Security Risk Management

Abstract In this story, its have stress on importance of exploiter in participate on information earnest danger worry and its influence in the context of regulatory conformisms via a multi-method study at the organizational level. Along with associated outcomes, the types of activities and protection controls in which exploiters exponentiation as part of Sarbanes Oxley compliance also see to it here. Besides that, research lay also been develop in this paper on the purpose of the quantitative study and extant user company theories in the system development books.While the IS guarantor literature often portrays users as the weak link in security, the current study suggests that users may be an important resource to IS security by providing fateed business familiarity that contributes to more effective security measures. User society is also a means to engage users in protecting sensitive information in their business surgeryes. 1. 1 Introduction This name is bri efing about the problems that involve with information security example external threats likes hackers, viruses and people. there have deuce case why user participate in IS security risk management very valuable. Firstly, user awargonness of the risks to IS security is widely believed to be first harmonic effective IS security (Aytes and Connolly 2004 Furnell 2008 Goodhue and Straub 1991 Hu et al 2006 Siponen 2000a,2000b Straub and Welke 1998 Whitman 2004) and consequence is security control need to be aligned with business objectives to be effective (Alberts and Dorofee 2003 Halliday et al 1996 ITGI 2005 McAdams 2004 Suh and Han 2003).In this article concept of user fraternity have been characterized by extant theories and conceptualisation in IS security contexts. The studys multi method research concept is outlined and followed by a qualitative preliminary study that examined user intricacy in IS security risk management for regulatory compliance. A conjectural model b e informed by extant user friendship theories and the qualitative study is then tested in a confirmatory quantitative study. 1. 2 Content In this article, security risk management was discussing with the user participation with it.Security risk management is a free burning process of identifying and prioritizing IS security risk and implementing and monitoring controls. User participation is evaluate to add value to SRM, which in twirl contributes to effective controls that ultimately better security. SRM have a combination with data that have been collected and compendium method that used on separate samples to examine user participation. There has two method in examines user participation such as qualitative methods and quantitative methods.Qualitative methods provides a rich understanding of the activities, behaviours and assignments that define user participation in the context of SRM for regulatory and allowed a process model to be constructed by applying the three user pa rticipation. Quantitative methods test the theoretical model derived from the qualitative study and based on the researchers understanding (Lee 1991). cartel this two methods provides a rich context and testability to the study (Tsohou et al. 2008).In this paper, Sarbanas Oxley Act has be chosen for the study context as to mean locate an enough sized sample of companies employing user participation in SRM. Sox has two ground why them encourages business participation in SRM. First, ICOFR focuses on business process that impact financial information on publicly reported statements and second technical controls ge ared toward protecting the network perimeter from external threats are insufficient to manage internal threats and vulnerabilities embedded within business processes.An exploratory study was conducted to better understand the specific activities, behaviours and assignments that constitute user participation in SRM and to investigate their outcomes. To conduct the explorat ory study, informants with SOX experience were first determine and selected. Nine semi-structured interview were conducted with eleven informants from five companies in three countries, two interviews included two informants. A contextual narrative of user participation lays a anchoration for a subsequent examination of the effects of participation studied through the lens of three extant user participation theories.This three theories are The Buy-In Theory, The System Quality Theory and The Emergent interaction Theory. User participation in SRM was free-base to promote organizational sense of security risks and controls within targeted business processes, and facilitated greater alignment of SRM with business objectives, values, and needs. As a result, development and performance of security controls improved. Thus, user participation was found to add value to an organizations SRM. User participations effect was strongest in aligning SRM with the business context.In turn, use rs became more attentive as business-alignment increased. This finding suggests that users are likely to be more attentive when IS security is something to which they washbowl relate. That is, when SRM becomes part of business processes, and users are assigned hands-on SRM tasks, security becomes more visible and relevant to users. Consequently, user participation may be a mechanism for managing user perceptions on the importance of security. Accountability was found to contribute most to user participation in SRM.One explanation for this finding is that the study context was regulatory compliance for a law that requisite annual external audits. This finding suggests that regulation may provide an probability for security managers to engage business users in security risks and controls when regulatory compliance has a business process orientation. Secondly, regardless of regulation, study findings suggest that efforts at accountability for SRM may be more effective if there are r outine audits with documented results and follow-up for control deficiencies. 1. 3 ConclusionAlthough the IS security literature has often cited users as the weak link in IS security collect to user errors and negligence, the present study provides evidence that supports an opposing view. User participation raises organizational awareness of security risks and controls within business processes, which in turn contributes to more effective security control development and performance. Security managers can harness regulatory compliance as an opportunity to engage users, raise organizational awareness of security, and better align security measures with business objectives. . 4 References Alberts, C. , and Dorofee, A. 2003. Managing Information Security Risks The Octave Approach, Upper Saddle River, NJ Addison- Wesley. Aytes, K. , and Connolly, T. 2004. data processor Security and Risky Computing Practices A Rational Choice Perspective, diary of organizational and End User Computi ng (163), pp. 22-40. Lee, A. S. 1991. Integrating Positivist and interpretative Approaches to Organizational Research, Organization Science (24), pp. 342-365. Hu, Q. Hart, P. , and Cooke, D. 2006. The Role of External Influences on Organizational Information Security Practices An Institutional Perspective, in Proceedings of the 39th howdy International Conference on System Sciences, Los Alamitos, CA IEEE computer auberge Press. Tsohou, A. , Kokolakis, S. , Karyda, M. , and Kiountouzis, E. 2008. Process-Variance Models in Information Security Awareness Research, Information Management & Computer Security (163), pp. 271-287.