This document summarizes a systematic literature review on how information availability drives information security investments. The review found that while a few studies confirm information availability can directly increase such investments, most literature so far has only indirectly linked information to investments through raising awareness of security needs. The review also noted literature has focused more on developing new evaluation tools than directly examining the relationship between information and investments. Moving forward, the authors encourage more research directly investigating how information availability impacts security spending.
Semelhante a Dang and Nkhoma (2013), "Information Availability as Driver of Information Security Investments: a Systematic Review Approach", ICIME 2013
Semelhante a Dang and Nkhoma (2013), "Information Availability as Driver of Information Security Investments: a Systematic Review Approach", ICIME 2013 (20)
Dang and Nkhoma (2013), "Information Availability as Driver of Information Security Investments: a Systematic Review Approach", ICIME 2013
1. Information Availability as Driver of
Information Security Investments:
A Systematic Review Approach
Duy P.T. Dang & Mathews Z. Nkhoma
2. The problems
Making investment decisions for information security is difficult:
–Too much uncertainty / asymmetric information
–What are the values of information security investments?
–How to measure ROI?
Low information security investments
Firms are at risks against cyber-threats
4. Research questions
• RQ1: What have been done to investigate their
driving function since 2007?
• RQ2: Can information availability (internal and
external) drive information security investments?
Information Availability’s role in investment is
emphasised
5. Research methodology
• Systematic Literature Review
–Contemporary literature review method
–Covers detailed information during the LR process that is
identifiable and reproducible for future research
• Consists of two parts:
–Descriptive analysis:
Provides the big picture of the literature’s theme
Descriptive statistics to identify the trends over periods of time
–Thematic analysis:
How to reproduce the LR process
Identify the themes and analyse the collected data to come up
with organised findings
6. Research findings (1) – Descriptive Analysis
RQ1: What have been done to investigate IA driving function
since 2007?
8. Research findings (2) – Thematic Analysis
RQ2: Can information availability (internal and external) drive
information security investments?
• Few confirmatory studies indicate that information can directly drive
information security investments; despite
–The exploratory literature suggests information availability can
contribute to evaluation of needs to invest in information security
–Focuses much on development of new tools and methods to
evaluate information security investments
9. Synthesis and the way forward
• We encourage future research to focus on
investigating the driving function of Information
Availability to information security investments
• We are also conducting an ongoing research on
this topic by surveying 500+ IT decision-makers
in Vietnam
This is good opportunity to conduct quantitaive and modeling research to use theory to test the concepts that were drawn out from tour literature review
And to encourage future research on this topic of IA driving functino, I would like to show you one of the results from our ongoing studyThe graph shows that 30.16 percent of Vietnamaeseorganisations indicated that internal technical and recommendations are the main drivers of their info securitinvesmtnets. Therefore, it shows that there are a lot of opportunities for future research to investigate deeper into the subject matter of IA driving function so that we can solve this piece of puzzle in informatino security investment field.