Information Security Professionals' Perceptions about the Relationship between the Information Security and Internal Audit Functions

被引：24

作者：

Steinbart, Paul John ^{[1
]}

Raschke, Robyn L. ^{[2
]}

Gal, Graham ^{[3
]}

Dilla, William N. ^{[4
]}

机构：

[1] Arizona State Univ, Tempe, AZ 85287 USA

[2] Univ Nevada, Las Vegas, NV 89557 USA

[3] Univ Massachusetts, Amherst, MA 01003 USA

[4] Iowa State Univ, Ames, IA 50011 USA

来源：

JOURNAL OF INFORMATION SYSTEMS | 2013年 / 27卷 / 02期

关键词：

internal audit; information systems security; information security governance; perceptions; survey;

D O I：

10.2308/isys-50510

中图分类号：

F8 [财政、金融];

学科分类号：

0202 ;

摘要：

Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.

引用

页码：65 / 86

页数：22

共 50 条

[41] ALPHACO: A TEACHING CASE ON INFORMATION TECHNOLOGY AUDIT AND SECURITY
不详
[J]. JOURNAL OF DIGITAL FORENSICS SECURITY AND LAW, 2006, 1 (01) : 61 - 68
[42] Description of a Practical Application of an Information Security Audit Framework
Pereira, Teresa
Santos, Henrique
[J]. PROCEEDINGS OF THE 10TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2011, : 315 - 322
[43] An Application of Probabilistic Risk Assessment to Information Security Audit
Satoh, Naoki
Kumamoto, Hiromitsu
[J]. AIC '09: PROCEEDINGS OF THE 9TH WSEAS INTERNATIONAL CONFERENCE ON APPLIED INFORMATICS AND COMMUNICATIONS: RECENT ADVANCES IN APPLIED INFORMAT AND COMMUNICATIONS, 2009, : 436 - +
[44] Methodology and Ontology of Expert System for Information Security Audit
Atymtayeva, Lyazzat B.
Bortsova, Gerda K.
Inoue, Atsushi
Kozhakhmet, Kanat T.
[J]. 6TH INTERNATIONAL CONFERENCE ON SOFT COMPUTING AND INTELLIGENT SYSTEMS, AND THE 13TH INTERNATIONAL SYMPOSIUM ON ADVANCED INTELLIGENT SYSTEMS, 2012, : 238 - 243
[45] The International Source of Innovation for the Information Security and IT Audit Professional
Spafford, Eugene H.
[J]. COMPUTERS & SECURITY, 2014, 43 : IV - IV
[46] An audit framework to support information system security management
Pereira, Teresa
Santos, Henrique M. Dinis
[J]. INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2010, 3 (03) : 265 - 277
[47] The International Source of Innovation for the Information Security and IT Audit Professional
Gritzalis, Dimitris
Furnell, Steven
[J]. COMPUTERS & SECURITY, 2009, 28 (07) : 491 - 492
[48] The Research on Security Audit for Information System Classified Protection
Lu, Hui
Cu, Xiang
Wang, Le
Jiang, Yu
Cui, Meng
[J]. CLOUD COMPUTING AND SECURITY, PT II, 2018, 11064 : 300 - 308
[49] The International Source of Innovation for the Information Security and IT Audit Professional
Gritzalis, Dimitris
Karygiannis, Tom
[J]. COMPUTERS & SECURITY, 2009, 28 (08) : 729 - 730
[50] The International Source of Innovation for the Information Security and IT Audit Professional
Spafford, Eugene H.
[J]. COMPUTERS & SECURITY, 2012, 31 (06) : 739 - 740

← 1 2 3 4 5 →