Purpose – The purpose of this paper is to examine the effectiveness of decision making in IT acquisition and security, and the disparity between the two domains. The paper postulates that improving decision processes during acquisition increases decision makers' security consciousness and security posture. Design/methodology/approach – Semi‐structured interviews were conducted with 15 IT decision makers of small‐to‐medium sized organizations using questions derived from previous research in psychology, HCI, and MIS. Questions from the security and acquisition areas were coded based upon a predefined rubric and correlation testing was performed. The author chose to focus on small‐to‐medium sized organizations since they often lack sufficient background and resources to address IT security concerns. Findings – Analysis suggests a significant positive correlation between the effectiveness of acquisition decision making and organizational security posture and attitudes, further suggesting that small improvements in acquisition decision making may result in substantial improvements in an organization's security posture. Research limitations/implications – The sample size of 15 organizations is not sufficient for population generalization. This research instead focused on analyzing the effect of certain decisions, attitudes, and behaviours on acquisition and security. Originality/value – Increased security concerns, such as cyber‐attacks and regulation, require organizations to proactively plan for and address security requirements. Tools/software are insufficient to properly address organizational security and do not address failure or flaws in human decision making. These findings can help organizations to better understand and improve their internal decision making processes and security consciousness, and avoid common pitfalls which allow for unaddressed risk.
Information Management & Computer Security – Emerald Publishing
Published: Nov 23, 2012
Keywords: Organizational security; Business practices; Acquisition; SDLC; Decision making; Information technology
It’s your single place to instantly
discover and read the research
that matters to you.
Enjoy affordable access to
over 18 million articles from more than
15,000 peer-reviewed journals.
All for just $49/month
Query the DeepDyve database, plus search all of PubMed and Google Scholar seamlessly
Save any article or search result from DeepDyve, PubMed, and Google Scholar... all in one place.
Get unlimited, online access to over 18 million full-text articles from more than 15,000 scientific journals.
Read from thousands of the leading scholarly journals from SpringerNature, Wiley-Blackwell, Oxford University Press and more.
All the latest content is available, no embargo periods.
“Hi guys, I cannot tell you how much I love this resource. Incredible. I really believe you've hit the nail on the head with this site in regards to solving the research-purchase issue.”Daniel C.
“Whoa! It’s like Spotify but for academic articles.”@Phil_Robichaud
“I must say, @deepdyve is a fabulous solution to the independent researcher's problem of #access to #information.”@deepthiw
“My last article couldn't be possible without the platform @deepdyve that makes journal papers cheaper.”@JoseServera