Managing IS security risks is a top concern for business organizations because of the significant negative impact of IS security breaches. Spending on IS security is expected to exceed $30 billion this year, yet in spite of these investments losses in excess of $15 billion are anticipated to occur because of security breaches. Current IS security research and practice is dominated by the development of ever more sophisticated technologies for security control and compromise detection. However, there is a relative dearth of insights that help firms to understand the socio-organizational challenges of managing the deployment and use of these tools to prevent IS security compromises. The goal of this panel session is to present different but complementary perspectives on the evaluation of current approaches to IS security management, and to provide an impetus for future IS research and education agendas that will lead to more sophisticated management approaches to addressing IS security challenges.
Mooney, John; Chun, Mark; Hovav, Anat; George, Joey; and Griffy-Brown, Charla, "Are Prevailing Theories and Practices of IS Security Management Adequate? An Evaluation and Call to Action" (2005). AMCIS 2005 Proceedings. 400.