Theoretical Practices on Information Security and Risk Management

1790 Words8 Pages
Technological advances continue to evolve at a continually increasing rate. Despite these improving increases in technology, the utilization of theoretical frameworks in risk management or information security may be deficient due to the inadequate substantiation of the theory. Furthermore, academic research to corroborate existing theories relevant to risk management or information security is underway, but current research may not be supportive of existing theories. According to Chuy et al. (2010), the roles of theories may not be fully understood and arguably used by others in the research process. In this article, a discussion will be presented on several theories regarding information security and risk management. Additionally, the selected theories will be compared to the implied use to information security and risk. In addition, a brief analysis of each theory will be conducted regarding whether abundant research exists on the specific theory that can be used by the academic community and others. Finally, a discussion will be offered on any challenges that may arise for each theory that does not have sufficient supportive research. Theoretical Discussion Information security and risk has become a priority for organization vying to protect a network and organizational data from unscrupulous entities (Zhao, Xue, & Whinston, 2013). In the operation of systems and/or processes, theoretical frameworks may be used to assist organizations in the development of security control measures that support the denial of threats such as phishing attacks and rootkit installations (Sun, Srivastava, & Mock, 2006). In addition, Sun et al. (2006) summarized that theoretical frameworks assist in methodologies associated with the identi... ... middle of paper ... ...g in the Dempster–Shafer theory. International Journal of Approximate Reasoning, 52(8), 1124-1135. doi:10.1016/j.ijar.2011.06.003 Srivastava, R. P., Mock, T. J., & Gao, L. (2011). The Dempster-Shafer theory: An introduction and fraud risk assessment illustration. Australian Accounting Review, 21(3), 282-291. doi:10.1111/j.1835-2561.2011.00135.x Sun, L., Srivastava, R. P., & Mock, T. J. (2006). An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. Journal of Management Information Systems, 22(4), 109-142. Retrieved from Zhao, X., Xue, L., & Whinston, A. B. (2013). Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. Journal of Management Information Systems, 30(1), 123-152. Retrieved from 10.2753/MIS0742-1222300104

More about Theoretical Practices on Information Security and Risk Management

Open Document