TY - JOUR
T1 - The role of skills, processes and technology in information security risk management
AU - Kumah, Peace
AU - Yaokumah, Winfred
AU - Asante-Offei, Kwame Okwabi
N1 - Publisher Copyright:
Copyright © 2024 Inderscience Enterprises Ltd.
PY - 2024
Y1 - 2024
N2 - Managing security resources can be challenging as it is easy to apply too much, too little, or even the wrong security measures, leading to excessive spending and a failure to mitigate risk adequately. This quantitative study analyses the role of security resources (including skills, processes, and technology) in risk management. The study employed a random sampling strategy to collect data from five major industry sectors and conducted a web survey. Three multiple regression analyses were then performed to evaluate the relative significance of skills, processes, and technology in risk assessment and analysis within risk management practices. The results demonstrate that skills, processes, and technology account for 79.9% of the variation in risk assessment, 77.7% in risk analysis, and 85% in overall risk management. Skills and processes played the most significant roles in all models compared to technology. Therefore, organisations should prioritise security skills and processes to improve risk management practices. This study provides a model for examining the importance of security resource management in risk management practices, enhancing our understanding of the security resources that contribute significantly to effective risk management.
AB - Managing security resources can be challenging as it is easy to apply too much, too little, or even the wrong security measures, leading to excessive spending and a failure to mitigate risk adequately. This quantitative study analyses the role of security resources (including skills, processes, and technology) in risk management. The study employed a random sampling strategy to collect data from five major industry sectors and conducted a web survey. Three multiple regression analyses were then performed to evaluate the relative significance of skills, processes, and technology in risk assessment and analysis within risk management practices. The results demonstrate that skills, processes, and technology account for 79.9% of the variation in risk assessment, 77.7% in risk analysis, and 85% in overall risk management. Skills and processes played the most significant roles in all models compared to technology. Therefore, organisations should prioritise security skills and processes to improve risk management practices. This study provides a model for examining the importance of security resource management in risk management practices, enhancing our understanding of the security resources that contribute significantly to effective risk management.
KW - information security
KW - processes
KW - risk analysis
KW - risk assessment
KW - risk management
KW - security resource management
KW - skills
KW - technology
UR - http://www.scopus.com/inward/record.url?scp=85210487080&partnerID=8YFLogxK
U2 - 10.1504/IJBCRM.2024.142654
DO - 10.1504/IJBCRM.2024.142654
M3 - Article
AN - SCOPUS:85210487080
SN - 1758-2164
VL - 14
SP - 392
EP - 412
JO - International Journal of Business Continuity and Risk Management
JF - International Journal of Business Continuity and Risk Management
IS - 4
ER -