & Bulgurcu, B. (2015). New insights into understanding manager's intentions to overlook ISP violation in organizations through escalation of commitment factors. In: Clarke N.L., Furnell S.M. (Ed.), Proceedings of the 9th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2015: . Paper presented at 9th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2015, Lesvos 1-3 July 2015 (pp. 131-140). University of Plymouth
Open this publication in new window or tab >>New insights into understanding manager's intentions to overlook ISP violation in organizations through escalation of commitment factors
2015 (English)In: Proceedings of the 9th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2015 / [ed] Clarke N.L., Furnell S.M., University of Plymouth , 2015, p. 131-140Conference paper, Published paper (Refereed)
Abstract [en]

This paper addresses managers' intentions to overlook their employees' Information Security Policy (ISP) violation, in circumstances when on-going projects have to be completed and delivered even if ISP violation must take place to do so. The motivation is based on the concern that ISP violation can be influenced by escalation of commitment factors. Escalation is a phenomenon that explains how employees in organizations often get involved in nonperforming projects, commonly reflecting the tendency of persistence, when investments of resources have been initiated. We develop a theoretical understanding based on Escalation of Commitment theory that centres on two main factors of noncompliance, namely completion effect and sunk costs. We tested our theoretical concepts in a pilot study, based on qualitative and quantitative data received from 16 respondents from the IT - industry, each representing one respondent from the management level. The results show that while some managers are very strict about not accepting any form of ISP violation in their organization, their beliefs start to change when they realize that such form of violation may occur when their employees are closer to completion of a project. Our in-depth interviews with 3 respondents in the followup study, confirm the tension created between compliance with the ISP and the completion of the project. The results indicate that the larger the investments of time, efforts and money in a project, the more the managers consider that violation is acceptable.

Place, publisher, year, edition, pages
University of Plymouth, 2015
Keywords
Completion effect, Escalation of commitment, ISP violation, It-industry, Sunk costs
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-117607 (URN)2-s2.0-85026378315 (Scopus ID)9781841023885 (ISBN)
Conference
9th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2015, Lesvos 1-3 July 2015
Available from: 2022-11-18 Created: 2022-11-18 Last updated: 2022-11-18Bibliographically approved
Kajtazi, M., Bulgurcu, B., Cavusoglu, H. & Benbasat, I. (2014). Assessing Sunk Cost Effect on Employees’ Intentions to Violate Information Security Policies in Organizations. In: Sprague, RH (Ed.), Proceedings of the 47th Annual Hawaii International Conference on System Sciences: . Paper presented at 47th Hawaii International Conference on System Sciences, 6-9 jan. 2014, Waikoloa (pp. 3169-3177). IEEE Press
Open this publication in new window or tab >>Assessing Sunk Cost Effect on Employees’ Intentions to Violate Information Security Policies in Organizations
2014 (English)In: Proceedings of the 47th Annual Hawaii International Conference on System Sciences / [ed] Sprague, RH, IEEE Press, 2014, p. 3169-3177Conference paper, Published paper (Refereed)
Abstract [en]

It has been widely known that employees pose insider threats to the information and technology resources of an organization. In this paper, we develop a model to explain insiders' intentional violation of the requirements of an information security policy. We propose sunk cost as a mediating factor. We test our research model on data collected from three information-intensive organizations in banking and pharmaceutical industries (n=502). Our results show that sunk cost acts as a mediator between the proposed antecedents of sunk cost (i.e., completion effect and goal in congruency) and intentions to violate the ISP. We discuss the implications of our results for developing theory and for re-designing current security agendas that could help improve compliance behavior in the future.

Place, publisher, year, edition, pages
IEEE Press, 2014
Series
Proceedings of the Annual Hawaii International Conference on System Sciences, ISSN 1060-3425
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31178 (URN)10.1109/HICSS.2014.393 (DOI)000343806603035 ()2-s2.0-84902267599 (Scopus ID)978-1-4799-2504-9 (ISBN)
Conference
47th Hawaii International Conference on System Sciences, 6-9 jan. 2014, Waikoloa
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Kajtazi, M. (2013). Assessing Escalation of Commitment as an Antecedent of Noncompliance with Information Security Policy. (Doctoral dissertation). Växjö: Linnaeus University Press
Open this publication in new window or tab >>Assessing Escalation of Commitment as an Antecedent of Noncompliance with Information Security Policy
2013 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

For organizations, emphasizing investments in security technology has become the norm. Trending security technologies are important for an organization’s information security strategy. Organizations commonly use such technologies to enforce information security policy (ISP) compliance on the part of their employees, to ensure the security of their information resources. Yet, it seems that employees frequently establish rules of their own for complying with the ISP. Questioning this concern, the present dissertation addresses employees’ violation of information security rules and regulations. The motivation is based on the concern that information security policy noncompliance is largely influenced by escalation of commitment. Escalation is a phenomenon that explains how employees in organizations often get involved in nonperforming tasks, commonly reflecting the tendency of persistence, when investments of resources have been initiated. This dissertation develops an integrated model based on Self-Justification theory, Prospect theory, and Approach Avoidance theory, that centres on two main factors of noncompliance, namely self-justification and sunk costs. These factors act as mediating mechanisms to explain the dependent factor of the willingness to engage in noncompliant behaviour. The theoretical model is empirically tested with a data set that represents responses from 639 respondents across 27 organizations using the scenario-based survey approach. The results of this dissertation present a dual outcome. For theory, our theoretical framework not only enriches the literature on information security by proving that escalation behaviour is an antecedent of noncompliance, but also generates new insights about the escalation of commitment literature. The findings suggest that employees’ cognitive traits are escalation’s main antecedents that present the necessary stimulation to violate an ISP, while employees’ emotional traits do not influence such stimulation when overpowered by cognitive traits. Our results also suggest that employees engaged in nonperforming tasks often become noncompliant, even though they were complying before. In principle, the findings show that employees prioritize the completion of their tasks, rather than their commitment to comply with the ISP, and thus become noncompliant. In practice, our results show that employees’ willingness to engage in noncompliant behaviour is largely influenced by self-justification and sunk costs. The main results suggest that (a) self-justification is largely driven by the benefits of noncompliance outweighing the costs of compliance; (b) sunk costs are largely driven by the completion effect; (c) the benefit of noncompliance is a significant factor in self-justification, partially mediated by its influence on the willingness to engage in noncompliance; and (d) the completion effect is a significant factor in the sunk costs, fully mediated by its influence on the willingness to engage in noncompliance. This dissertation advocates that further research is needed to account for and explain noncompliant behaviour by utilizing escalation theories in more depth, and that such an account requires an innovative and empirically driven effort.

Place, publisher, year, edition, pages
Växjö: Linnaeus University Press, 2013. p. 164
Series
Linnaeus University Dissertations ; 164
Keywords
Information security policy; Escalation of commitment; Noncompliance behaviour; Self-justification; Sunk cost.
National Category
Computer and Information Sciences
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-29524 (URN)9789187427442 (ISBN)
Public defence
2013-09-19, Weber, Hus K, Vaxjo, 13:15 (English)
Opponent
Supervisors
Available from: 2013-11-10 Created: 2013-10-09 Last updated: 2024-02-05Bibliographically approved
Kajtazi, M., Cavusoglu, H., Benbasat, I. & Haftor, D. (2013). Assessing Self-Justification as an Antecedent of Noncompliance with Information Security Policies. In: ACIS 2013: Information systems: Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems: . Paper presented at Information Systems: Transforming the Future: 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne (pp. 1-12). RMIT University
Open this publication in new window or tab >>Assessing Self-Justification as an Antecedent of Noncompliance with Information Security Policies
2013 (English)In: ACIS 2013: Information systems: Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems, RMIT University , 2013, p. 1-12Conference paper, Published paper (Refereed)
Abstract [en]

This paper aims to extend our knowledge about employees’ noncompliance with Information Security Policies (ISPs), focusing on employees’ self-justification as a result of escalation of commitment that may trigger noncompliance behaviour. Escalation presents a situation when employees must decide whether to persist or withdraw from nonperforming tasks at work. Drawing on self-justification theory and prospect theory, our model presents two escalation factors in explaining employee’s willingness to engage in noncompliance behaviour with ISPs: self-justification and risk perceptions. We also propose that perceived benefits of noncompliance and perceived costs of compliance, at the intersection of cognitive and emotional driven acts influence self-justification. The model is tested based on 376 respondents from banking industry. The results show that while self-justification has a significant impact on willingness, risk perceptions do not moderate their relation. We suggest that future research should explore the roles of self-justification in noncompliance to a greater extent.

Place, publisher, year, edition, pages
RMIT University, 2013
National Category
Social Sciences Interdisciplinary Information Systems, Social aspects
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-40111 (URN)2-s2.0-84923879940 (Scopus ID)9780992449506 (ISBN)
Conference
Information Systems: Transforming the Future: 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne
Available from: 2015-02-13 Created: 2015-02-13 Last updated: 2020-06-05Bibliographically approved
Kajtazi, M. & Cavusoglu, H. (2013). Guilt Proneness as a Mechanism Towards Information Security Policy Compliance. In: ACIS 2013: Information Systems:Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne. Paper presented at 24th Australasian Conference on Information Systems, 4-6 December, 2013, Melbourne. RMIT University
Open this publication in new window or tab >>Guilt Proneness as a Mechanism Towards Information Security Policy Compliance
2013 (English)In: ACIS 2013: Information Systems:Transforming the Future: Proceedings of the 24th Australasian Conference on Information Systems, 4-6 December 2013, Melbourne, RMIT University , 2013Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we develop a theoretical framework for understanding the role guilt proneness plays in the Information Security Policy (ISP) compliance. We define guilt proneness as an emotional personality trait indicative of a predisposition to experience a negative feeling about ISP violation. We develop a research model based on the theory of planned behaviour, guilt proneness theory and rational choice theory to explain employees’ intentions to comply with ISPs by incorporating the guilt proneness as a moderator between benefit of compliance and benefit of violation as perceived by employees and their attitude towards compliance. Identifying the roles of predispositions like guilt proneness in the ISP compliance will have interesting theoretical and practical implications in the area of information security.

Place, publisher, year, edition, pages
RMIT University, 2013
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31173 (URN)2-s2.0-84923879943 (Scopus ID)
Conference
24th Australasian Conference on Information Systems, 4-6 December, 2013, Melbourne
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Kajtazi, M. & Bulgurcu, B. (2013). Information Security Policy Compliance: An Empirical Study on Escalation of Commitment. In: 19th Americas Conference on Information Systems (AMCIS 2013): Hyperconnected World : Anything Anywhere, Anytime. Paper presented at 19th Americas Conference on Information Systems, August 15-17, 2013, Chicago (pp. 2011-2020). AIS Electronic Library (AISeL), 3
Open this publication in new window or tab >>Information Security Policy Compliance: An Empirical Study on Escalation of Commitment
2013 (English)In: 19th Americas Conference on Information Systems (AMCIS 2013): Hyperconnected World : Anything Anywhere, Anytime, AIS Electronic Library (AISeL) , 2013, Vol. 3, p. 2011-2020Conference paper, Published paper (Refereed)
Abstract [en]

This study aims to facilitate a new understanding on employees’ attitude towards compliance with the requirements of their information security policy (ISPs) through the lens of escalation. Escalation presents a situation in which employees must decide whether to persist in or withdraw from a non-performing task. Drawing on the Theory of Planned Behavior (TPB) and Agency Theory, our model delineates three mediating factors in explaining attitude: work impediment, information asymmetry, and safety of resources. We also propose information security awareness as an independent variable having an indirect effect on attitude through mediating factors. The proposed model is tested using the data collected from 376 employees working in the banking industry. The results of the PLS analyses show that while information asymmetry and safety of resources have significant impacts on attitude, work impediment does not. The results also show that ISA has significant impact on all three mediating factors.

Place, publisher, year, edition, pages
AIS Electronic Library (AISeL), 2013
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31174 (URN)2-s2.0-84893234429 (Scopus ID)978-1-62993-394-8 (ISBN)
Conference
19th Americas Conference on Information Systems, August 15-17, 2013, Chicago
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Haftor, D. & Kajtazi, M. (2012). Information Based Business Models: a Research Direction. In: Proceedings of the 9th International Conference in Business and Information (BAI 2012): . Paper presented at 9th International Conference in Business and Information (BAI 2012); Sapporo, Japan, July 3-5..
Open this publication in new window or tab >>Information Based Business Models: a Research Direction
2012 (English)In: Proceedings of the 9th International Conference in Business and Information (BAI 2012), 2012Conference paper, Oral presentation with published abstract (Refereed)
National Category
Business Administration
Research subject
Economy, Business administration
Identifiers
urn:nbn:se:lnu:diva-28133 (URN)
Conference
9th International Conference in Business and Information (BAI 2012); Sapporo, Japan, July 3-5.
Available from: 2013-08-14 Created: 2013-08-14 Last updated: 2020-06-05Bibliographically approved
Kajtazi, M. (2012). Information Inadequacy: the Lack of Needed Information in Human, Social and Industrial Affairs. In: Magda David Hercheui, Diane Whitehouse, William McIver Jr. & Jackie Phahlamohlaka (Ed.), ICT Critical Infrastructures and Society: 10th IFIP TC 9 International Conference on Human Choice and Computers, HCC10 2012, Amsterdam, The Netherlands, September 27-28, 2012. Proceedings. Paper presented at 10th IFIP TC 9 Conference on Human Choice and Computers (HCC10 2012), Amsterdam, The Netherlands, September 27-28, 2012 (pp. 320-329). Paper presented at 10th IFIP TC 9 Conference on Human Choice and Computers (HCC10 2012), Amsterdam, The Netherlands, September 27-28, 2012. Springer
Open this publication in new window or tab >>Information Inadequacy: the Lack of Needed Information in Human, Social and Industrial Affairs
2012 (English)In: ICT Critical Infrastructures and Society: 10th IFIP TC 9 International Conference on Human Choice and Computers, HCC10 2012, Amsterdam, The Netherlands, September 27-28, 2012. Proceedings / [ed] Magda David Hercheui, Diane Whitehouse, William McIver Jr. & Jackie Phahlamohlaka, Springer, 2012, p. 320-329Chapter in book (Refereed)
Abstract [en]

This study investigates the phenomenon of the lack of needed information, predominantly experienced through difficulties in human, social and industrial affairs. The key concern is, thus, to understand what really causes the lack of needed information. Answers to this concern have been provided from an array of studies mostly focused in the area of information management. However, the literature shows that there is no comprehensive a priori theory to guide an empirical investigation on this matter. Thus, the empirical investigation conducted here is based on grounded theory approach that investigates fifty cases, where the lack of needed information is clearly manifested. The empirical investigation suggests that the phenomenon of the lack of needed information seems to emerge because of diverse factors, ranging from political and cultural structures, through human individual capabilities, and ending with procedural and technological artefacts. The results present an initial outline for a possible future theory of information inadequacy.

Place, publisher, year, edition, pages
Springer, 2012
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; 386
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-31175 (URN)10.1007/978-3-642-33332-3_29 (DOI)2-s2.0-84870917717 (Scopus ID)978-3-642-33331-6 (ISBN)
Conference
10th IFIP TC 9 Conference on Human Choice and Computers (HCC10 2012), Amsterdam, The Netherlands, September 27-28, 2012
Available from: 2013-12-10 Created: 2013-12-10 Last updated: 2018-01-11Bibliographically approved
Haftor, D., Kajtazi, M. & Mirijamdotter, A. (2011). A Review of Information Logistics Research Publications. Paper presented at BIS 2011 International Workshops and BPSC International Conference, Poznan, Poland, June 2011. Lecture Notes in Business Information Processing, 97, 244-255
Open this publication in new window or tab >>A Review of Information Logistics Research Publications
2011 (English)In: Lecture Notes in Business Information Processing, ISSN 1865-1348, E-ISSN 1865-1356, Vol. 97, p. 244-255Article in journal (Refereed) Published
Abstract [en]

Information Logistics’ has presented itself as an intellectual and professional domain addressing the question of timely providence of the right information. A question that emerges then is: What is Information Logistics? To answer this question, a comprehensive review of research publications was conducted, where ‘Information Logistics’ was featured in the publication title. A detailed analysis of the content of these publications identified eleven different research directions, where five are currently active, all in Europe. Among various findings, the results show that these research directions have been pursued independently of each other, addressing different kinds of research questions and contexts, utilising different research approaches, and therefore generating a variety of unrelated research results. All the reviewed research here shows that there are numerous unmet empirical needs in our human and social affairs, as well as a need for intra-disciplinary developments, which calls for a joint mobilisation of the research efforts.

Place, publisher, year, edition, pages
Berlin Heidelberg: Springer Berlin/Heidelberg, 2011
Keywords
Information Need, Lack of Information, Literature Review, Content Analysis.
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-25701 (URN)10.1007/978-3-642-25370-6_24 (DOI)2-s2.0-81255156990 (Scopus ID)978-3-642-25369-0 (ISBN)978-3-642-25370-6 (ISBN)
Conference
BIS 2011 International Workshops and BPSC International Conference, Poznan, Poland, June 2011
Available from: 2013-05-18 Created: 2013-05-18 Last updated: 2020-06-05Bibliographically approved
Organisations

Search in DiVA

Show all publications