Evaluating the organizational process of securing information assets from the threat of cyberattacks or cyberterrorist events: An exploratory study.

摘要

A phenomenon resulting from the Information Age trend of networking is that the world is becoming increasingly interlinked. Because of all this networking, organizations are becoming increasingly more vulnerable targets to potential cyberterrorist attacks. An organization could pass the effects of cyberattacks or cyberterrorist events to any and all members connected to its network. Thus, there is a need to study the process that organizations face for securing their information assets in an environment where an increasing number of sophisticated and coordinated cyberattacks are probable. Within the existing literature, the development of constructs, which are related to managerial issues within an environment where organizational information assets are threatened by cyberattacks or cyberterrorist events, has not been extensively reported. The research design involved (1) developing an initial model (i.e. initial mapping of the informal process of securing organizational information assets), (2) developing constructs, (3) testing and validating the operationalization of constructs for the study, and (4) developing a structural model in order to evaluate in future studies whether or not the data substantiates the hypothesized process. Students were used as a pilot study group. Information security practitioners were used as the field study group. Testing and verifying the operationalization of the constructs required using exploratory factor analysis (EFA) on half the data set and confirmatory factor analysis (CFA) on the remaining half of the data set. Each of the nine constructs (i.e. asset evaluation, risk assessment, firm profitability, productivity, security budget, security initiative programs/ countermeasures, role of government, awareness and (impact upon) firm profitability) exhibited convergent validity, discriminant validity and reliability of 0.6 or higher, which was above the expected range of 0.5 to 0.6 for exploratory studies. Given that the constructs were substantiated and provided reasonable fits to the data (during CFA), this investigation was a fast step taken in the development of a managerial model for studying issues confronted by organizations when securing their critical information assets, and operationalizing this model in the form of developing constructs and a survey instrument.