A Holistic View on Organizational IT Security: The Influence of Contextual Aspects During IT Security Decisions

Heidt, Margareta
Gerlach, Jin
Buxmann, Peter
Journal Title
Journal ISSN
Volume Title
Decisions regarding organizational IT security are often approximated by models drawing on normative statistical decision theories even though several IS researchers and studies in cognate disciplines have argued for the importance of contextual aspects. Based on findings in organizational and behavioral science and 25 expert interviews, this paper proposes a framework, postulating that IT security (investment) decisions are largely influenced by such contextual aspects: organizational, environmental, economic, and not least of all by cognitive and behavioral aspects of decision-makers. Subsequently, we review organizational IT security literature building on Straub and Welke’s Security Risk Planning Model and the previously postulated conceptual framework. This critical literature review highlights the scarcity of studies analyzing IT security decision-making from a behavioral, environmental, and organizational perspective and thus argues for the importance and future consideration of contextual aspects regarding IT security decisions.
Information Security and Privacy in Business and Society, Organizational Systems and Technology, decision, investment, IT security, risk planning model, SME
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.