...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Information management & computer security >Management versus security specialists: an empirical study on security related perceptions
【24h】

Management versus security specialists: an empirical study on security related perceptions

机译:管理与安全专家:关于安全相关观念的实证研究

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Purpose - The purpose of this study is to explore the rationale that governs implementation of information systems and network security expenditures through a case study approach. Design/methodology/approach - The research method took the form of a mixed-method assessment of the perceptions of persons of authority in the management and the network security areas of an organization that has implemented network security protocols. Two stages of the research process were completed in order to gather the necessary data for the study. The first stage of the study was the administration of a Likert-type questionnaire in which respondents answered 30 unique items on network security. In the second phase of the study, a number of responders were contacted to further expand upon the themes presented in the Likert-type questionnaire. Findings - Empirical evidence gathered justifies theoretical claims that personnel from general management have different perspectives towards network security than personnel from the network security management. In particular, the study indicates that such differences are demonstrated on a number of areas such as the effectiveness and the efficiency of the networked system; control of network security; security-related decision-making processes; and users of the network. The latter being the most controversial issue with one side indicating that users should be allowed to use the network in an efficient manner, and the other side emphasizing that users pose one of the greatest security risks to the system. Research limitations/implications - The limitations of the study are found in its focus on a specific company and on its perception-centred nature of risk and risk analysis. No two persons identify and frame risk in an identical manner. This creates potential conflict of interest when the participants within a risk assessment process approach the issues and present their arguments as to how to best identify and respond to risks. Practical implications - Through comparing and contrasting the perspectives of the two sample populations, the research assists in demonstrating how, why, and to what extent specific problems are recognized by those within management and those within network security. This allowed the analysis of how these problems are defined and what steps can be taken that would help to reduce or eliminate its impact in the organization used in our case study. Originality/value - It has been argued in the literature that there is lack of empirically based research to explore and effectively analyze the perceptions held by management and by security specialists within organizations with respect to security. This paper presents the results of the application of a novel two-stage framework on an empirical case study focused on a large national bank. The work allowed the identification of the various perceptions held by management and by security specialists, and the degree to which these perceptions are similar.
机译:目的-本研究的目的是通过案例研究方法探讨管理信息系统和网络安全支出实施的基本原理。设计/方法/方法-研究方法采取了混合方法评估的形式,该评估方法是对已实施网络安全协议的组织的管理和网络安全领域中的权威人士的看法。为了收集研究所需的数据,完成了研究过程的两个阶段。研究的第一阶段是管理李克特型问卷,受访者回答了30个有关网络安全的独特项目。在研究的第二阶段,与许多响应者进行了联系,以进一步扩展Likert型问卷的主题。调查结果-收集的经验证据证明,理论上的一般管理人员与网络安全管理人员对网络安全的看法不同。特别是,研究表明,这种差异在许多领域得到了证明,例如网络系统的有效性和效率。控制网络安全;与安全有关的决策过程;和网络用户。后者是最有争议的问题,一方面表明应该允许用户以有效的方式使用网络,另一方面表明用户对系统构成了最大的安全风险之一。研究的局限性/含义-研究的局限性在于对特定公司的关注以及对风险和风险分析的以感知为中心的本质。没有两个人以相同的方式识别和确定风险。当风险评估过程中的参与者处理问题并提出他们关于如何最好地识别和应对风险的论据时,这会造成潜在的利益冲突。实际意义-通过比较和对比两个样本人群的观点,该研究有助于说明管理人员和网络安全人员如何,为何以及在何种程度上识别出特定问题。这样就可以分析这些问题的定义方式以及可以采取哪些步骤来减少或消除其对我们案例研究中所用组织的影响。原创性/价值-文献中曾指出,缺乏基于经验的研究来探索和有效地分析管理层和组织内的安全专家对安全性的看法。本文介绍了一个新颖的两阶段框架在针对大型国有银行的经验案例研究中的应用结果。通过这项工作,可以确定管理层和安全专家所持的各种看法,以及这些看法的相似程度。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号