We apply a model of preferences about the presence and absence information to domain decision making under risk ambiguity. An uncertain prospect exposes an individual 1 or more gaps, specific unanswered questions that capture attention. Gambling makes these important, attracting attention them. To extent uncertainty (or other circumstances) gaps unpleasant think about, tends be averse Yet in ci...

Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion ...

The purpose of this paper is to present a solution to manage the concepts related to ISO/IEC 27005:2011 standard in such a way that different stakeholders could access and understand them without misleading their meanings. This paper presents an ontology to structure and organize core concepts of risk assessment phase of ISO/IEC 27005:2011 standard. The method of ontology development ontology f...

Organizations in our modern society grow larger and more complex to provide advanced services due to the varieties of social demands. Such organizations are highly efficient for routine work processes but known to be not robust to unexpected situations. According to this observation, the importance of the organizational risk management has been noticed in recent years. On the other hand, a larg...

Theoretical models of information asymmetry have identified a tradeoff between the desire to learn and the desire to prevent an opponent from learning private information. This paper reports a laboratory experiment that investigates if actual bidders account for this tradeoff, using a sequential procurement auction with private cost information and varying information revelation policies. Speci...

Background For the purpose of understanding the Food and Drug Administration’s (FDA’s) concerns regarding online promotion of prescription drugs advertised directly to consumers, this study examines notices of violations (NOVs) and warning letters issued by the FDA to pharmaceutical manufacturers.   Methods The FDA’s warning letters and NOVs, which were issued to pharmaceutical companies over a...

Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our ex...