TY - GEN
T1 - Critical success factors for an effective security risk management program
T2 - 17th Americas Conference on Information Systems 2011, AMCIS 2011
AU - Zafar, Humayun
AU - Clark, Jan G.
AU - Ko, Myung
AU - Au, Yoris A.
PY - 2011
Y1 - 2011
N2 - We investigate differences in perception between management and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness at a Fortune 500 company. Nine CSFs are confirmed to exist in the organization. Management and staff agree that each CSF is important for SRM effectiveness, but differ on the level of importance of each CSF. With regard to six of the nine CSFs (executive management support, organization maturity, open communication, holistic view of organization, corporate security strategy, and human resource development), management and staff concur on their current implementation, and have a positive perception about their impact. The results also indicate that both management and staff are not satisfied with the current practices pertaining to risk management stakeholders, team member empowerment, and security maintenance. Recommendations are presented for the organization as part of possible solutions to counter the dissatisfaction with these three CSFs.
AB - We investigate differences in perception between management and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness at a Fortune 500 company. Nine CSFs are confirmed to exist in the organization. Management and staff agree that each CSF is important for SRM effectiveness, but differ on the level of importance of each CSF. With regard to six of the nine CSFs (executive management support, organization maturity, open communication, holistic view of organization, corporate security strategy, and human resource development), management and staff concur on their current implementation, and have a positive perception about their impact. The results also indicate that both management and staff are not satisfied with the current practices pertaining to risk management stakeholders, team member empowerment, and security maintenance. Recommendations are presented for the organization as part of possible solutions to counter the dissatisfaction with these three CSFs.
KW - Critical success factors
KW - Information security
KW - Security risk management
UR - http://www.scopus.com/inward/record.url?scp=84870351490&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:84870351490
SN - 9781618390981
T3 - 17th Americas Conference on Information Systems 2011, AMCIS 2011
SP - 312
EP - 322
BT - 17th Americas Conference on Information Systems 2011, AMCIS 2011
Y2 - 4 August 2011 through 8 August 2011
ER -