Beyond technical aspects of information security: Risk culture as a success factor for IT risk management

Stefanie Jahner, Helmut Krcmar

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Increasing numbers of security incidents such as malware or hacker attacks prompt companies to spend billions of dollars on protecting their information systems. In this context IT risk management (ITRM) has become an important organizational function to control internal and external risks associated with IT. Much effort has been put on mitigating IT risks by means of physical, procedural, and technological solutions. However, the socio-cultural perspective of managing these risks has largely been ignored and thus a "cultural gap" in ITRM can be identified. This paper introduces risk culture as an essential component of an integrated IT risk management and presents a theoretically motivated framework for analyzing the construct risk culture. Based on this framework we conducted a case study that underpins the crucial role of a vital risk culture in an organization. From the empirical findings we derived important factors for establishing risk culture such as (among others) communication campaigns or top-management involvement.

Original languageEnglish
Title of host publicationAssociation for Information Systems - 11th Americas Conference on Information Systems, AMCIS 2005
Subtitle of host publicationA Conference on a Human Scale
Pages3217-3226
Number of pages10
StatePublished - 2005
Event11th Americas Conference on Information Systems, AMCIS 2005 - Omaha, NE, United States
Duration: 11 Aug 200515 Aug 2005

Publication series

NameAssociation for Information Systems - 11th Americas Conference on Information Systems, AMCIS 2005: A Conference on a Human Scale
Volume7

Conference

Conference11th Americas Conference on Information Systems, AMCIS 2005
Country/TerritoryUnited States
CityOmaha, NE
Period11/08/0515/08/05

Keywords

  • IT risk management
  • Information security
  • Information security culture
  • Risk culture
  • Security awareness

Fingerprint

Dive into the research topics of 'Beyond technical aspects of information security: Risk culture as a success factor for IT risk management'. Together they form a unique fingerprint.

Cite this