Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us
Newsroom

Corporate Information Security Investment Decisions: A Qualitative Data Analysis Approach

Daniel Schatz, Rabih Bashroush

Source Title: International Journal of Enterprise Information Systems (IJEIS) 14(2)

DOI: 10.4018/IJEIS.2018040101

OnDemand:

(Individual Articles)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

This article describes how with information security steadily moving up on board room agendas, security programs are found to be under increasing scrutiny by practitioners. This level of attention by senior business leaders is new to many security professionals as their field has been of limited interest to non-executive directors so far. Currently, they have to regularly report on efficiency and value of their security capabilities whilst being measured against business priorities. Based on the Grounded Theory approach, the authors analysed the data gathered in a series of interviews with senior professionals in order to identify key factors in the context of information security investment decisions. The authors present detailed findings in context of a simplified framework that security practitioners can utilise for critical review or improvements of investment decisions in their own environments. Extensive details for each category as extracted through a qualitative data analysis are provided along with a category network analysis that highlights strong relationships within the framework.

Article Preview

Top

1. Introduction

Information asset security has been a subject of extensive research over the past years, largely focusing on technological risks. While there was early research on the economic impact of information security risks (Ekenberg, Oberoi, & Orci, 1995; Finne, 1997; Francke & Blind, 1996), academic research had been limited until the turn of the millennium when papers by Hoo (2000), Anderson (2001), as well as Gordon and Loeb (2002) raised levels of interest regarding this topic. However, studies remain focussed on the fast-moving area of information security risks in general. Much of the security economics research, particularly earlier approaches, is firmly footed in theoretical model space, leaving key challenges unmentioned or unsolved. Although such models are contributing towards a better approach for information security investments, they often suffer from their overly theoretical methodology and, as such, are not properly well suited for real-world application. The aim of this study is to identify current practices of information security investment prioritisation and evaluation in organisations. Based on a series of semi-structured interviews, a qualitative data analysis approach is followed so as to understand key factors, core challenges, and common practices as experienced by information security practitioners. In particular, this paper investigates the following research questions:

•
How are information security investments in organisations currently approached by practitioners?
•
What are the key factors and challenges considered by practitioners in relation to information security investments?
•
How do information security management systems and information security governance models support practitioners in this regard?
•
How are traditional accounting metrics (net present value (NPV), return on investment (ROI), etc.) used?

The remainder of the paper is structured as follows: in the next section, related work is presented. Section 3 discusses the research methodology and design, as well as the interview framework including sample strategy, data collection procedures, coding approach and analysis. Section 4 presents the results of the data analysis process including details on the responses of participants. And finally, in Sections 5 and 6, the limitations of the approach presented in this study are thoroughly reviewed and conclusive thoughts are provided.

Complete Article List

Search this Journal:

Reset

Volume 20: 1 Issue (2024): Forthcoming, Available for Pre-Order

Volume 19: 1 Issue (2023)

Volume 18: 4 Issues (2022): 1 Released, 3 Forthcoming

Volume 17: 4 Issues (2021)

Volume 16: 4 Issues (2020)

Volume 15: 4 Issues (2019)

Volume 14: 4 Issues (2018)

Volume 13: 4 Issues (2017)

Volume 12: 4 Issues (2016)

Volume 11: 4 Issues (2015)

Volume 10: 4 Issues (2014)

Volume 9: 4 Issues (2013)

Volume 8: 4 Issues (2012)

Volume 7: 4 Issues (2011)

Volume 6: 4 Issues (2010)

Volume 5: 4 Issues (2009)

Volume 4: 4 Issues (2008)

Volume 3: 4 Issues (2007)

Volume 2: 4 Issues (2006)

Volume 1: 4 Issues (2005)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference

Corporate Information Security Investment Decisions: A Qualitative Data Analysis Approach

Abstract

1. Introduction

Complete Article List