A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory

2015 | International Conference on Information Systems | Citations: 0

Authors: Weishäupl, Eva; Yasasin, Emrah; Schryen, Guido

Abstract: The protection of information technology (IT) has become and is predicted to rem ... Expand

Abstract: The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economictechnological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopting the Resource-Based View and the Organizational Learning Theory. The joint application of these theories allows to conceptualize in one theoretical model the organizational learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security investments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical examples. Collapse

Topics: data security business process management IT security organizational productivity organization learning

Methods: literature study synthesis

Theories: resource based view of the firm organizational learning theory information systems theory game theory

Investigating the Impact of CIO Competencies on IT Security Performance of the U.S. Federal Government Agencies

2012 | Information Systems Management | Citations: 0

Authors: Khallaf, Ashraf; Majdalawieh, Munir

Abstract: Based on data gathered from the Federal Information of Security Management Act r ... Expand

Abstract: Based on data gathered from the Federal Information of Security Management Act reports, agencies' IT budget, and Chief Information Officers' competencies, we find that IT security performance is positively associated with Chief Information Officers who have technical skills, long tenure, and domain experience. However, managerial skills appear to have a stronger positive impact on IT security performance when Chief Information Officer's report directly to agency heads. These results suggest that agency's heads should consider specific Chief Information Officer's capabilities when making strategic decisions to appoint or promote new Chief Information Officers. Collapse

Topics: Chief Information Officer IT security IT investment IT security training IT skill

Methods: regression analysis method multivariate statistics chi squared test descriptive statistic robustness check

Theories: dynamic capabilities theory

Strategic Role of Human Resource Management in Information Security Management

2010 | Americas Conference on Information Systems | Citations: 0

Authors: Wipawayangkool, Kamphol

Abstract: This paper overall aims to encourage researchers and managers to consider the ro ... Expand

Abstract: This paper overall aims to encourage researchers and managers to consider the role of human resource management (HRM) in the field of information security management (ISM) more seriously. This paper suggests that with more strategically active role of HRM through a combination of selection, training, and pay practices, organizations not only can manage people issues in ISM particularly security awareness and insider threats more effectively, but may be able to sustain competitive advantage of the organizations. This paper provides an initial framework and provokes thoughts on the topic for future researchers and practitioners in both ISM and HRM fields. Collapse

Topics: competitive advantage insider threat IT security training human resource management usability