Integrating information quality dimensions into information security risk management (ISRM)

Abstract Information security is becoming an important entity to most organizations due to current trends in information transfer through a borderless and vulnerable world. This gives more concerns and aware organization to apply information security risk management (ISRM) to develop effective and economically-viable control strategies. Even though there are numerous ISRM methods that are readily available, most of the ISRM methods prescribe a similar process that leads to establish a scope of the assessment, collecting information, producing intermediary information, and finally using the collected information to identify their security risks and provide a measured, analyzed security profile of critical information assets. Based on the “garbage in-garbage out” phenomenon, the success of ISRM planning tremendously depends on the quality of input information. However, with the amount, diversity and variety of information available, practitioners can easily deflects with grown information and becoming unmanageable. Therefore this paper contribute as a stepping stone to determine which IQ dimensions constitute the quality of the information throughout the process of gathering information during ISRM. Seems to accurately define the attributes of IQ dimensions, IQ needs to be assessed within the context of its generation. Thus, papers on IQ web were assessed and comparative analysis was conducted to identify the possible dimensions for ISRM. Then, online survey using likert structured questionnaire were distributed among a group of information security practitioners in Malaysia (N = 150). Partial least square (PLS) analysis revealed that dimension accuracy, amount of data, objective, completeness, reliability and verifiability are significantly influence the quality of information gathering for ISRM. These IQ dimensions can guide practitioners in the process of gathering quality and complete information in order to make a plan that leads to a clear direction, and ultimately help to make decisions that lead to success.

[1]  Richard Y. Wang,et al.  Anchoring data quality dimensions in ontological foundations , 1996, CACM.

[2]  Mehran Mohsenzadeh,et al.  Towards a Practical “State Reconstruction” for Data Quality Methodologies: A Customized List of Dimensions , 2012 .

[3]  Mouzhi Ge,et al.  An Information Oriented Framework for Relating IS/IT Resources and Business Value , 2011, ICEIS.

[4]  Erick C. Jones,et al.  Information quality on the World Wide Web: development of a framework , 2011, Int. J. Inf. Qual..

[5]  Diane M. Strong,et al.  AIMQ: a methodology for information quality assessment , 2002, Inf. Manag..

[6]  Jacob Cohen Statistical Power Analysis , 1992 .

[7]  Gary Wills,et al.  An evaluation of Information quality frameworks for the World Wide Web , 2006 .

[8]  Mehran Mohsenzadeh,et al.  A QUESTIONNAIRE-BASED DATA QUALITY METHODOLOGY , 2012 .

[9]  Ran Bergmann QUANTIFYING INFORMATION QUALITY , 2015 .

[10]  Rabiah Ahmad,et al.  A conceptual framework of info structure for information security risk assessment (ISRA) , 2013, J. Inf. Secur. Appl..

[11]  Mario Piattini,et al.  Defining a Data Quality Model for Web Portals , 2006, WISE.

[12]  Keng Siau,et al.  Measuring information quality of web sites: development of an instrument , 1999, ICIS.

[13]  G. Shankaranarayan,et al.  Managing Data Quality in Dynamic Decision Environments: An Information Product Approach , 2003, J. Database Manag..

[14]  Adir Even,et al.  Data quality assessment in context: A cognitive perspective , 2009, Decis. Support Syst..

[15]  Mathias Ekstedt,et al.  Overview of Enterprise Information Needs in Information Security Risk Assessment , 2014, 2014 IEEE 18th International Enterprise Distributed Object Computing Conference.

[16]  Galit Shmueli,et al.  Information Quality: The Potential of Data and Analytics to Generate Knowledge , 2016 .

[17]  Marsha Ann Tate,et al.  Web Wisdom: How To Evaluate and Create Information Quality on the Web , 1999 .

[18]  Bart Baesens,et al.  A multidimensional analysis of data quality for credit risk management: New insights and challenges , 2013, Inf. Manag..

[19]  P Collerette,et al.  [Case studies in research]. , 1997, Recherche en soins infirmiers.

[20]  Mouzhi Ge,et al.  Information Quality Assessment and Effects on Inventory Decision-Making , 2009 .

[21]  Pedro Rangel Henriques,et al.  A Formal Definition of Data Quality Problems , 2005, ICIQ.

[22]  Rolph E. Anderson,et al.  Multivariate Data Analysis with Readings , 1979 .

[23]  Martin J. Eppler,et al.  Measuring Information Quality in the Web Context: A Survey of State-of-the-Art Instruments and an Application Methodology , 2002, ICIQ.

[24]  Rabiah Ahmad,et al.  Collective information structure model for Information Security Risk Assessment (ISRA) , 2015, J. Syst. Inf. Technol..

[25]  Abdullah Abrizah,et al.  Information quality problems in Farsi web-based learning resources: how do teachers assure of the content quality for classroom use? , 2015 .

[26]  Mohammad Javad Kargar A Systemic Method for Measuring Quality of Information on Weblog , 2011 .

[27]  Keng Siau,et al.  Information quality in internet commerce design , 2002, Information and Database Quality.

[28]  Chien Chin Chen,et al.  Quality evaluation of product reviews using an information quality framework , 2011, Decis. Support Syst..

[29]  Alemayehu Molla,et al.  Senior managers' perception on green information systems (IS) adoption and environmental performance: Results from a field survey , 2013, Inf. Manag..

[30]  Mohamed S. Saleh,et al.  A new comprehensive framework for enterprise information security risk management , 2011 .

[31]  Diane M. Strong,et al.  Beyond Accuracy: What Data Quality Means to Data Consumers , 1996, J. Manag. Inf. Syst..

[32]  Amir Parssian,et al.  Managerial decision support with knowledge of accuracy and completeness of the relational aggregate functions , 2006, Decis. Support Syst..

[33]  Marko Sarstedt,et al.  Partial least squares structural equation modeling (PLS-SEM): An emerging tool in business research , 2014 .

[34]  Mario Piattini,et al.  A proposal for a set of attributes relevant for Web portal data quality , 2008, Software Quality Journal.

[35]  Carlo Batini,et al.  Methodologies for data quality assessment and improvement , 2009, CSUR.

[36]  Jun Tian,et al.  The Relation Research of Data Quality to Decision Quality and Results in Emergency Decision-making , 2013 .

[37]  Sharman Lichtenstein,et al.  Factors in the selection of a risk assessment method , 1996, Inf. Manag. Comput. Secur..

[38]  Ying Su,et al.  Information Quality Assurance Models for Experts Assessing in Disaster Management , 2009, 2009 WRI World Congress on Computer Science and Information Engineering.

[39]  Gerald W. McLaughlin,et al.  Assessing the Integrity of Web Sites Providing Data and Information on Corporate Behavior , 2005 .

[40]  Donald P. Ballou,et al.  Modeling Data and Process Quality in Multi-Input, Multi-Output Information Systems , 1985 .

[41]  Les Gasser,et al.  A framework for information quality assessment , 2007, J. Assoc. Inf. Sci. Technol..

[42]  Heinz Roland Weistroffer,et al.  A FRAMEWORK TO ENHANCE DECISION OUTCOMES: DATA QUALITY PERSPECTIVE , 2011 .

[43]  InduShobha N. Chengalur-Smith,et al.  The Impact of Experience and Time on the Use of Data Quality Information in Decision Making , 2003, Inf. Syst. Res..

[44]  Maurizio Tomasella,et al.  A risk based model for quantifying the impact of information quality , 2014, Comput. Ind..

[45]  Atif Ahmad,et al.  Information Security Risk Assessment: Towards a Business Practice Perspective , 2010, AISM 2010.

[46]  Stuart E. Madnick,et al.  Data and Information Quality Research: Its Evolution and Future , 2014, Computing Handbook, 3rd ed..

[47]  Enrique Herrera-Viedma,et al.  Evaluating the information quality of Web sites: A methodology based on fuzzy computing with words , 2006, J. Assoc. Inf. Sci. Technol..

[48]  Diane M. Strong,et al.  10 Potholes in the Road to Information Quality , 1997, Computer.

[49]  Felix Naumann,et al.  Assessment Methods for Information Quality Criteria , 2000, IQ.

[50]  Richard Y. Wang,et al.  Data quality assessment , 2002, CACM.

[51]  Richard Y. Wang,et al.  A product perspective on total data quality management , 1998, CACM.

[52]  Stephanie Watts,et al.  A Relevant, Believable Approach for Data Quality Assessment , 2003, ICIQ.

[53]  Soo Young Rieh Judgement of information quality and cognitive authority in the Web , 2002 .

[54]  Thomas Redman,et al.  Data quality for the information age , 1996 .

[55]  Jun Tian,et al.  Impact of data to decision based on emergency plan , 2014, The 2014 2nd International Conference on Systems and Informatics (ICSAI 2014).

[56]  Atif Ahmad,et al.  Incorporating a knowledge perspective into security risk assessments , 2011 .

[57]  Ana Carolina Salgado,et al.  Using information quality for the identification of relevant web data sources: a proposal , 2012, IIWAS '12.

[58]  Shirlee-ann Knight,et al.  The combined conceptual life cycle model of information quality in user perceptions of IQ on the web , 2011, ICIQ.

[59]  J. Eloff,et al.  Information security management: a new paradigm , 2003 .

[60]  Witold Pedrycz,et al.  A new information security risk analysis method based on membership degree , 2014, Kybernetes.

[61]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[62]  Diane M. Strong,et al.  Information quality benchmarks: product and service performance , 2002, CACM.

[63]  Soo Young Rieh Judgment of information quality and cognitive authority in the Web , 2002, J. Assoc. Inf. Sci. Technol..

[64]  Galit Shmueli,et al.  On information quality , 2012, SSRN Electronic Journal.

[65]  L. Kluitmans,et al.  The impact of information quality on strategic decision-making , 2013 .

[66]  Barbara D. Klein WHEN DO USERS DETECT INFORMATION QUALITY PROBLEMS ON THE WORLD WIDE WEB , 2002 .

[67]  Stuart E. Madnick,et al.  Overview and Framework for Data and Information Quality Research , 2009, JDIQ.

[68]  Atif Ahmad,et al.  Towards a knowledge perspective in information security risk assessments - an illustrative case study , 2009 .

[69]  Lorne Olfman,et al.  An experimental study of the effects of contextual data quality and task complexity on decision performance , 2005, IRI -2005 IEEE International Conference on Information Reuse and Integration, Conf, 2005..

[70]  Linda C. Smith,et al.  A framework for information quality assessment , 2007 .

[71]  Ofer Arazy,et al.  On the measurability of information quality , 2011, J. Assoc. Inf. Sci. Technol..

[72]  James C. Anderson,et al.  STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACH , 1988 .

[73]  Angélica Caro,et al.  Identifying the data quality terminology used by business people , 2015, 2015 34th International Conference of the Chilean Computer Science Society (SCCC).

[74]  Bin Zhu,et al.  Data Quality Metadata and Decision Making , 2012, 2012 45th Hawaii International Conference on System Sciences.

[75]  Angélica Caro,et al.  A Probabilistic Approach to Web Portal's Data Quality Evaluation , 2007 .

[76]  Yu Cai,et al.  Supporting data quality management in decision-making , 2006, Decis. Support Syst..