Examining how IT Professionals in SMEs Take Decisions About Implementing Cyber Security Strategy
2015 (English)In: PROCEEDINGS OF 9TH EUROPEAN CONFERENCE ON IS MANAGEMENT AND EVALUATION (ECIME 2015), Academic Conferences Limited, 2015, p. 231-239Conference paper, Published paper (Refereed)
Resource type
Text
Abstract [en]
With the significant growth of cyber space, business organizations have become more alert than ever before that cyber security must be considered seriously and that there is a need to develop up-to-date security measures. It has become an increasing trend that cyber-attackers concentrate more on small and medium than on large enterprises, due to their known vulnerability towards cyber security. In exchange of successful cyber security measures in organizations, the security risks must be taken into consideration more closely that could be helpful for re-thinking their decision-making on cyber security. This article develops a theoretical framework on cyber security with three aspects taken in consideration: organizational, technological and psychological, that deserves the attention of IT professionals while and after creating cyber security measures in their SMEs. The first two aspects (organizational and technological) focus on understanding the IT professionals' decision-making process, while the third aspect (psychological) focuses on understanding the IT professionals' post decision-making reactions. Firstly, the organizational aspect presupposes that the ones who create cyber security measures are exposed to unclear and undefined decision processes and rights that lead to system vulnerabilities. Secondly, the technological aspect focuses on disclosing how many IT professionals in their organizations fail to meet foundational technological measures, such as the existence of Internet firewall, logs of system events, existence of hardware and software inventory list, data backup, antivirus software and password rules. Lastly, the psychological aspect, explains how post cyber security decisions made by IT professionals may have a contra-effect on the organization. Our data analyses collected based on interviews with IT professionals across 6 organizations (SMEs) show that cyber security is yet to be developed among SMEs, an issue that must not be taken lightly. Results show that the IT professionals in these organizations need to strengthen and develop their security thinking, in order to decrease the vulnerability of informational assets among SMEs. We believe that a perspective on understanding decision-making processes upon the cyber security measures by IT professionals in SMEs may bring a theoretical redirection in the literature, as well as an important feedback to practice.
Place, publisher, year, edition, pages
Academic Conferences Limited, 2015. p. 231-239
Series
Proceedings of the European Conference on Information Management and Evaluation, ISSN 2048-8912
Keywords [en]
cyber security, SMEs, IT professionals, decision-making, security counter measures
National Category
Information Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:oru:diva-49725ISI: 000371980300028Scopus ID: 2-s2.0-84994175636ISBN: 978-1-910810-56-9 (print)OAI: oai:DiVA.org:oru-49725DiVA, id: diva2:917916
Conference
9th European Conference on Information Management and Evaluation (ECIME), Univ W England, Bristol, England, September 21-22, 2015
2016-04-082016-04-082018-07-03Bibliographically approved