Juhee Kwon - Purdue University
"Information Security Management and IT Executives in a Top Management Team"
Oct 21, 2009Download: MP4 Video Size: 551.7MB
Watch on YouTube
AbstractAs information assets have become a critical factor for enterprises to stay competitive, there is an increasing awareness of information security management. However, they are easily overlooked by those who focus only on the IT side, failing to see that human resources and policies are the most likely cause of information risks, which need to become real enterprise-wide and strategic issues. This paper examines the impacts of an IT executive’s structural status in Top Management Teams (TMTs) on information security risk management. E-Business has made it imperative for IT executives to adopt cross-functional roles due to the increased importance of securing and managing risks to information assets across the enterprise. Therefore, IT executive representation and status in a TMT is necessary to strategically and operationally conduct liaison activities between IT groups and other business units. However, there is little empirical research examining the effects of IT executives’ structural status on managing information security risks. We employ logistical regression to examine the data from 2003 to 2008 with information security breach reports and executive compensation data. We augment this data with IT internal controls information provided by external auditors. Our results demonstrate high IT executive engagement and fair compensation are associated with reduced levels of both IT internal controls weaknesses and reported information security breaches. Second, we find that pay dispersion in a TMT increases the probability of information security breaches, while IT executive turnover is not significantly associated with breaches. As a comprehensive analysis across the accounting, human resources, and information systems literature, this study gives firms new insights into how they set IT executive compensation strategies as well as delegate authority and responsibility for ensuring confidentiality, integrity, and availability of information assets.
About the Speaker
Juhee Kwon is currently a Ph.D. candidate of Management Information Systems at Krannert School of Management, Purdue University. Her primary research interests cover Information Security and Privacy. Although the primary interest is in information security, her research interest spans e-Commerce, Accounting Information Systems, and Telecommunication with cross-selling.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...