UT Dallas Study Examines How Organizations Fight Data Breaches
Dr. Huseyin Cavusoglu, an associate professor of information systems at the Naveen Jindal School of Management at the University of Texas at Dallas, is the lead author on a study that examines why differences exist in the level of information security control resources at different businesses and organizations. The study was published in the June edition of Information & Management.
Cavusoglu and his team surveyed mid-level and senior IT managers about their organizations’ operations and security practices. The researchers received responses from IT managers at 241 organizations of varying sizes from different industries.
The study suggested that organizations should invest in qualified information security personnel, security technologies, and security awareness of organizational users. However, because organizations have different perceptions of security risks, they have varied levels of information security controls.
Cavusoglu summarized the study’s findings on why different organizations have different information security controls: “We found that coercive pressures — stemming from business partners or industry and government regulations — and normative pressures — rooted in information security practices of partners, as well as the firm’s exposure to security best practices through professional organizations, trade shows, conferences and security publications — largely impact the firms’ investments in security control resources.”
Cavusoglu also observes that the study shows that information security is about both the technology used to ward of security threats and the knowledge that employees have for managing information security.
“Employees should understand that they play an important role in safeguarding the information assets of their organizations and keep themselves up-to-date with the contemporary security threats,” said Cavusoglu. “Businesses should pay close attention to security education, which can change employees from being the weakest link in security to the biggest safeguard for security.”