Search results

Cyberstalking is a growing threat to society, and policymakers should address it utilizing the input of constituents. For this, two key components are required: actionable objectives informed by the values of society and the means of implementation to maximize their potential benefits. The process should be guided by the constituent's values, requiring the elicitation of intrinsic values as individual preferences that are extrapolated to society at large.

The authors utilize Keeney's (1990) public value forum and Sen's (1999) social choice theory (Sen, 1999) to elicit and convert these intrinsic values to serve as the basis for developing public policy to prevent cyberstalking.

The results demonstrate a strong desire by participants to have clear regulations, policies and procedures developed in concert with industry and enforced by the government that elucidate required protections against cyberstalking in combination with strong technical controls. These policies should guide technical control development and implementation, but leave ultimate control in the hands of technology users to decide what controls they want to utilize.

This study is the first to utilize Keeney's (1988) public value forum in the context of cyberstalking to develop quantitative measures regarding technology users' desired cybersecurity protections against cyberstalking. The authors provide a decision-making framework for policymakers to develop a new policy based on the input of their constituents in a manner that maximizes their potential utility and ultimate benefit.

Enforcing employee compliance with information systems security policies (ISSP) is a herculean task for organizations as security breaches due to non-compliance continue to soar. To improve this situation, researchers have employed fear appeals that are based on protection motivation theory (PMT) to induce compliance behavior. However, extant research on fear appeals has yielded mixed findings. To help explain these mixed findings, the authors contend that efficacy formation is a cognitive process that is impacted by the cognitive load exerted by the design of fear appeal messages.

The study draws on cognitive load theory (CLT) to examine the effects of intrinsic cognitive load, extraneous cognitive load and germane cognitive load on stimulating an individual’s efficacy and coping appraisals. The authors designed a survey to collect data from 359 respondents and tested the model using partial least squares.

The analysis showed significant relationships between cognitive load (intrinsic, extraneous, and germane) and fear, maladaptive rewards, response costs, self-efficacy and response efficacy.

This provides support for the assertion that fear appeals impact the cognitive processes of individuals that then in turn can potentially affect the efficacy of fear and coping appraisals. These findings demonstrate the need to further investigate how individual cognition is impacted by fear appeal design and the resulting effects on compliance intention and behavior.

Ethereum-based blockchain technology (EBT) affords members of the Enterprise Ethereum Alliance (EEA) a market advantage in deploying blockchain within their organizations, including cybersecurity and operational benefits, that leads firms to strategically invest in this nascent technology. However, the impact of such strategic investments in EBT has yet to be explored in the context of its relationship to firm value. Therefore, this study explores EBT-specific firm-level characteristics that result in a stock market reaction to announcements of strategic investments.

The authors use the event study methodology, strategic investment literature and signaling theory as contextualizing frameworks for their study. Additionally, the authors explore a new method for examining technology investments as a strategic counter to cybersecurity threats.

Firms that signal to the market their strong commitment to their strategic investment by developing an EBT proof of concept see significantly higher market returns. Firms that have had prior cybersecurity incidents are rewarded by the market for strategically investing in EBT, and when firms with large undistributed free cash flows utilize this cash for strategic EBT investment, the market is more likely to reward these firms, indicating the market views EBT investment positively in these circumstances.

The results of this study provide new evidence of the value impact of EBT for firms that suffered cybersecurity events in the past. The authors provide empirical evidence of firm-level characteristics that investors use to discern whether a strategic investment in EBT will drive organizational value. Likewise, the authors demonstrate how signaling affects investor perceptions of strategic information technology (IT) investments in EBT.

Blockchain holds promise as a potential solution to the problem of cybersecurity in financial transactions. However, difficulty exists for both the industry and organizations in assessing this potential solution. Hence, it is important to understand how organizations in the financial sector can address these concerns by exploring blockchain implementation for financial transactions in the context of cybersecurity. To do this, the problem question is threefold: first, what objectives are important based on the strategic values of an organization for evaluating cybersecurity to improve the security of financial transactions? Second, how can they be used to ensure the cybersecurity of financial transactions in a financial organization? Third, how can these objectives be used to evaluate blockchain as a potential solution for enhancing the cybersecurity of organizations in the financial sector relative to existing cybersecurity methods? The paper aims to discuss this issue.

To accomplish this goal we utilize Keeney’s (1992) multi-objective decision analytics technique, termed value-focused thinking (VFT), to demonstrate how organizations can assess a blockchain solution’s value to maximize value-add within financial organization.

The presented model clearly demonstrates the viability of using Keeney’s (1992) VFT technique as a multi-criteria decision analysis tool for assessing blockchain technology. Further, a clear explanation of how this model can be extended and adapted for individual organizational use is provided.

This paper engages both the academic literature as well as an expert panel to develop an assessment model for blockchain technology related to financial transactions by providing a useful method for structuring the decision-making process of organizations around blockchain technology.

In this paper, using values of individuals in a Swedish health-care organization, electronic identity management objectives related to security are defined.

By using value-focused thinking, eliciting values from interviews of three groups of health-care staff’s objective hierarchies for three stakeholder groups are identified and defined. Objective hierarchies allow comparison across multiple stakeholder groups such that strategic objectives for identity management can be compared and contrasted.

This qualitative investigation, which used value-focused thinking, revealed 94 subobjectives, grouped into 12 fundamental and 14 means objectives, which are essential for developing measures that address potential value conflicts in a health-care organization around electronic identity management. The objectives developed in this study are grounded socioorganizationally and provide a way forward in developing measures aimed to reducing potential conflicts at a policy level.

In a final synthesis, congruence (or lack thereof) in the electronic identity management approach for a Swedish health organization is suggested. This also creates a foundation to evaluate and weight different objectives for strategic decision management.

The second major area of the so-called risk treatment is risk financing. Risk financing includes measures to finance the costs of losses, risks, and uncertainties. Historically, risk financing has been virtually synonymous with buying insurance. However, over time alternatives to insurance have evolved – self-insurance, pools, captives, large deductible programmes, finite insurance programmes, banking arrangements, and capital market-based solutions. The concept of risk financing has expanded to include products that address a range of financial risks such as interest rate and credit risk. These products include derivatives and some new innovative securities.

Today, the rapid development of the risk financing market has created several practical problems. Notably, regulatory and legal structures have not always kept pace with change, leading to much confusion about risk financing alternatives. Many products look and function almost identically to others, and yet history and custom have dictated very different treatment by regulators, tax authorities, and others. There is growing pressure for significant legal and regulatory realignment.

For newcomers to the field, risk financing measures can be thought of as existing on a continuum, ranging from pure retention (all losses paid directly out of pocket) to pure transfer (where a third party accepts and bears the full costs of risk). An important recognition of the continuum of risk financing is that there are no products that are fully retention or transfer, but rather a varying blend of the two. Hedging of risk, for example, is arguably here a near perfect blending of a retention and a transfer of risk.

Insurance is a contract whereby one party (the policyholder) promises and makes a payment or series of payments in exchange for the second party’s (the insurance company’s) promise to indemnify the policyholder for losses covered under the terms of the policy. Perhaps it is easier to just think of insurance as a transaction where the policyholder trades small regular losses (the premium paid) for large and irregular gains (claims proceeds).

While it may seem somewhat disproportionate to devote an entire chapter to more detailed treatment of a single risk financing tool, insurance has a very large impact, not only in terms of its intrinsic value, but also in terms of the many ways in which insurance influences risk management thinking and practice. As will be shown, some of this influence is waning and in other cases it could be argued that insurance ‘thinking’ has hindered efforts to respond to facts on the ground and the ability to adapt the role of risk management in organisations.

To provide a useful discussion, this chapter will cover both the products that the insurance industry offers and the structure of the industry itself, along with addressing legal and regulatory matters that were touched upon in Chapter Nine. The chapter concludes with an overview of public sector insurance issues that provides a basis for understanding alternatives to insurance that have emerged in dramatic fashion in recent decades – which in turn provides a basis for considering some of the constraints that insurance imposes on risk management practice.

Ours is a complex world. On these five words will be built a foundation for an alternative way of framing our thinking about risk management. Complexity means many things, but a key feature is that outcomes cannot be predicted with certainty. In the best cases, opportunities arise to analyse and develop some understanding of the uncertainty within a complex system, and in the most fortunate of such circumstances it is possible to anticipate specific outcomes with some degree of accuracy. The authors call such circumstances risks – that is, measurable uncertainties. Complexity, however, consists mainly of interconnected uncertainties and unknown/unknowable possible outcomes or effects. And, of course, complex systems can include humans whose (in)ability to perceive and interpret such environments makes things – well – more complex.

This book ultimately will focus on how the authors construct a way to lead and manage in this environment, but first it is critical that the terminology and description of this world be given some precision. Therefore, Chapter One begins with an introduction to the idea of complexity, including some mention of the principles and concepts that inform our understanding of it. In turn, this discussion introduces uncertainty. Risk, as a category of uncertainty is discussed and the implications of its measurability are presented, which leads to a discussion of human perception and behaviour under conditions of uncertainty. Attention is then drawn to the unknown and the unknowable, and to emergent phenomena. Since the focus of this book is on public sector risk management, the chapter concludes with a brief discussion of the idea of public risk.

Computer-aided/assisted qualitative data analysis software (CAQDAS) supports qualitative and mixed methods researchers to organize, analyze, and explore data in a meaningful, and efficient, way. Successfully utilizing CAQDAS software can be challenging, particularly for the novice researcher. To assist all researchers 21 CAQDAS dilemmas are articulated. These relate to choosing, using, and getting started with the software, as well as writing about CAQDAS use. These dilemmas suggest there is no right way to use CAQDAS programs, rather the specific research project, along with researcher experience and philosophy, should drive the extent to which any project utilizes the extensive CAQDAS capabilities, while also encouraging the researcher(s) to drive their ideas and exploration beyond what they initially thought possible.

Interpretative Phenomenological Analysis (IPA) offers management researchers an approach which allows deep examination of the relationship between individuals and their environments, particularly in complex social situations. Phenomenology studies phenomena, or things and events, as they are perceived by people's consciousness. Interpretivism allows researchers to access such internal awareness of research participants by attempting to understand the words used by subjects to describe their experiences and perceptions. Inherently subjective, this approach requires self-awareness by the researcher and the willingness to abandon preconceived notions in favor of interactive listening and exploration, relying on terms and concepts volunteered by participants rather than nominated by theory or preceding literature. Qualitative text analysis software can be utilized to facilitate aggregation and distillation of the voluminous narratives that result from the open-ended semi-structured interviews typically employed to collect data for IPA. However, impartiality and discernment on the part of the researcher remain essential in interpreting any automated analytical results. The researcher becomes in essence a second-hand observer, peering through windows voluntarily opened by participants, attempting to understand their understanding of their world.

This chapter introduces IPA, providing an overview of its rationale and approach, and illustrates its application in a management-related setting, focusing on cultural adaptation of immigrant professionals.