Paper Type

Complete

Abstract

This paper explores whether IT professionals and audit professionals have different perceptions on the substantive and symbolic perspectives of information security assurance and examines the role of security configuration management (SCM) in this particular setting. A mixture of qualitative and quantitative approaches is conducted to address our research objectives. We apply the importance performance analysis (IPA) to indicate the differences in perceived importance and perceived controllability from both substantive and symbolic perspectives with these two professional groups. In addition, SCM plays an important role to better recognize the important information security dimensions and enhance IT and audit professionals’ confidences controlling and managing these dimensions. The importance performance analysis (IPA) also helps to determine the strengths and weaknesses of the information security program to issue remedial strategic actions more efficiently. Implications for both research and practice are discussed.

Share

COinS
 
Aug 10th, 12:00 AM

Information Security Assurance and the Role of Security Configuration Management from Substantive and Symbolic Perspectives

This paper explores whether IT professionals and audit professionals have different perceptions on the substantive and symbolic perspectives of information security assurance and examines the role of security configuration management (SCM) in this particular setting. A mixture of qualitative and quantitative approaches is conducted to address our research objectives. We apply the importance performance analysis (IPA) to indicate the differences in perceived importance and perceived controllability from both substantive and symbolic perspectives with these two professional groups. In addition, SCM plays an important role to better recognize the important information security dimensions and enhance IT and audit professionals’ confidences controlling and managing these dimensions. The importance performance analysis (IPA) also helps to determine the strengths and weaknesses of the information security program to issue remedial strategic actions more efficiently. Implications for both research and practice are discussed.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.