论文信息 - An Investigation Of Organizational Information Security Risk Analysis

An Investigation Of Organizational Information Security Risk Analysis

Despite a growing number and variety of information security threats, many organizations continue to neglect implementing information security policies and procedures. The likelihood that an organization’s information systems can fall victim to these threats is known as information systems risk (Straub & Welke, 1998). To combat these threats, an organization must undergo a rigorous process of self-analysis. To better understand the current state of this information security risk analysis (ISRA) process, this study deployed a questionnaire using both open-ended and closed ended questions administered to a group of information security professionals (N=32). The qualitative and quantitative results of this study show that organizations are beginning to conduct regularly scheduled ISRA processes. However, the results also show that organizations still have room for improvement to create idyllic ISRA processes.

[1] Lawrence Bodin,et al. Evaluating information security investments using the analytic hierarchy process , 2005, CACM.

[2] Michael E. Whitman. Enemy at the gate: threats to information security , 2003, CACM.

[3] Huseyin Cavusoglu,et al. Model for Evaluating , 2022 .

[4] Loren Paul Rees,et al. Necessary measures: metric-driven information security risk assessment and decision making , 2007, CACM.

[5] Efraim Turban,et al. Introduction to Information Systems: Supporting and Transforming Business Wiley Plus Stand-alone , 2007 .

[6] Herbert J. Mattord,et al. Principles of Information Security , 2004 .

[7] Terry Anthony Byrd,et al. Defense Mechanisms of Biological Cells: A Framework for Network Security Thinking , 2003, Commun. Assoc. Inf. Syst..

[8] M. Whitman,et al. Management Of Information Security , 2004 .

[9] William L. Simon,et al. The Art of Deception: Controlling the Human Element of Security , 2001 .

[10] R. Weiss. Learning from strangers : the art and method of qualitative interview studies , 1995 .

[11] Susan Greener,et al. Business Research Methods , 2008 .

[12] T. Scandura,et al. Research Methodology In Management: Current Practices, Trends, And Implications For Future Research , 2000 .