Explaining small business InfoSec posture using social theories. (14th November 2016)
- Record Type:
- Journal Article
- Title:
- Explaining small business InfoSec posture using social theories. (14th November 2016)
- Main Title:
- Explaining small business InfoSec posture using social theories
- Authors:
- Rohn, Eli
Sabari, Gilad
Leshem, Guy - Abstract:
- Abstract : Purpose: This study aims to investigate information technology security practices of very small enterprises. Design/methodology/approach: The authors perform a formal information security field study using a representative sample. Using the Control Objectives for IT (COBIT) framework, the authors evaluate 67 information security controls and perform 206 related tests. The authors state six hypotheses about the findings and accept or reject those using inferential statistics. The authors explain findings using the social comparison theory and the rare events bias theory. Findings: Only one-third of all the controls examined were designed properly and operated as expected. About half of the controls were either ill-designed or did not operate as intended. The social comparison theory and the rare events bias theory explain managers's reliance on small experience samples which in turn leads to erroneous comprehension of their business environment, which relates to information security. Practical implications: This information is valuable to executive branch policy makers striving to reduce information security vulnerability on local and national levels and small business organizations providing information and advice to their members. Originality/value: Information security surveys are usually over-optimistic and avoid self-incrimination, yielding results that are less accurate than field work. To obtain grounded facts, the authors used the field research approach toAbstract : Purpose: This study aims to investigate information technology security practices of very small enterprises. Design/methodology/approach: The authors perform a formal information security field study using a representative sample. Using the Control Objectives for IT (COBIT) framework, the authors evaluate 67 information security controls and perform 206 related tests. The authors state six hypotheses about the findings and accept or reject those using inferential statistics. The authors explain findings using the social comparison theory and the rare events bias theory. Findings: Only one-third of all the controls examined were designed properly and operated as expected. About half of the controls were either ill-designed or did not operate as intended. The social comparison theory and the rare events bias theory explain managers's reliance on small experience samples which in turn leads to erroneous comprehension of their business environment, which relates to information security. Practical implications: This information is valuable to executive branch policy makers striving to reduce information security vulnerability on local and national levels and small business organizations providing information and advice to their members. Originality/value: Information security surveys are usually over-optimistic and avoid self-incrimination, yielding results that are less accurate than field work. To obtain grounded facts, the authors used the field research approach to gather qualitative and quantitative data by physically visiting active organizations, interviewing managers and staff, observing processes and reviewing written materials such as policies, procedure and logs, in accordance to common practices of security audits. … (more)
- Is Part Of:
- Information and computer security. Volume 24:Number 5(2016)
- Journal:
- Information and computer security
- Issue:
- Volume 24:Number 5(2016)
- Issue Display:
- Volume 24, Issue 5 (2016)
- Year:
- 2016
- Volume:
- 24
- Issue:
- 5
- Issue Sort Value:
- 2016-0024-0005-0000
- Page Start:
- 534
- Page End:
- 556
- Publication Date:
- 2016-11-14
- Subjects:
- Data protection -- Disaster recovery -- Computer security -- Auditing -- Business continuity -- Resilience
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-09-2015-0041 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 987.xml