The process of information security risk management (ISRM) enables an organization to not only identify risks specific to its information and assets, but also to assess the impact and likelihood of a threat occurrence. Despite significant interest and investment in ISRM, its organizational practice still has deficiencies since it is not considered a standard management process of an organization and lacks evidence based decision making. Business analytics (BA) presents organizations with a unique opportunity to base their ISRM upon continuous monitoring and data analysis, thereby helping executives make timely, data driven security decisions in a proactive manner. In this research in progress paper, we utilize Resource-based Theory (RBT) to develop a research model that explains how interaction between the capabilities of security analytics and ISRM results in the development of an enhanced, high level analytics enabled ISRM. This in turn impacts overall security performance. We define the model based on an extensive analysis of the BA and ISRM literature. The model also provides a basis for future empirical work including focus groups, case studies and a survey.
Naseer, Humza; Maynard, Sean; and Ahmad, Atif, "BUSINESS ANALYTICS IN INFORMATION SECURITY RISK MANAGEMENT: THE CONTINGENT EFFECT ON SECURITY PERFORMANCE" (2016). Research-in-Progress Papers. 13.