论文信息 - The effects of user participation in identifying information security risk in business processes

The effects of user participation in identifying information security risk in business processes

User participation is essential to identifying information security risks in routine business processes because it is the business users who possess detailed knowledge of business processes. This research develops a theory of the consultative form of user participation that emphasizes the cognitive benefits of user participation. In consultative participation, designated users acting as subject matter experts with detailed knowledge of specific business processes participate in a risk analysis to identify information security vulnerabilities. It is expected that previously unknown information risks will be identified, thereby increasing the quality of information used for information risk management. Knowledge of identified risks is expected to be transferred among peers (e.g., other users) or other participant groups (e.g., IT), which is expected to ultimately lead to improved information security through enhanced policies and procedures.

Janine L. Spears

[1] Trudy Lynn Elizabeth Johnson,et al. Decision-making as a social process , 1995 .

[2] Henri Barki,et al. Explaining the Role of User Participation in Information System Use , 1994 .

[3] Herbert J. Mattord,et al. Principles of Information Security , 2004 .

[4] Blake Ives,et al. User Involvement and MIS Success: A Review of Research , 1984 .

[5] Gurpreet Dhillon,et al. Refereed Papers: Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns , 2001 .

[6] Robert W. Zmud,et al. AN EMPIRICAL INVESTIGATION OF THE DIMENSIONALITY OF THE CONCEPT OF INFORMATION , 1978 .

[7] Henri Barki,et al. Rethinking the Concept of User Involvement , 1989, MIS Q..

[8] Edwin A. Locke,et al. Participation in decision making: An information exchange perspective. , 1997 .

[9] Ephraim R. McLean,et al. Information Systems Success: The Quest for the Dependent Variable , 1992, Inf. Syst. Res..

[10] Diane M. Strong,et al. Beyond Accuracy: What Data Quality Means to Data Consumers , 1996, J. Manag. Inf. Syst..

[11] B. Wilpert,et al. Conceptual dimensions and boundaries of participation in organizations: a critical evaluation. , 1978, Administrative science quarterly.

[12] Ingoo Han,et al. The IS risk analysis based on a business model , 2003, Inf. Manag..