Our findings indicate that the information security investment decision-making process contains 14 phases and 16 concepts that affect and are affected by these phases.
Speakers Davi Ottenheimer, Professor Raskin, and Professor Richards will help to forecast and frame the themes of the conference, including: (1) how best to regulate and govern emerging tech in ethical ways; (2) data privacy and information security; (3) algorithmic decision-making and accountability; and (4) cyberwar and information warfare.
While the pilot project will be limited to invited information security experts, the consensus decisions reached by the group will be made public.
This paper opens new avenues for information security awareness research with regard to security decision making and proposes practical recommendations for planning and delivering security awareness programs, so as to exploit and alleviate the effect of cognitive and cultural biases on shaping risk perceptions and security behavior.
Users of computing systems and devices frequently make decisions related to information security, e. g., when choosing a password, deciding whether to log into an unfamiliar wireless network.
In recent weeks Hewlett-Packard, eBay and information security company Symantec have all announced decisions to split their business units in two in order to meet the needs of a rapidly changing business landscape.
Information security is gaining widespread importance in distributed decision support systems [T.S. Raghu, and H. Chen, Cyberinfrastructure for homeland security: Advances in information sharing, data mining, and collaboration systems. Decision Support Systems 43 (2007) 1321 1323].
Using grounded theory, we present a conceptual model that reflects the most up-to-date decision-making practices regarding information security investment in organizations for several industries.
Difficulties in measuring the costs and benefits of information security investments cloud the vision of the rational decision-maker.
Naturally, with both C-level positions increasing in importance, and with concern over risk management growing, overarching security decisions have become divided between the two, information security vs. corporate compliance, both equally serious but straddling a very blurry line.
