Critical success factors for an effective security risk management program: An exploratory case study at a fortune 500 firm

Humayun Zafar, Jan G. Clark, Myung Ko, Yoris A. Au

Research output: Contribution to book or proceedingConference articlepeer-review

Abstract

We investigate differences in perception between management and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness at a Fortune 500 company. Nine CSFs are confirmed to exist in the organization. Management and staff agree that each CSF is important for SRM effectiveness, but differ on the level of importance of each CSF. With regard to six of the nine CSFs (executive management support, organization maturity, open communication, holistic view of organization, corporate security strategy, and human resource development), management and staff concur on their current implementation, and have a positive perception about their impact. The results also indicate that both management and staff are not satisfied with the current practices pertaining to risk management stakeholders, team member empowerment, and security maintenance. Recommendations are presented for the organization as part of possible solutions to counter the dissatisfaction with these three CSFs.

Original languageEnglish
Title of host publication17th Americas Conference on Information Systems 2011, AMCIS 2011
Pages312-322
Number of pages11
StatePublished - 2011
Event17th Americas Conference on Information Systems 2011, AMCIS 2011 - Detroit, MI, United States
Duration: Aug 4 2011Aug 8 2011

Publication series

Name17th Americas Conference on Information Systems 2011, AMCIS 2011
Volume1

Conference

Conference17th Americas Conference on Information Systems 2011, AMCIS 2011
Country/TerritoryUnited States
CityDetroit, MI
Period08/4/1108/8/11

Keywords

  • Critical success factors
  • Information security
  • Security risk management

Fingerprint

Dive into the research topics of 'Critical success factors for an effective security risk management program: An exploratory case study at a fortune 500 firm'. Together they form a unique fingerprint.

Cite this