By Topic

Incentive Alignment and Risk Perception: An Information Security Application

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Farahmand, F. ; Purdue Univ., West Lafayette, IN, USA ; Atallah, M.J. ; Spafford, E.H.

Technologies and procedures for effectively securing the enterprise in cyberspace exist, but are largely underdeployed. Reasons for this shortcoming include the neglect of the role of stakeholder perceptions in organizational reward systems, and misaligned incentives for effective allocation of resources. We present a methodology for practitioners to employ, with examples for identification of perverse incentives-situations where the interests of a manager or employee are not aligned with those of the organization-and for estimation of the damage caused by incentive misalignment. We present our revision to the risk perception model developed by Fischhoff and Slovic. We also present the results of our findings from our interviews of 42 information security executives across the U.S. about the role of risk perception and incentives in information security decisions. We discuss how to identify and to correct misalignments, to develop efficient incentive structures, and to include perceptual principles and security governance in making information security a property of the organizational environment. This research contributes to the practice and theory of information security, and has several implications for practitioners and researchers in the alignment of incentives and symmetrization of information across organizations.

Published in:

Engineering Management, IEEE Transactions on  (Volume:60 ,  Issue: 2 )