skip to main content
10.1145/1940941.1940954acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinfoseccdConference Proceedingsconference-collections
research-article

A primer on carrying out a successful yet rigorous security risk management based case study

Published: 01 October 2010 Publication History

Abstract

Information security is a complex, multidimensional issue that can have a significant impact on organizations. For organizations, understanding potential threats, educating personnel in security awareness, and establishing and executing security policies are a part of the security culture. Methods of research in information security have been proposed and compared at length, but have not been used to their full extent in organizational level studies. The perceived intrusive nature of information security based studies has been mentioned as a leading cause of lack of research in this area. We considered prior recommendations with regard to information security research and applied them to our own study pertaining to a security risk management (SRM) program at a Fortune 500 firm. We were able to successfully allay many of the concerns that management may have had, and completed the study with positive results. The purpose of this paper is to present the research method that was used successfully. We implemented prior recommendations and modified them to address our research question: What is the impact of perceived CSFs on the perceived effectiveness of an organization's SRM program? Our study included creation of a validated instrument.
  1. A primer on carrying out a successful yet rigorous security risk management based case study

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    InfoSecCD '10: 2010 Information Security Curriculum Development Conference
    October 2010
    187 pages
    ISBN:9781450302029
    DOI:10.1145/1940941
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    • KSU - CISE: KSU Center for InfoSec Education
    • ISSA: The Metro Atlanta Information Systems Security Association

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 October 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. role theory
    2. security
    3. security risk management

    Qualifiers

    • Research-article

    Conference

    InfoSecCD '10
    Sponsor:
    • KSU - CISE
    • ISSA

    Acceptance Rates

    Overall Acceptance Rate 18 of 23 submissions, 78%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 0
      Total Downloads
    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 11 Feb 2025

    Other Metrics

    Citations

    View Options

    View options

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media