IT organizations and CEO‟s are, and should be, concerned these days about the (lack of) data confidentiality and the usage of „shadow‟ IT systems by employees. Not only does the company risk monetary loss or public embarrassment, the senior management might also risk personal fines or even imprisonment. Several trends reinforce the attention for these subjects, including the fact that an increasing number of people perform parts of their work tasks from home (RSA, 2007) and the increasing bandwidth available to internet users which makes them rely on the Internet for satisfying their business and personal computing needs (Desisto et al. 2008). Employee compliance with the existing IT security policies is therefore essential. This paper presents a study on factors that influence non-compliance behavior of employees in organizations. The factors found in literature are tested in a survey study amongst employees of a big-four accountancy firm in the Netherlands and Belgium. The study concludes that stricter IT governance and cultural aspects are the most important factors influencing non-compliance behavior.
In Eastern Africa, increasing climate variability and changing socioeconomic conditions are exacerbating the frequency and intensity of drought disasters. Droughts pose a severe threat to food security in this region, which is characterized by a large dependency on smallholder rain-fed agriculture and a low level of technological development in the food production systems. Future drought risk will be determined by the adaptation choices made by farmers, yet few drought risk models … incorporate adaptive behavior in the estimation of drought risk. Here, we present an innovative dynamic drought risk adaptation model, ADOPT, to evaluate the factors that influence adaptation decisions and the subsequent adoption of measures, and how this affects drought risk for agricultural production. ADOPT combines socio-hydrological and agent-based modeling approaches by coupling the FAO crop model AquacropOS with a behavioral model capable of simulating different adaptive behavioral theories. In this paper, we compare the protection motivation theory, which describes bounded rationality, with a business-as-usual and an economic rational adaptive behavior. The inclusion of these scenarios serves to evaluate and compare the effect of different assumptions about adaptive behavior on the evolution of drought risk over time. Applied to a semi-arid case in Kenya, ADOPT is parameterized using field data collected from 250 households in the Kitui region and discussions with local decision-makers. The results show that estimations of drought risk and the need for emergency food aid can be improved using an agent-based approach: we show that ignoring individual household characteristics leads to an underestimation of food-aid needs. Moreover, we show that the bounded rational scenario is better able to reflect historic food security, poverty levels, and crop yields. Thus, we demonstrate that the reality of complex human adaptation decisions can best be described assuming bounded rational adaptive behavior; furthermore, an agent-based approach and the choice of adaptation theory matter when quantifying risk and estimating emergency aid needs.
MULTIFILE
Why are risk decisions sometimes rather irrational and biased than rational and effective? Can we educate and train vocational students and professionals in safety and security management to let them make smarter risk decisions? This paper starts with a theoretical and practical analysis. From research literature and theory we develop a two-phase process model of biased risk decision making, focussing on two critical professional competences: risk intelligence and risk skill. Risk intelligence applies to risk analysis on a mainly cognitive level, whereas risk skill covers the application of risk intelligence in the ultimate phase of risk decision making: whether or not a professional risk manager decides to intervene, how and how well. According to both phases of risk analysis and risk decision making the main problems are described and illustrated with examples from safety and security practice. It seems to be all about systematically biased reckoning and reasoning.
