Research Magazine 2019

An exploratory study of organizational security risk management for improved effectiveness Angela Jackson-Summers (PhD Graduate) Humayun Zafar (Dissertation Chair) Traci Carte (Second Supervisor) Adriane Randolph (Reader)

Information technology (IT) executives are increasingly concerned about security threats and the total costs of data breaches. While organizations have made large investments (i.e. hardware, software) to solve these problems, IT executives believe they are not enough. Few studies have considered the organizational security risk management (SRM) process itself. This study assesses the SRM process and proposes three ways to strengthen it. First, it develops a customized SRM dictionary and a modified capability maturity model to assess security risk management-related textual content. Second, it uses validation feedback from information SRM experts to clarify differences in how leaders view SRM capability and maturity levels. Finally, it creates a conceptual model for future research testing of internal and external SRM capabilities based on the textual content assessment. Overview

12 | Doctoral Research Summaries

Made with FlippingBook - Online catalogs