Why there aren’t more information security research studies
Noting a serious lack of empirical research in the area of security risk management (SRM), we proposed a conceptual model based on the study of SRM at the firm level. Although considerable time and effort were expended in attempting to validate the usefulness of the proposed model, we were not succe...
Saved in:
Published in | Information & management Vol. 41; no. 5; pp. 597 - 607 |
---|---|
Main Authors | , |
Format | Journal Article |
Language | English |
Published |
Amsterdam
Elsevier B.V
01.05.2004
Elsevier Science Elsevier Sequoia S.A |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Noting a serious lack of empirical research in the area of security risk management (SRM), we proposed a conceptual model based on the study of SRM at the firm level. Although considerable time and effort were expended in attempting to validate the usefulness of the proposed model, we were not successful. We provide here a description of our conceptual model, the methodology designed to test this model, the problems we faced while attempting to test the model, and our suggestions for those who attempt to conduct work in highly sensitive areas. |
---|---|
ISSN: | 0378-7206 1872-7530 |
DOI: | 10.1016/j.im.2003.08.001 |