@inproceedings{c62f7280246d460eaa0d31676cc04ee6,
title = "Beyond technical aspects of information security: Risk culture as a success factor for IT risk management",
abstract = "Increasing numbers of security incidents such as malware or hacker attacks prompt companies to spend billions of dollars on protecting their information systems. In this context IT risk management (ITRM) has become an important organizational function to control internal and external risks associated with IT. Much effort has been put on mitigating IT risks by means of physical, procedural, and technological solutions. However, the socio-cultural perspective of managing these risks has largely been ignored and thus a {"}cultural gap{"} in ITRM can be identified. This paper introduces risk culture as an essential component of an integrated IT risk management and presents a theoretically motivated framework for analyzing the construct risk culture. Based on this framework we conducted a case study that underpins the crucial role of a vital risk culture in an organization. From the empirical findings we derived important factors for establishing risk culture such as (among others) communication campaigns or top-management involvement.",
keywords = "IT risk management, Information security, Information security culture, Risk culture, Security awareness",
author = "Stefanie Jahner and Helmut Krcmar",
year = "2005",
language = "English",
isbn = "9781604235531",
series = "Association for Information Systems - 11th Americas Conference on Information Systems, AMCIS 2005: A Conference on a Human Scale",
pages = "3217--3226",
booktitle = "Association for Information Systems - 11th Americas Conference on Information Systems, AMCIS 2005",
note = "11th Americas Conference on Information Systems, AMCIS 2005 ; Conference date: 11-08-2005 Through 15-08-2005",
}