Juhee Kwon - Purdue University

Oct 21, 2009

Size: 551.7MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

"Information Security Management and IT Executives in a Top Management Team"

Abstract

As information assets have become a critical factor for enterprises to stay competitive, there is an increasing awareness of information security management. However, they are easily overlooked by those who focus only on the IT side, failing to see that human resources and policies are the most likely cause of information risks, which need to become real enterprise-wide and strategic issues. This paper examines the impacts of an IT executive’s structural status in Top Management Teams (TMTs) on information security risk management. E-Business has made it imperative for IT executives to adopt cross-functional roles due to the increased importance of securing and managing risks to information assets across the enterprise. Therefore, IT executive representation and status in a TMT is necessary to strategically and operationally conduct liaison activities between IT groups and other business units. However, there is little empirical research examining the effects of IT executives’ structural status on managing information security risks. We employ logistical regression to examine the data from 2003 to 2008 with information security breach reports and executive compensation data. We augment this data with IT internal controls information provided by external auditors. Our results demonstrate high IT executive engagement and fair compensation are associated with reduced levels of both IT internal controls weaknesses and reported information security breaches. Second, we find that pay dispersion in a TMT increases the probability of information security breaches, while IT executive turnover is not significantly associated with breaches. As a comprehensive analysis across the accounting, human resources, and information systems literature, this study gives firms new insights into how they set IT executive compensation strategies as well as delegate authority and responsibility for ensuring confidentiality, integrity, and availability of information assets.

About the Speaker

Juhee Kwon is currently a Ph.D. candidate of Management Information Systems at Krannert School of Management, Purdue University. Her primary research interests cover Information Security and Privacy. Although the primary interest is in information security, her research interest spans e-Commerce, Accounting Information Systems, and Telecommunication with cross-selling.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Coming Up!

Our annual security symposium will take place on April 7 & 8, 2020.
Purdue University, West Lafayette, IN

More Information