The Roles of IT Strategies and Security Investments in Reducing Organizational Security Breaches

He, Li; Yoo, Sung-jin; Kettinger, William J.

doi:10.1080/07421222.2021.1870390

Cited by 34 publications

(7 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When considering the impact of information security investments on data breaches, companies must consider the impact of institutional factors and balance them. Li et al ( 2021 ) found that IT security investments have different effects on security breaches in organizations with different approaches to making digitalized progress. Li W, Leung ACM, Yue WT ( 2022 ) stated that there is a dynamic interrelationship between IT investments and data breaches.…”

Section: Literature Reviewmentioning

confidence: 99%

Data security crisis in universities: identification of key factors affecting data breach incidents

Jiang

Xiao

Zhang

2023

Humanit Soc Sci Commun

View full text Add to dashboard Cite

The extremely complex and dynamic digital environments of universities make them highly vulnerable to the risk of data breaches. This study empirically investigated the factors influencing data breach risks in the context of higher education, according to crime opportunity theory and routine activity theory. The data consisted of university samples from China and were collected mainly from the Chinese Education Industry Vulnerability Reporting Platform. After applying Poisson regression for the estimation, increased public disclosure of vulnerabilities was found to escalate the frequency of data breaches, whereas cross-border data flow decreased the number of data breaches. Furthermore, the mechanism by which academic strength affects data breaches was examined through the two mediators of cross-border data flow and vulnerability disclosure. In addition, cloud adoption reduced data breaches, and public clouds were determined to be relatively more secure than private clouds. Cloud adoption also acted as a moderator between the negative impact of vulnerabilities and the positive impact of cross-border data flow on data breaches. The estimation and robustness findings revealed the underlying mechanisms that impacted university data security, clarifying the understanding of data breaches and suggesting practical implications for universities and other institutes to improve information security. The findings of this study provide insights and directions for future research.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Data security crisis in universities: identification of key factors affecting data breach incidents

Jiang

Xiao

Zhang

2023

Humanit Soc Sci Commun

View full text Add to dashboard Cite

show abstract

“…The consensus indicates that the adoption of new digital technologies progresses alongside the emergence of more convenient and capable technologies. According to Li et al (2021), this means that organizations are also likely to upgrade their corporate security environments with upgrades to their information security environments. Many published studies have dealt with certain aspects of specific industries adopting new technologies, including risk analysis (Karanja and Rosso, 2017; Inskeep, 2019; Li et al , 2021; Ritchey, 2020), and while this can be extended to apply to security convergence, there are few direct resources designed to guide or analyze a broad approach to security convergence operations.…”

Section: Prior Convergence Studiesmentioning

confidence: 99%

Organizational perspectives on converged security operations

Mattord,

Kotwica,

Whitman

et al. 2023

ICS

View full text Add to dashboard Cite

Purpose The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises. Design/methodology/approach This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence? Findings In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel. Research limitations/implications This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn. Practical implications Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations. Social implications Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats. Originality/value Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

show abstract

“…Dimensions Li, Yoo & Kettinger [49] Information security, security of decision making and communication processes, security of the ICT infrastructure.…”

Section: Authormentioning

confidence: 99%

Shaping Frugal Innovation Processes, and Ensuring Security and Sustainable Development of Enterprises in the Environment

Woźniak

Wereda

2023

Sustainability

View full text Add to dashboard Cite

This article discusses the importance of 28 different activities—aimed at shaping innovative processes, e.g., connected with costs and efficiency, employment, production waste, cooperation with external entities, innovation policy and regulations, social acceptance, as well as value management—in ensuring the security and sustainable development of enterprises in the environment. The objective of the study is to estimate the level of the importance of specific factors/activities related to shaping the frugal innovation processes in ensuring the security and sustainable development of enterprises, as well as the identification of the main groups of these factors/activities, and the comparison of enterprises in terms of the importance of these factors/activities in ensuring security and sustainable development. The study used both an inductive and a deductive approach. It used the cluster analysis (k-mean method), the analysis of descriptive statistics, and the following statistical tests: Kolmogorov–Smirnov test for one sample, Kruskal–Wallis test for independent samples, and U Mann–Whitney test for independent samples. In the study, four basic components were identified, which were used for subsequent quantitative verification of six research hypotheses. The study included 200 large enterprises from the most innovative sectors in Poland. The study showed that factors/activities related to the implementation of frugal innovation processes are of moderately high importance in ensuring the security and sustainable development of enterprises in the environment, as well as innovative enterprises that are dominated by entities characterized by the high importance of all factors/activities related to the implementation of frugal innovation processes in ensuring their safety and sustainable development in the environment. Furthermore, there are no statistically significant differences between enterprises in the importance of factors/activities related to the implementation of frugal innovation processes in ensuring the security and sustainability of these enterprises in the environment in the case of entities with different: lengths of service (i.e., the age of the enterprise), scale of operation, average annual turnovers, as well as profile of operation (i.e., the sector).

show abstract

The Roles of IT Strategies and Security Investments in Reducing Organizational Security Breaches

Cited by 34 publications

References 53 publications

Data security crisis in universities: identification of key factors affecting data breach incidents

Data security crisis in universities: identification of key factors affecting data breach incidents

Organizational perspectives on converged security operations

Shaping Frugal Innovation Processes, and Ensuring Security and Sustainable Development of Enterprises in the Environment

Contact Info

Product

Resources

About