Developing a Multi-Objective Decision Model for Maximizing IS Security within an Organization

Numerous IS researchers have argued that IS Security can be more effectively managed if the emphasis goes beyond the technical means of protecting information resources. In an effort to adopt a broader perspective that accounts for issues that transcend technical means alone, Dhillon and Torkzadeh (2006) present an array of 9 fundamental and 16 means objectives that are essential for maximizing IS security in an organization. These objectives were derived using a value-focused thinking approach and are organized into a conceptual framework. This conceptual framework provides a rigorous theoretical base for considering IS security in a manner that accounts for both technical and organizational issues; however, no direction is provided for using these objectives so that informed decisions can be made. As a result, the goal of this dissertation is to develop a decision model using Multiple Objective Decision Analysis (MODA) techniques that seek to provide informed alternatives to decision makers who desire to maximize IS security within an organization