Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning
E. Weishäupl, E. Yasasin, G. Schryen, Computers & Security 77 (2018) 807–823.
Download
JOURNAL VERSION.pdf
809.49 KB
Journal Article
| English
Author
Weishäupl, Eva;
Yasasin, Emrah;
Schryen, GuidoLibreCat
Abstract
The need to protect resources against attackers is reflected by huge information security investments of firms worldwide. In the presence of budget constraints and a diverse set of assets to protect, organizations have to decide in which IT security measures to invest, how to evaluate those investment decisions, and how to learn from past decisions to optimize future security investment actions. While the academic literature has provided valuable insights into these issues, there is a lack of empirical contributions. To address this lack, we conduct a theory-based exploratory multiple case study. Our case study reveals that (1) firms? investments in information security are largely driven by external environmental and industry-related factors, (2) firms do not implement standardized decision processes, (3) the security process is perceived to impact the business process in a disturbing way, (4) both the implementation of evaluation processes and the application of metrics are hardly existent and (5) learning activities mainly occur at an ad-hoc basis.
Keywords
Publishing Year
Journal Title
Computers & Security
Volume
77
Page
807 - 823
LibreCat-ID
Cite this
Weishäupl E, Yasasin E, Schryen G. Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security. 2018;77:807-823.
Weishäupl, E., Yasasin, E., & Schryen, G. (2018). Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security, 77, 807–823.
@article{Weishäupl_Yasasin_Schryen_2018, title={Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning}, volume={77}, journal={Computers & Security}, publisher={Elsevier}, author={Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}, year={2018}, pages={807–823} }
Weishäupl, Eva, Emrah Yasasin, and Guido Schryen. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security 77 (2018): 807–23.
E. Weishäupl, E. Yasasin, and G. Schryen, “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning,” Computers & Security, vol. 77, pp. 807–823, 2018.
Weishäupl, Eva, et al. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security, vol. 77, Elsevier, 2018, pp. 807–23.
All files available under the following license(s):
Copyright Statement:
This Item is protected by copyright and/or related rights. [...]
Main File(s)
File Name
JOURNAL VERSION.pdf
809.49 KB
Access Level
Open Access
Last Uploaded
2018-12-13T15:06:10Z