Measuring Effectiveness of Information Systems Security: An Empirical Research

The objective of the present research is to put forth a theoretical model that measures information systems security effectiveness in minimizing security breaches. Very few studies were undertaken in this area. The model includes a number of literature-supported constructs. A number of hypotheses based on the influence of these constructs on IS security effectiveness are presented. These hypotheses are grounded using the appropriate literature. In the next phase of the study, we intend to revise and empirically validate the model using a pilot study utilizing a number of practitioners from Brazil, Finland, and the United States. The data obtained from the pilot study will be used to make improvements on the initial instrument designed for the study. In the third stage of the research a large sample of data will be collected from the aforementioned countries and a regression analysis will be conducted on the data to investigate which constructs influence IS security effectiveness

Assessing the usage of personalized web information systems

Abstract The focus of this thesis is to assess factors which have an influence on the acceptance of personalized Web information systems (WIS). This study is primarily based on the widely used and accepted Technology Acceptance Model (TAM). The qualitative part of the study presents an approach for developing dynamic Web information systems. The development process was based on the work done in the OWLA (Open Web/Wireless Adaptive Hypermedia Applications) research project in 2000–2002. The quantitative part of the study, which includes the main objective of the study, is related to assessment of user acceptance of the given system. The researcher performed a field study in 2003 in which data was collected using a web questionnaire. The field study resulted in a sample size of 209 responses. Moreover we carried out a comparison with the 2002/2003 field study aiming to study possible differences in respondents' attitude toward personalization. The previous field study was carried out during the OWLA research project. The responses were analyzed using SPSS and AMOS. Results of the quantitative part of the study show that the respondents accept personalization but they like to and want to adapt and personalize the content themselves. This was one of the most important findings of the study. Respondents do not want the system to provide content automatically; they want to control the content themselves. The results of the 2003 field study indicate that respondents do not consider layout adaptation, whether automatic or manual, to be important or desirable. The formulated model reveals that perceived relevance is one of the most important aspects that have an effect on attitude toward using and intention to use the given IS. Perceived expectancy and intention to use the given WIS are significant antecedents of actual use. Perceived behavioral control and normative beliefs also have a significant effect on intention to use portal. Enjoyment has a significant effect on attitude. Overall, we have identified in this study some significant factors which will provide useful information to IS practitioners studying the voluntary adoption of specific personalized systems. The results will also provide useful information for systems designers and will contribute towards assessing possible individual barriers to the use of personalized information systems. The study includes several proposals for future research including developing deeper understanding activities related to presented development approach, creating a more detailed view of factors which have an influence on the user's decision to use or not to use personalized information system, studying several systems

To calculate or to follow others:how do information security managers make investment decisions?

Abstract Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents managers from applying cost- benefit analysis in practice. Instead, information security managers may follow experts’ recommendations or the practices of other organizations. The present paper examines factors that influence information security managers’ investment decisions from the reputational herding perspective. The study was conducted using survey questionnaire data collected from 106 organizations in Finland. The findings of the study reveal that the ability and reputation of the security manager and the strength of the information about the security investment significantly motivate the security manager to discount his or her own information. Herding, as a following strategy, together with mandatory requirements are significant motivations for information security investment