Information Security Management and IT Executives in a Top Management Team
Juhee Kwon - Purdue University
Oct 21, 2009Size: 551.7MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractAs information assets have become a critical factor for enterprises to stay competitive, there is an increasing awareness of information security management. However, they are easily overlooked by those who focus only on the IT side, failing to see that human resources and policies are the most likely cause of information risks, which need to become real enterprise-wide and strategic issues. This paper examines the impacts of an IT executive’s structural status in Top Management Teams (TMTs) on information security risk management. E-Business has made it imperative for IT executives to adopt cross-functional roles due to the increased importance of securing and managing risks to information assets across the enterprise. Therefore, IT executive representation and status in a TMT is necessary to strategically and operationally conduct liaison activities between IT groups and other business units. However, there is little empirical research examining the effects of IT executives’ structural status on managing information security risks. We employ logistical regression to examine the data from 2003 to 2008 with information security breach reports and executive compensation data. We augment this data with IT internal controls information provided by external auditors. Our results demonstrate high IT executive engagement and fair compensation are associated with reduced levels of both IT internal controls weaknesses and reported information security breaches. Second, we find that pay dispersion in a TMT increases the probability of information security breaches, while IT executive turnover is not significantly associated with breaches. As a comprehensive analysis across the accounting, human resources, and information systems literature, this study gives firms new insights into how they set IT executive compensation strategies as well as delegate authority and responsibility for ensuring confidentiality, integrity, and availability of information assets.
About the SpeakerJuhee Kwon is currently a Ph.D. candidate of Management Information Systems at Krannert School of Management, Purdue University. Her primary research interests cover Information Security and Privacy. Although the primary interest is in information security, her research interest spans e-Commerce, Accounting Information Systems, and Telecommunication with cross-selling.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.