Factors Comprising Effective Risk Communication, Decision-Making, and Measurement of IT and IA Risk

Factors Comprising Effective Risk Communication, Decision-Making, and Measurement of IT and IA Risk

Ricardo Daza (University of Fairfax, USA) and Kathleen M. Hargiss (University of Fairfax, USA)
DOI: 10.4018/IJSITA.2018010102

Abstract

This article focuses on factors that comprise effective risk communication, decision-making, and measurement of information technology (IT)/ information assurance (IA) risk. A review of the extant literature provided the basis for the formulation of research questions. The sample population consisted of senior IT/IA practitioners from Florida chapters of information security professional organizations. Results of this study found that decision making, and measurement are all factors in effective risk communication of IT/IA risk to non-IT personnel. This research has implications for both IT/IA practitioners and recipients of risk communication through the identification of factors which influence IT/IA professionals in how and why IT/IA risk communication take place, and consequently, how to simplify and improve its effectiveness.
Article Preview
Top

Introduction

For years the information technology (IT) department, and by extension, the information assurance (IA) department, has been perceived by board members and senior management as “someone who is managing back-office technology” (Wysopal, 2015). This is in part due to the inability of the departments to communicate using a common language. The IT/IA department speaks geek and managers speak business. According to Wysopal (2015), Chief Information Security Officers (CISOs) need to communicate the level of risk in terms that board members can understand, namely using numbers not acronyms. This study examined the challenges of how to effectively communicate IT/IA risk information to an extra-departmental audience. The effectiveness of that communication is judged by both the quality of the information relayed in the message and the decisions they affect.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): 3 Released, 1 Forthcoming
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing