Critical Success Factors for an Effective Security Risk Management Program: An Exploratory Case Study at a Fortune 500 Firm

Authors

Humayun Zafar, Kennesaw State UniversityFollow
Jan G. Clark, The University of Texas at San AntonioFollow
Myung Ko, University of Texas at San AntonioFollow
Yoris A. Au, The University of Texas at San AntonioFollow

Track

Information Systems Security and Privacy

Abstract

We investigate differences in perception between management and staff with regard to the influence of criticalsuccess factors (CSFs) on security risk management (SRM) effectiveness at a Fortune 500 company. Nine CSFs areconfirmed to exist in the organization. Management and staff agree that each CSF is important for SRMeffectiveness, but differ on the level of importance of each CSF. With regard to six of the nine CSFs (executivemanagement support, organization maturity, open communication, holistic view of organization, corporate securitystrategy, and human resource development), management and staff concur on their current implementation, and havea positive perception about their impact. The results also indicate that both management and staff are not satisfiedwith the current practices pertaining to risk management stakeholders, team member empowerment, and securitymaintenance. Recommendations are presented for the organization as part of possible solutions to counter thedissatisfaction with these three CSFs.

Recommended Citation

Zafar, Humayun; Clark, Jan G.; Ko, Myung; and Au, Yoris A., "Critical Success Factors for an Effective Security Risk Management Program: An Exploratory Case Study at a Fortune 500 Firm" (2011). AMCIS 2011 Proceedings - All Submissions. 35.
https://aisel.aisnet.org/amcis2011_submissions/35