Management's Role in Information Security in a Cyber Economy

Dutta, Amitava; McCrohan, Kevin F.

doi:10.2307/41166154

Cited by 110 publications

(63 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, IS researchers have also recognized that information security is not merely a technical issue, but also a management one (Chang and Ho 2006;Dutta and McCrohan 2002;Vermeulen and Von Solms 2002;von Solms and von Solms 2004). Hence, IS infrastructure in this study involves both security-related technical and management architectures.…”

Section: Is Security Infrastructure Resourcesmentioning

confidence: 94%

Information systems resources and information security

Chang

Wang

2010

Inf Syst Front

View full text Add to dashboard Cite

Recent studies suggest that the number of information security incidents has increased dramatically and has caused significant economic loss worldwide. Awareness of the significance of information security is evidenced by a rapid increase in information security investments. Despite the fact that information security has taken on a new level of importance, academic research on this subject is still in its infancy. A review of literature indicated that past studies largely took a resource based view, suggesting that organizations invest and develop a variety of IS resources so as to ease potential threats caused by information security breaches. However, the resourcebased perspective as used in previous studies was somewhat limited. Based on and extending from previous work, this study employed the resource-based view as a theoretical lens to examine the role that IS resources play in determining the level of information security. A field study was conducted to test the hypotheses. The results of the model testing show that IT human, relational, and infrastructure resources have significant impacts on information security.

show abstract

Section: Is Security Infrastructure Resourcesmentioning

confidence: 94%

Information systems resources and information security

Chang

Wang

2010

Inf Syst Front

View full text Add to dashboard Cite

show abstract

“…Our results support this association. Risk awareness has been shown to be an antecedent of the intention to engage in security behaviour in leisure and professional activity (Dutta and McCrohan, 2002;Von Solms and van Niekerk, 2013). Social learning theory and the acquisition of descriptive norms (what others do in such situations), provides an explanation as to why the propensity towards risk of certain individuals can be influenced through conceptual norm acquisition (Kashimaa et al, 2013).…”

Section: Empirical Findingsmentioning

confidence: 99%

The role of security notices and online consumer behaviour: An empirical study of social networking users

Benson

Saridakis

Tennakoon

et al. 2015

International Journal of Human-Computer Studies

View full text Add to dashboard Cite

a b s t r a c tThis paper uses a survey of social networking users to empirically explore their perceptions of security notices -independently verified artefacts informing internet site users that security measures are taken by the site owner. We investigate such factors as purchase experience, purchase intention, risk propensity, usage of various social network categories and user victimisation. The results suggest a strong positive link between purchase intention and paying attention to security notices/features on social networks. We find that higher use of narrow-purpose social networking services has a negative association with paying attention to security notices. We also show that users with higher risk propensity pay less attention to security notices/features. Finally, we find no association between purchase experience, user victimisation and perception of security notices/features. Our results provide new, and possibly more refined, evidence of the factors that influence the attention paid to security notices/features by social media users. The results have important implications for theory development, policy and practice.

show abstract

“…), training, education or the value of leadership [62] are valuable initiatives for the development of the information security culture [12,54]. It is probable that different levels of awareness raising, training and educational needs are generated for the individual employees in SMEs.…”

mentioning

confidence: 99%

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

et al. 2016

View full text Add to dashboard Cite

Abstract:The information society is increasingly more dependent on Information Security Management Systems (ISMSs), and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for "Information Security Management System in SMEs" developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha.) for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.

show abstract

Management's Role in Information Security in a Cyber Economy

Cited by 110 publications

References 0 publications

Information systems resources and information security

Information systems resources and information security

The role of security notices and online consumer behaviour: An empirical study of social networking users

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

Contact Info

Product

Resources

About