Beyond economic and financial analyses : A revelatory study of IT security investment decision-making process
Kohli, R., Sarker, S., Siponen, M., & Karjalainen, M. (2022). Beyond economic and financial analyses : A revelatory study of IT security investment decision-making process. In WISP 2022 : Proceedings of the 17th Workshop on Information Security and Privacy. Association for Information Systems. https://aisel.aisnet.org/wisp2022/13/
Päivämäärä
2022Oppiaine
TietojärjestelmätiedeEmpirical Cyber Security and Software EngineeringInformation Systems ScienceEmpirical Cyber Security and Software EngineeringTekijänoikeudet
© Association for Information Systems 2022
Information Technology (IT) security breaches and the extent of damage they may cause to an organization are inherently uncertain. Therefore, managers’ decisions about whether to make IT security investment (ITSI) and how much, depend upon a subjective assessment of the economic value of the investment and the likelihood of the damage to the organization. When managers delay or fail to decide on whether and how much to invest in IT security, it can make organizations vulnerable to operational and strategic perils. Based upon interviews, document reviews, and observations in three organizations in Finland that made ITSI decisions to acquire a secure email application system, we examined the process through which ITSI decisions were made. Using institutional logics as the theoretical scaffolding, we find that ITSI decisions are driven by more than economic and financial analyses. We find that when stakeholders’ logics conflict with each other’s logics, framing through discourse gives way to a dominant logic, or a hybrid logic which in turn results in an ITSI decision outcome. Trigging events, within or outside the organizations, can lead to iterations of the decision-making process. Using the metaphor of a spiral, we illustrate the repetitive iterations through which institutional logics shape stakeholders’ ITSI decision-making process.
...
Julkaisija
Association for Information SystemsKonferenssi
Pre-ICIS Workshop on Information Security and PrivacyKuuluu julkaisuun
WISP 2022 : Proceedings of the 17th Workshop on Information Security and PrivacyAsiasanat
Alkuperäislähde
https://aisel.aisnet.org/wisp2022/13/Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/182723941
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Effects of contextual variables on strategic investment decision-making styles : An empirical study from Pakistan
Imran, Sehar; Rautiainen, Antti (Elsevier BV, 2022)There is a gap in the literature of strategic investment decision making (SIDM) concerning the links between context variables, infrastructure and SIDM practices (or SIDM styles) in developing countries. This research aims ... -
Information Security Risk Assessments following Cybersecurity Breaches : The Mediating Role of Top Management Attention to Cybersecurity
Shaikh, Faheem Ahmed; Siponen, Mikko (Elsevier, 2023)Information Systems (IS) research on managerial response to cybersecurity breaches has largely focused on externally oriented actions such as customer redressal and crisis response. Within the firm itself, a breach may be ... -
Towards an optimal self-assessment tool for information security investment decision-making
Kokkonen, Mika (2017)Aikaisempi tutkimus keskittyi pääasiallisesti taloudellisiin malleihin, joiden tarkoituksena oli auttaa organisaatioita tunnistamaan kuinka paljon heidän tulisi sijoittaa tietoturvallisuuteen. Nämä mallit pyrkivät tuottojen ... -
To Calculate or To Follow Others : How Do Information Security Managers Make Investment Decisions?
Shao, Xiuyan; Siponen, Mikko; Pahnila, Seppo (University of Hawai'i at Manoa, 2019)Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents ... -
The determinants affecting on the investment proposals adoption
Hirvonen, Pauliina (2016)Tietoturvallisuuden tutkimuksessa ei ole kyetty tunnistamaan tekijöitä, jotka vaikuttavat tietoturvallisuusaloitteiden onnistumiseen. Teoreettinen tutkimus lähestyy haastetta tarkastelemalla olemassa olevia tietotekniikan ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.