Theorizing the concept and role of assurance in information systems security

被引：17

作者：

Spears, Janine L. ^{[1
]}

Barki, Henri ^{[2
]}

Barton, Russell R. ^{[3
]}

机构：

[1] Depaul Univ, Coll Comp & Digital Media, Chicago, IL 60604 USA

[2] HEC Montreal 3000, Dept Informat Technol Implementat & Management, Montreal, PQ H3T 2A7, Canada

[3] Penn State Univ, Smeal Coll Business Adm, University Pk, PA 16802 USA

来源：

INFORMATION & MANAGEMENT | 2013年 / 50卷 / 07期

关键词：

Assurance; Information systems security; Institutional theory; Process maturity; Regulatory compliance; Organizational legitimacy;

D O I：

10.1016/j.im.2013.08.004

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Assurance has different meanings, depending on the source, audience, and interpretation. We applied institutional theory and the Capability Maturity Model to conceptualize assurance: its symbolic aspects to gain social acceptance, and its substantive aspects to improve organizational capability and effectiveness in performing IS security risk management (SRM). An empirical study examined assurance-seeking behavior and outcomes for regulatory compliance. Some degree of process maturity in SRM was found necessary for producing convincing verbal accounts and compliance evidence. Findings suggest that unless an organization's assurance claims are based on achieving Level 4 maturity, assurance will be based more on symbolism than effectiveness. (C) 2013 Elsevier B.V. All rights reserved.

引用

页码：598 / 605

页数：8

共 16 条

[1] Assessing 'good' qualitative research in the work psychology field: A narrative analysis [J].

Cassell, Catherine ;

Symon, Gillian .

JOURNAL OF OCCUPATIONAL AND ORGANIZATIONAL PSYCHOLOGY, 2011, 84 (04) :633-650

[2] Professionalization in action: Accountants' attempt at building a network of support for the WebTrust seal of assurance [J].

Gendron, Y ;

Barrett, M .

CONTEMPORARY ACCOUNTING RESEARCH, 2004, 21 (03) :563-602

[3] Seeking Qualitative Rigor in Inductive Research: Notes on the Gioia Methodology [J].

Gioia, Dennis A. ;

Corley, Kevin G. ;

Hamilton, Aimee L. .

ORGANIZATIONAL RESEARCH METHODS, 2013, 16 (01) :15-31

[4] Evaluating information assurance strategies [J].

Hamill, JT ;

Deckro, RF ;

Kloeber, JM .

DECISION SUPPORT SYSTEMS, 2005, 39 (03) :463-484

[5]

Hovav A, 2009, COMMUN ASSOC INF SYS, V25, P531

[6] The effects of Web assurance seals on consumers' initial trust in an online vendor: A functional perspective [J].

Hu, Xiaorui ;

Wu, Guohua ;

Wu, Yuhong ;

Zhang, Han .

DECISION SUPPORT SYSTEMS, 2010, 48 (02) :407-418

[7]

Johnson A., 2009, J INFORM PRIVACY SEC, V5, P3, DOI DOI 10.1080/15536548.2009.10855855

[8]

Kruger Hennie, 2010, Information Management & Computer Security, V18, P316, DOI 10.1108/09685221011095236

[9]

Mattord HJ, 2008, ADV MANAG INFORM SYS, V11, P69

[10]

Myers M. D., 2007, Information and Organization, V17, P2, DOI 10.1016/j.infoandorg.2006.11.001

← 1 2 →