Information Security Professionals' Perceptions about the Relationship between the Information Security and Internal Audit Functions

被引：24

作者：

Steinbart, Paul John ^{[1
]}

Raschke, Robyn L. ^{[2
]}

Gal, Graham ^{[3
]}

Dilla, William N. ^{[4
]}

机构：

[1] Arizona State Univ, Tempe, AZ 85287 USA

[2] Univ Nevada, Las Vegas, NV 89557 USA

[3] Univ Massachusetts, Amherst, MA 01003 USA

[4] Iowa State Univ, Ames, IA 50011 USA

来源：

JOURNAL OF INFORMATION SYSTEMS | 2013年 / 27卷 / 02期

关键词：

internal audit; information systems security; information security governance; perceptions; survey;

D O I：

10.2308/isys-50510

中图分类号：

F8 [财政、金融];

学科分类号：

0202 ;

摘要：

Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.

引用

页码：65 / 86

页数：22

共 50 条

[21] AUDIT AND INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION
Drastich, Martin
[J]. SBORNIK Z MEZINARODNI VEDECKE KONFERENCE ZNALOSTI PRO TRZNI PRAXI 2012: VYZNAM ZNALOSTI V AKTUALNI FAZI EKONOMICKEHO CYKLU, 2012, : 49 - 52
[22] The New Aspects for the Instantaneous Information Security Audit
Livshitz, Ilya I.
Nikiforova, Kseniya A.
Lontsikh, Pavel A.
Karasev, Sergey N.
[J]. PROCEEDINGS OF THE 2016 IEEE CONFERENCE ON QUALITY MANAGEMENT, TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&MQ&IS), 2016,
[23] The Simple Information Security Audit Process: SISAP
Raggad, Bel G.
Collar, Emilio, Jr.
[J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2006, 6 (06): : 189 - 198
[24] A model of Anshin about the information security
Nishioka, Dai
Murayama, Yuko
Saito, Yoshia
[J]. PROCEEDINGS OF THE 46TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, 2013, : 305 - 314
[25] Hash Functions and Information Theoretic Security
Bagheri, Nasour
Knudsen, Lars R.
Naderi, Majid
Thomsen, Soren S.
[J]. IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2009, E92A (12): : 3401 - 3403
[26] Deriving the Relationship between Organizational Culture and Information Security Culture
Hassan, Noor Hafizah
Ismail, Zuraini
[J]. VISION 2020: INNOVATION, DEVELOPMENT SUSTAINABILITY, AND ECONOMIC GROWTH, VOLS 1-3, 2013, : 926 - 932
[27] A Review on Information, Information Security and Security Processes
Canbek, Gurol
Sagiroglu, Seref
[J]. JOURNAL OF POLYTECHNIC-POLITEKNIK DERGISI, 2006, 9 (03): : 165 - 174
[28] The effect of disfluency on consumer perceptions of information security
Park, Yong-Wan
Herr, Paul M.
Kim, Byung Cho
[J]. MARKETING LETTERS, 2016, 27 (03) : 525 - 535
[29] USER PERCEPTIONS OF INFORMATION SECURITY: A MULTINATIONAL PERSPECTIVE
Cheskiewicz, S.
Colobran, M.
[J]. ICERI2016: 9TH INTERNATIONAL CONFERENCE OF EDUCATION, RESEARCH AND INNOVATION, 2016, : 4257 - 4257
[30] The effect of disfluency on consumer perceptions of information security
Yong-Wan Park
Paul M. Herr
Byung Cho Kim
[J]. Marketing Letters, 2016, 27 : 525 - 535

← 1 2 3 4 5 →