Perception of risk and the strategic impact of existing IT on information security strategy at board level

Purpose – Information security is becoming increasingly more important as organisations are endangered by a variety of threats from both its internal and external environments. Many theorists now advocate that effective security policies should be created at senior management level. This is because executives are able to evaluate the organisation using a holistic approach as well as having the power to ensure that new systems and procedures are implemented in a timely manner. There is, however, a continuing lack of understanding regarding the strategic importance of managing information security. In addition, there is a gap in the literature on the relationship between directors and information security strategy. This paper attempts to close this gap by exploring how directors perceive their organisation's security and what factors influence their decisions on the development and implementation of information security strategy.Design/methodology/approach – The research is based on constructivist grounded ...

[1]  Amitava Dutta,et al.  Management's Role in Information Security in a Cyber Economy , 2002 .

[2]  Richard Baskerville,et al.  Risk analysis: an interpretive feasibility tool in justifying information systems security , 1991 .

[3]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[4]  David G. W. Birch,et al.  Risk analysis for Information Systems , 1992, J. Inf. Technol..

[5]  Moshe Zviran,et al.  Relationships between Organizational and Information Systems Objectives: Some Empirical Evidence , 1990, J. Manag. Inf. Syst..

[6]  Thompson S. H. Teo,et al.  A contingency perspective on Internet adoption and competitive advantage , 2003, Eur. J. Inf. Syst..

[7]  A. Strauss,et al.  The discovery of grounded theory: strategies for qualitative research aldine de gruyter , 1968 .

[8]  James Backhouse,et al.  Structures of responsibility and security of information systems , 1996 .

[9]  Bill Brewer,et al.  Perception and reason , 2001 .

[10]  John C. Henderson,et al.  Continuous strategic alignment: Exploiting information technology capabilities for competitive success , 1993 .

[11]  Jean Hitchings A practical solution to the complex human issues of information security design , 1996, SEC.

[12]  Shoshana Zuboff In the Age of the Smart Machine , 1988 .

[13]  K. Parry Grounded theory and social process: A new direction for leadership research , 1998 .

[14]  Kurt J. Engemann,et al.  A Methodology for Managing Information-Based Risk , 1996 .

[15]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[16]  Kenneth L. Kraemer,et al.  Executives’ Perceptions of the Business Value of Information Technology: A Process-Oriented Approach , 2000, J. Manag. Inf. Syst..

[17]  S. Velde,et al.  Linking warehouse complexity to warehouse planning and control structure: An exploratory study of the use of warehouse management information systems , 2002 .

[18]  Robert W. Zmud,et al.  Arrangements for Information Technology Governance: A Theory of Multiple Contingencies , 1999, MIS Q..

[19]  Robert E. Wallace Helping Users Help Themselves , 1990 .

[20]  W. Parsons,et al.  Public Policy: An Introduction to the Theory and Practice of Policy Analysis , 1996 .

[21]  Marshall L. Fisher,et al.  Supply Chain Inventory Management and the Value of Shared Information , 2000 .

[22]  Yolande E. Chan,et al.  Business Strategic Orientation, Information Systems Strategic Orientation, and Strategic Alignment , 1997, Inf. Syst. Res..

[23]  Rajiv K. Sinha,et al.  Market Orientation and Alternative Strategic Orientations: A Longitudinal Assessment of Performance Implications , 2002 .

[24]  Hamid Tavakolian,et al.  Linking the Information Technology Structure with Organizational Competitive Strategy: A Survey , 1989, MIS Q..

[25]  William R. King,et al.  An Empirical Assessment of Information Systems Planning and the Role of Information Systems in Organizations , 1992, J. Manag. Inf. Syst..

[26]  R. E. Dollinger,et al.  But is it safe , 1985 .

[27]  Izak Benbasat,et al.  Measuring the Linkage Between Business and Information Technology Objectives , 1996, MIS Q..

[28]  Wanda J. Orlikowski,et al.  CASE Tools as Organizational Change: Investigating Incremental and Radical Changes in Systems Development , 1993, MIS Q..

[29]  F. McFarlan,et al.  The information archipelago--plotting a course. , 1983, Harvard business review.

[30]  John W. Creswell,et al.  Research Design: Qualitative, Quantitative, and Mixed Methods Approaches , 2010 .

[31]  Sebastiaan H. von Solms,et al.  Corporate Governance and Information Security , 2001, Comput. Secur..

[32]  David C. Yen,et al.  Developing e-business; a strategic approach , 2002, Inf. Manag. Comput. Secur..

[33]  A. Bryant Re-grounding Grounded Theory , 2002 .

[34]  Cathy Urquhart,et al.  Exploring analyst-client communication: using grounded theory techniques to investigate interaction in informal requirements gathering , 1997 .

[35]  N. Denzin,et al.  Handbook of Qualitative Research , 1994 .

[36]  J. Ward,et al.  Strategic Planning for Information Systems , 1990 .

[37]  Debi Ashenden,et al.  Information Security management: A human challenge? , 2008, Inf. Secur. Tech. Rep..

[38]  M. Miles,et al.  Data management and analysis methods. , 1994 .

[39]  Evangelos A. Kiountouzis,et al.  The use of business process modelling in information systems security analysis and design , 2000, Inf. Manag. Comput. Secur..

[40]  Philip Powell,et al.  SMEs: aligning IS and the strategic context , 2001, J. Inf. Technol..

[41]  Brian J. Kelly PRESERVE, PROTECT, AND DEFEND , 1999 .

[42]  Varun Grover,et al.  Shaping Agility through Digital Options: Reconceptualizing the Role of Information Technology in Contemporary Firms , 2003, MIS Q..

[43]  Eileen M. Trauth,et al.  Understanding Computer-Mediated Discussions: Positivist and Interpretive Analyses of Group Support System Use , 2000, MIS Q..

[44]  Karen Locke Grounded Theory in Management Research , 2000 .

[45]  Philip Stiles,et al.  Boards at Work: How Directors View their Roles and Responsibilities , 2001 .

[46]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[47]  Bruce Cutting,et al.  Evaluating corporate board cultures and decision making (Оценка корпоративных культур и принятие решения) , 2002 .

[48]  Anselm L. Strauss,et al.  Basics of qualitative research : techniques and procedures for developing grounded theory , 1998 .

[49]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[50]  Mikko T. Siponen,et al.  An Analysis of the Recent IS Security Development Approaches: Descriptive and Prescriptive Implications , 2001 .

[51]  Suprateek Sarker,et al.  Using an adapted grounded theory approach for inductive theory building about virtual team development , 2000, DATB.

[52]  Robert D Austin,et al.  The myth of secure computing. , 2003, Harvard business review.

[53]  G H Galal,et al.  From contexts to constructs: the use of grounded theory in operationalising contingent process models , 2001 .

[54]  Gerardine DeSanctis,et al.  Capturing the Complexity in Advanced Technology Use: Adaptive Structuration Theory , 1994 .

[55]  Gordon A. Manson,et al.  An intelligent approach to prevent distributed systems attacks , 2002, Inf. Manag. Comput. Secur..

[56]  John Bessant,et al.  Managing Innovation: Integrating Technological, Market, and Organizational Change, 2nd Edition , 2001 .

[57]  Yolande E. Chan Why Haven't We Mastered Alignment? The Importance of the Informal Organization Structure , 2002, MIS Q. Executive.

[58]  R. B. Woodruff,et al.  Exploring the Phenomenon of Customers' Desired Value Change in a Business-to-Business Context , 2002 .

[59]  Izak Benbasat,et al.  Factors That Influence the Social Dimension of Alignment Between Business and Information Technology Objectives , 2000, MIS Q..

[60]  Wanda J. Orlikowski,et al.  Information Technology and the Structuring of Organizations , 2011 .

[61]  H. Bernard,et al.  Data Management and Analysis Methods , 2000 .

[62]  T. Barnett,et al.  The Moderating Effect of Individuals' Perceptions of Ethical Work Climate on Ethical Judgments and Behavioral Intentions , 2000 .

[63]  R. Baskerville,et al.  An information security meta‐policy for emergent organizations , 2002 .

[64]  A. Strauss Basics Of Qualitative Research , 1992 .

[65]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[66]  A. Strauss,et al.  Basics of qualitative research: Grounded theory procedures and techniques. , 1992 .

[67]  Huong Ngo Higgins,et al.  Corporate system security: towards an integrated management approach , 1999, Inf. Manag. Comput. Secur..

[68]  Steven W. Floyd,et al.  Path Analysis of the Relationship between Competitive Strategy, Information Technology, and Financial Performance , 1990, J. Manag. Inf. Syst..

[69]  Jan Pries-Heje,et al.  Three Barriers for Continuing Use of Computer-Based Tools in Information Systems Development: A grounded theory approach , 1992, Scand. J. Inf. Syst..

[70]  J. Barney Firm Resources and Sustained Competitive Advantage , 1991 .

[71]  N. Demise,et al.  OECD Principles of Corporate Governance , 2006 .

[72]  Vernon J. Richardson,et al.  Information Transfer among Internet Firms: The Case of Hacker Attacks , 2003, J. Inf. Syst..

[73]  John E. Dobson,et al.  A Methodology for Analysing Human and Computer-related Issues in Secure Systems , 1990 .

[74]  T.C.E. Cheng,et al.  Modelling the benefits of information sharing-based partnerships in a two-level supply chain , 2002, J. Oper. Res. Soc..

[75]  A. Giddens The Constitution of Society , 1985 .

[76]  Rhys Dogan,et al.  Corporate decision making: contending perspectives and their governance implications , 2003 .

[77]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.

[78]  Stephen W. Liddle,et al.  E-Business: Principles and Strategies for Accountants , 2001 .

[79]  Bernhard F. Frey,et al.  The Impact of Moral Intensity on Decision Making in a Business Context , 2000 .