lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Assessing Escalation of Commitment as an Antecedent of Noncompliance with Information Security Policy
Linnaeus University, Faculty of Technology, Department of Informatics.
2013 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

For organizations, emphasizing investments in security technology has become the norm. Trending security technologies are important for an organization’s information security strategy. Organizations commonly use such technologies to enforce information security policy (ISP) compliance on the part of their employees, to ensure the security of their information resources. Yet, it seems that employees frequently establish rules of their own for complying with the ISP. Questioning this concern, the present dissertation addresses employees’ violation of information security rules and regulations. The motivation is based on the concern that information security policy noncompliance is largely influenced by escalation of commitment. Escalation is a phenomenon that explains how employees in organizations often get involved in nonperforming tasks, commonly reflecting the tendency of persistence, when investments of resources have been initiated. This dissertation develops an integrated model based on Self-Justification theory, Prospect theory, and Approach Avoidance theory, that centres on two main factors of noncompliance, namely self-justification and sunk costs. These factors act as mediating mechanisms to explain the dependent factor of the willingness to engage in noncompliant behaviour. The theoretical model is empirically tested with a data set that represents responses from 639 respondents across 27 organizations using the scenario-based survey approach. The results of this dissertation present a dual outcome. For theory, our theoretical framework not only enriches the literature on information security by proving that escalation behaviour is an antecedent of noncompliance, but also generates new insights about the escalation of commitment literature. The findings suggest that employees’ cognitive traits are escalation’s main antecedents that present the necessary stimulation to violate an ISP, while employees’ emotional traits do not influence such stimulation when overpowered by cognitive traits. Our results also suggest that employees engaged in nonperforming tasks often become noncompliant, even though they were complying before. In principle, the findings show that employees prioritize the completion of their tasks, rather than their commitment to comply with the ISP, and thus become noncompliant. In practice, our results show that employees’ willingness to engage in noncompliant behaviour is largely influenced by self-justification and sunk costs. The main results suggest that (a) self-justification is largely driven by the benefits of noncompliance outweighing the costs of compliance; (b) sunk costs are largely driven by the completion effect; (c) the benefit of noncompliance is a significant factor in self-justification, partially mediated by its influence on the willingness to engage in noncompliance; and (d) the completion effect is a significant factor in the sunk costs, fully mediated by its influence on the willingness to engage in noncompliance. This dissertation advocates that further research is needed to account for and explain noncompliant behaviour by utilizing escalation theories in more depth, and that such an account requires an innovative and empirically driven effort.

Place, publisher, year, edition, pages
Växjö: Linnaeus University Press, 2013. , p. 164
Series
Linnaeus University Dissertations ; 164/2013
Keywords [en]
Information security policy; Escalation of commitment; Noncompliance behaviour; Self-justification; Sunk cost.
National Category
Computer and Information Sciences
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
URN: urn:nbn:se:lnu:diva-29524ISBN: 978-91-87427-44-2 (print)OAI: oai:DiVA.org:lnu-29524DiVA, id: diva2:655028
Public defence
2013-09-19, Weber, Hus K, Vaxjo, 13:15 (English)
Opponent
Supervisors
Available from: 2013-11-10 Created: 2013-10-09 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records BETA

Kajtazi, Miranda

Search in DiVA

By author/editor
Kajtazi, Miranda
By organisation
Department of Informatics
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 968 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf