Theorizing the concept and role of assurance in information systems security

Theorizing the concept and role of assurance in information systems security

Assurance has different meanings, depending on the source, audience, and interpretation. We applied institutional theory and the Capability Maturity Model to conceptualize assurance: its symbolic aspects to gain social acceptance, and its substantive aspects to improve organizational capability and...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Information & management 2013-11, Vol.50 (7), p.598-605
Hauptverfasser: Spears, Janine L., Barki, Henri, Barton, Russell R.
Format: Artikel
Sprache:eng
Schlagworte:
Applied sciences
Assurance
Compliance
Computer science
control theory
systems
Effectiveness studies
Exact sciences and technology
Firm modelling
Information systems
Information systems security
Institutional theory
Management theory
Memory and file management (including protection and security)
Memory organisation. Data processing
Operational research and scientific management
Operational research. Management science
Organizational behavior
Organizational legitimacy
Process maturity
Regulatory compliance
Risk management
Risk theory. Actuarial science
Security management
Software
Software engineering
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Assurance has different meanings, depending on the source, audience, and interpretation. We applied institutional theory and the Capability Maturity Model to conceptualize assurance: its symbolic aspects to gain social acceptance, and its substantive aspects to improve organizational capability and effectiveness in performing IS security risk management (SRM). An empirical study examined assurance-seeking behavior and outcomes for regulatory compliance. Some degree of process maturity in SRM was found necessary for producing convincing verbal accounts and compliance evidence. Findings suggest that unless an organization's assurance claims are based on achieving Level 4 maturity, assurance will be based more on symbolism than effectiveness.
ISSN:0378-7206
1872-7530
DOI:10.1016/j.im.2013.08.004