Security Risk Management
Abstract
In this paper, it’s have stress on importance of user in participate on information security risk management and its influence in the context of regulatory compliances via a multi-method study at the organizational level. Along with associated outcomes, the types of activities and security controls in which user’s participation as part of Sarbanes – Oxley compliance also understand here. Besides that, research model also been develop in this paper on the finding of the quantitative study and extant user participation theories in the system development literature. While the IS security literature often portrays users as the weak link in security, the current study suggests that users may be an important resource to IS security by providing needed business knowledge that contributes to more effective security measures. User participation is also a means to engage users in protecting sensitive information in their business processes.
1.1 Introduction
This article is briefing about the problems that involved with information security example external threats likes hackers, viruses and people. There have two reason why user participate in IS security risk management very valuable. Firstly, user awareness of the risks to IS security is widely believed to be fundamental effective IS security (Aytes and Connolly 2004; Furnell 2008; Goodhue and Straub 1991; Hu et al 2006; Siponen 2000a,2000b; Straub and Welke 1998; Whitman 2004) and second is security control need to be aligned with business objectives to be effective (Alberts and Dorofee 2003; Halliday et al 1996; ITGI 2005; McAdams 2004; Suh and Han 2003). In this article concept of user participation have been characterized by extant theories and conceptualization in IS security contexts. The study’s multi – method research design is outlined and followed by a qualitative exploratory study that examined user participation in IS security risk management for regulatory compliance. A theoretical model be
In this paper, it’s have stress on importance of user in participate on information security risk management and its influence in the context of regulatory compliances via a multi-method study at the organizational level. Along with associated outcomes, the types of activities and security controls in which user’s participation as part of Sarbanes – Oxley compliance also understand here. Besides that, research model also been develop in this paper on the finding of the quantitative study and extant user participation theories in the system development literature. While the IS security literature often portrays users as the weak link in security, the current study suggests that users may be an important resource to IS security by providing needed business knowledge that contributes to more effective security measures. User participation is also a means to engage users in protecting sensitive information in their business processes.
1.1 Introduction
This article is briefing about the problems that involved with information security example external threats likes hackers, viruses and people. There have two reason why user participate in IS security risk management very valuable. Firstly, user awareness of the risks to IS security is widely believed to be fundamental effective IS security (Aytes and Connolly 2004; Furnell 2008; Goodhue and Straub 1991; Hu et al 2006; Siponen 2000a,2000b; Straub and Welke 1998; Whitman 2004) and second is security control need to be aligned with business objectives to be effective (Alberts and Dorofee 2003; Halliday et al 1996; ITGI 2005; McAdams 2004; Suh and Han 2003). In this article concept of user participation have been characterized by extant theories and conceptualization in IS security contexts. The study’s multi – method research design is outlined and followed by a qualitative exploratory study that examined user participation in IS security risk management for regulatory compliance. A theoretical model be
References: Alberts, C., and Dorofee, A. 2003. Managing Information Security Risks: The Octave Approach, Upper Saddle River, NJ: Addison- Wesley. Aytes, K., and Connolly, T. 2004. “Computer Security and Risky Computing Practices: A Rational Choice Perspective,” Journal of Organizational and End User Computing (16:3), pp. 22-40. Lee, A. S. 1991. “Integrating Positivist and Interpretive Approaches to Organizational Research,” Organization Science (2:4), pp. 342-365. Hu, Q., Hart, P., and Cooke, D. 2006. “The Role of External Influences on Organizational Information Security Practices: An Institutional Perspective,” in Proceedings of the 39th Hawaii International Conference on System Sciences, Los Alamitos, CA: IEEE Computer Society Press. Tsohou, A., Kokolakis, S., Karyda, M., and Kiountouzis, E. 2008. “Process-Variance Models in Information Security Awareness Research,” Information Management & Computer Security (16:3), pp. 271-287.