Understanding User Participation in Information Security Risk Management

  • Mohd Sharudin Mat Deli
  • Jarin Fathima Ahmad
  • Noor Hafizah Hassan
  • Nurazean Maarop
  • Ganthan Narayana Samy
  • Mohd Shahidan Abdullah
  • Suraya Yaacob

Abstract

Risk management is the continuing process to control and manage the risk in organisation for identifying, accessing and controlling threats to an organisation’s capital and earning. The implementation of information security risk management (ISRM) helps to address the risks to information processed by an organisation that may help the organisation to manage the risk effectively. Involving the user throughout the process of ISRM is important to ensure that it provides an effective security risk management (SRM). There are limited evidence shows that user participation is important in ISRM. Therefore, the aim of this paper to investigate user participation in ISRM from user participation and access control constructs. A quantitative method is implemented by distributing a questionnaire to two different organisational backgrounds to 20 respondents. This paper presents the initial findings that user participation play a significant role towards ISRM by presenting the results from the two constructs. The findings contribute to the body of knowledge that understanding user participation in ISRM shows that the process of risk management is different between two organisational backgrounds.

Published
May 21, 2018
How to Cite
MAT DELI, Mohd Sharudin et al. Understanding User Participation in Information Security Risk Management. Open International Journal of Informatics, [S.l.], v. 5, n. 1, p. 1-8, may 2018. ISSN 2289-2370. Available at: <http://publication.ais.utm.my/ojs/index.php/oiji/article/view/35>. Date accessed: 12 dec. 2018.