The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2012 vol.10)
pp: 60-68
James A. Pettigrew III , National Geospatial-Intelligence Agency
Julie J.C.H. Ryan , George Washington University
ABSTRACT
How do IT security managers make decisions in the absence of empirical data, and how do they know these decisions are successful? Some security managers seem more successful at making decisions than others. Are they guessing, or are they using some tacit knowledge? To address these questions, a study employed open-ended interviews with highly regarded, experienced security practitioners.
INDEX TERMS
information security management, security decision-making, qualitative research, computer security
CITATION
James A. Pettigrew III, Julie J.C.H. Ryan, "Making Successful Security Decisions: A Qualitative Evaluation", IEEE Security & Privacy, vol.10, no. 1, pp. 60-68, January/February 2012, doi:10.1109/MSP.2011.128
REFERENCES
1. J.J.C.H. Ryan and D.J. Ryan, "Expected Benefits of Information Security Investments," Computers & Security, vol. 25, no. 8, 2006, pp. 579–588.
2. D.J. Bryant, "Rethinking OODA: Toward a Modern Cognitive Framework of Command Decision Making," Military Psychology, vol. 18, no. 3, 2006, pp. 183–206.
3. S. Kvale and S. Brinkmann, InterViews: Learning the Craft of Qualitative Research Interviewing, Sage Publications, 2009.
4. R. Jones and G. Nobel, "Grounded Theory and Management Research: A Lack of Integrity?" Qualitative Research in Organizations and Management: An Int'l J., vol. 2, no. 2, 2007, pp. 84–103.
5. M.A. Roberto, Why Great Leaders Don't Take Yes for an Answer: Managing for Conflict and Consensus, Wharton School Publishing/Pearson Education, 2005.
6. D. Vaughan, The Challenger Launch Decision: Risky Technology, Culture, and Deviance at NASA, Univ. of Chicago Press, 1996.
7. J.J.C.H. Ryan and D.J. Ryan, "Performance Metrics for Information Security Risk Management," IEEE Security & Privacy, vol. 6, no. 5, 2008, pp. 38–44.
8. M.A. Roberto, Know What You Don't Know: How Great Leaders Prevent Problems before They Happen, Wharton School Publications, 2009.
9. G. Guest, A. Bunce, and L. Johnson, "How Many Interviews Are Enough? An Experiment with Data Saturation and Variability," Field Methods, vol. 18, no. 1, 2006, pp. 59–82.
10. J. Reason, Managing the Risk of Organizational Accidents, Ashgate, 1997.
20 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool