Information Systems Security and Privacy


We investigate differences in perception between management and staff with regard to the influence of criticalsuccess factors (CSFs) on security risk management (SRM) effectiveness at a Fortune 500 company. Nine CSFs areconfirmed to exist in the organization. Management and staff agree that each CSF is important for SRMeffectiveness, but differ on the level of importance of each CSF. With regard to six of the nine CSFs (executivemanagement support, organization maturity, open communication, holistic view of organization, corporate securitystrategy, and human resource development), management and staff concur on their current implementation, and havea positive perception about their impact. The results also indicate that both management and staff are not satisfiedwith the current practices pertaining to risk management stakeholders, team member empowerment, and securitymaintenance. Recommendations are presented for the organization as part of possible solutions to counter thedissatisfaction with these three CSFs.