1 / 8

CIS 703 Seminar in Research Methods

Research Proposal. CIS 703 Seminar in Research Methods. Risk Perception and Organizational Culture of Risk Tolerance for Critical Information Systems. Philip Robbins, PMP, CISSP – December 3, 2012 Dr. Elizabeth Davidson, Ph.D.

yin
Download Presentation

CIS 703 Seminar in Research Methods

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Proposal CIS 703 Seminar in Research Methods Risk Perception and Organizational Culture of Risk Tolerance for Critical Information Systems Philip Robbins, PMP, CISSP – December 3, 2012 Dr. Elizabeth Davidson, Ph.D. Communication & Information Sciences Ph.D. ProgramUniversity of Hawai'i at Mānoa Disclaimer: The views expressed herein are the personal views of the author and are not intended to reflect the views of the Department of Defense or U.S. Federal Government.

  2. Implications • Social Informatics • Communicating Risk • Information Systems Risk Management • Enhanced cost-benefit analysis: why are IT security expenditures (costs) rapidly growing?

  3. Theory Risk perceptions cause government organizations and agencies, to adopt a culture of decreased risk tolerance and increased rigor in the Security Risk Analysis of Critical Information Systems, thereby, increasing protection for Information Security Services (i.e. Confidentiality, Integrity, and Availability) and costs.

  4. Is there a correlation between cyber related security incidentsand the release of cyber related policies / regulations? R1: Risk Perception Defined R2: Risk Perception and Risk Tolerance (Response) Is there a causal relationship between risk perceptions and decreased risk tolerance? R3: Risk Perception and Evolution of Methods (SRA) Is there a causal relationship between risk perceptions and increased rigor in the Security Risk Analysis of Critical Information Systems (Qualitative vs. Quantitative methods)?

  5. R4: Information Protection Does R2 and / or R3 have a causal relationship with the increased protection for Information Security Services and costs?

  6. Archival Research • Create timeline beginning with inception of FISMA (10 years ago) • Identify major cyber related security incidents • Identify cyber related (Federal & DoD) policies & regulations • Establish statistical significance for defining ‘Risk Perception’ • Survey • Random selection of government organizations and agencies • Establish risk tolerance as behavior of risk responses to pre-established security risks (i.e. avoidance, transference, mitigation, acceptance). • Establish SRA Rigor (Qualitative vs. Quantitative) • Security posture & associated annual expenditures (budget). Methodology

  7. Literature • Asnar, Y., & Zannone, N. (2008, October). Perceived risk assessment. InProceedings of the 4th ACM workshop on Quality of protection (pp. 59-64). ACM. • Kasperson, R. E., Renn, O., Slovic, P., Brown, H. S., Emel, J., Goble, R., ... & Ratick, S. (1988). The social amplification of risk: A conceptual framework.Risk analysis, 8(2), 177-187. • Mitchell, V. W. (1995). Organizational risk perception and reduction: a literature review. British Journal of Management, 6(2), 115-133

  8. Questions? probbins@hawaii.edu www2.hawaii.edu/~probbins

More Related