Security Risk Management

1111 WordsNov 12, 20125 Pages
Abstract In this paper, it’s have stress on importance of user in participate on information security risk management and its influence in the context of regulatory compliances via a multi-method study at the organizational level. Along with associated outcomes, the types of activities and security controls in which user’s participation as part of Sarbanes – Oxley compliance also understand here. Besides that, research model also been develop in this paper on the finding of the quantitative study and extant user participation theories in the system development literature. While the IS security literature often portrays users as the weak link in security, the current study suggests that users may be an important resource to IS security by…show more content…
A contextual narrative of user participation lays a foundation for a subsequent examination of the effects of participation studied through the lens of three extant user participation theories. This three theories are The Buy-In Theory, The System Quality Theory and The Emergent Interaction Theory. User participation in SRM was found to raise organizational awareness of security risks and controls within targeted business processes, and facilitated greater alignment of SRM with business objectives, values, and needs. As a result, development and performance of security controls improved. Thus, user participation was found to add value to an organization’s SRM. User participation’s effect was strongest in aligning SRM with the business context. In turn, users became more attentive as business-alignment increased. This finding suggests that users are likely to be more attentive when IS security is something to which they can relate. That is, when SRM becomes part of business processes, and users are assigned hands-on SRM tasks, security becomes more visible and relevant to users. Consequently, user participation may be a mechanism for managing user perceptions on the importance of security. Accountability was found to contribute most to user participation in SRM. One explanation for this finding is that the study context was
Open Document