Why there aren’t more information security research studies

Noting a serious lack of empirical research in the area of security risk management (SRM), we proposed a conceptual model based on the study of SRM at the firm level. Although considerable time and effort were expended in attempting to validate the usefulness of the proposed model, we were not succe...

Full description

Saved in:
Bibliographic Details
Published inInformation & management Vol. 41; no. 5; pp. 597 - 607
Main Authors Kotulic, Andrew G., Clark, Jan Guynes
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier B.V 01.05.2004
Elsevier Science
Elsevier Sequoia S.A
Subjects
Exact sciences and technology
Information and communication sciences
Information and communication technologies
Information science. Documentation
Information systems
IT strategy
Miscellaneous
Network security
Risk
Risk management
Sciences and techniques of general use
Security
Security risk management
Studies
Risk
Security
IT strategy
Security risk management
Information system
Risk factor
Safety
Risk analysis
Risk management
Computer security
Information technology
Security risk management: IT strategy
Firm
Firm strategy
Online AccessGet full text

Cover

More Information
Summary:Noting a serious lack of empirical research in the area of security risk management (SRM), we proposed a conceptual model based on the study of SRM at the firm level. Although considerable time and effort were expended in attempting to validate the usefulness of the proposed model, we were not successful. We provide here a description of our conceptual model, the methodology designed to test this model, the problems we faced while attempting to test the model, and our suggestions for those who attempt to conduct work in highly sensitive areas.
ISSN:0378-7206
1872-7530
DOI:10.1016/j.im.2003.08.001