Books and journals Case studies Expert Briefings Open Access
Advanced search

Perception of risk and the strategic impact of existing IT on information security strategy at board level

Elspeth McFadzean (Centre for Business in the Digital Economy, Henley Management College, Henley on Thames, UK)
Jean‐Noel Ezingeard (Centre for Business in the Digital Economy, Henley Management College, Henley on Thames, UK)
David Birchall (Centre for Business in the Digital Economy, Henley Management College, Henley on Thames, UK)

Online Information Review

ISSN: 1468-4527

Publication date: 2 October 2007

Abstract

Purpose

–

Information security is becoming increasingly more important as organisations are endangered by a variety of threats from both its internal and external environments. Many theorists now advocate that effective security policies should be created at senior management level. This is because executives are able to evaluate the organisation using a holistic approach as well as having the power to ensure that new systems and procedures are implemented in a timely manner. There is, however, a continuing lack of understanding regarding the strategic importance of managing information security. In addition, there is a gap in the literature on the relationship between directors and information security strategy. This paper attempts to close this gap by exploring how directors perceive their organisation's security and what factors influence their decisions on the development and implementation of information security strategy.

Design/methodology/approach

–

The research is based on constructivist grounded theory. Forty‐three interviews were conducted at executive level in 29 organisations. These interviews were then coded and analysed in order to develop new theory on directors' perception of risk and its effect on the development and implementation of information security strategy.

Findings

–

The analysis shows that senior managers' engagement with information security is dependent on two key variables: the strategic importance of information systems to their organisation and their perception of risk. Additionally, this research found that these two variables are affected by both organisational contextual factors and the strategic and operational actions undertaken within the business. Furthermore, the results demonstrated that the two board variables also have an impact on the organisation's environment as well as its strategic and operational actions. This paper uses the data gathered from the interviews to develop a model of these factors. In addition, a perception grid is constructed which illustrates the potential concerns that can drive board engagement.

Practical implications

–

The paper illustrates the advantages of using the perception grid to understand and develop current and future information security issues.

Originality/value

–

The paper investigates how organisational directors perceive information security and how this perception influences the development of their information security strategy.

Keywords

  • Boards
  • Information control
  • Data security
  • Perception
  • Governance

Citation

McFadzean, E., Ezingeard, J. and Birchall, D. (2007), "Perception of risk and the strategic impact of existing IT on information security strategy at board level", Online Information Review, Vol. 31 No. 5, pp. 622-660. https://doi.org/10.1108/14684520710832333

Download as .RIS

Publisher

:

Emerald Group Publishing Limited

Copyright © 2007, Emerald Group Publishing Limited

Please note you do not have access to teaching notes

You may be able to access teaching notes by logging in via Shibboleth, Open Athens or with your Emerald account.
Login
If you think you should have access to this content, click the button to contact our support team.
Contact us

To read the full version of this content please select one of the options below

You may be able to access this content by logging in via Shibboleth, Open Athens or with your Emerald account.
Login
To rent this content from Deepdyve, please click the button.
Rent from Deepdyve
If you think you should have access to this content, click the button to contact our support team.
Contact us
Emerald Publishing
  • Opens in new window
  • Opens in new window
  • Opens in new window
  • Opens in new window
© 2021 Emerald Publishing Limited

Services

  • Authors Opens in new window
  • Editors Opens in new window
  • Librarians Opens in new window
  • Researchers Opens in new window
  • Reviewers Opens in new window

About

  • About Emerald Opens in new window
  • Working for Emerald Opens in new window
  • Contact us Opens in new window
  • Publication sitemap

Policies and information

  • Privacy notice
  • Site policies
  • Modern Slavery Act Opens in new window
  • Chair of Trustees governance statement Opens in new window
  • COVID-19 policy Opens in new window
Manage cookies

We’re listening — tell us what you think

  • Something didn’t work…

    Report bugs here

  • All feedback is valuable

    Please share your general feedback

  • Member of Emerald Engage?

    You can join in the discussion by joining the community or logging in here.
    You can also find out more about Emerald Engage.

Join us on our journey

  • Platform update page

    Visit emeraldpublishing.com/platformupdate to discover the latest news and updates

  • Questions & More Information

    Answers to the most commonly asked questions here