Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning

E. Weishäupl, E. Yasasin, G. Schryen, Computers & Security (2018).

Download
OA 809.49 KB
Journal Article | English
Author
; ;
Abstract
The need to protect resources against attackers is reflected by huge information security investments of firms worldwide. In the presence of budget constraints and a diverse set of assets to protect, organizations have to decide in which IT security measures to invest, how to evaluate those investment decisions, and how to learn from past decisions to optimize future security investment actions. While the academic literature has provided valuable insights into these issues, there is a lack of empirical contributions. To address this lack, we conduct a theory-based exploratory multiple case study. Our case study reveals that (1) firms? investments in information security are largely driven by external environmental and industry-related factors, (2) firms do not implement standardized decision processes, (3) the security process is perceived to impact the business process in a disturbing way, (4) both the implementation of evaluation processes and the application of metrics are hardly existent and (5) learning activities mainly occur at an ad-hoc basis.
Publishing Year
Journal Title
Computers & Security
LibreCat-ID

Cite this

Weishäupl E, Yasasin E, Schryen G. Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security. 2018.
Weishäupl, E., Yasasin, E., & Schryen, G. (2018). Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security.
@article{Weishäupl_Yasasin_Schryen_2018, title={Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning}, journal={Computers & Security}, publisher={Elsevier}, author={Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}, year={2018} }
Weishäupl, Eva, Emrah Yasasin, and Guido Schryen. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security, 2018.
E. Weishäupl, E. Yasasin, and G. Schryen, “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning,” Computers & Security, 2018.
Weishäupl, Eva, et al. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security, Elsevier, 2018.
Main File(s)
File Name
Access Level
OA Open Access
Last Uploaded
2018-12-13T15:06:10Z


Export

Marked Publications

Open Data LibreCat

Search this title in

Google Scholar