E-Book, Englisch, 181 Seiten
Loske IT Security Risk Management in the Context of Cloud Computing
1. Auflage 2015
ISBN: 978-3-658-11340-7
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Towards an Understanding of the Key Role of Providers' IT Security Risk Perceptions
E-Book, Englisch, 181 Seiten
ISBN: 978-3-658-11340-7
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
This work adds a new perspective to the stream of organizational IT security risk management literature, one that sheds light on the importance of IT security risk perceptions. Based on a large-scale empirical study of Cloud providers located in North America, the study reveals that in many cases, the providers' decision makers significantly underestimate their services' IT security risk exposure, which inhibits the implementation of necessary safeguarding measures. The work also demonstrates that even though the prevalence of IT security risk concerns in Cloud adoption is widely recognized, providers only pay very limited attention to the concerns expressed by customers, which not only causes serious disagreements with the customers but also considerably inhibits the adoption of the services.
Dr. André Loske received his doctorate at the chair of Information Systems | Software Business & Information Management at the Technische Universität Darmstadt, Germany. His main research interests are organizational IT risk management and the perception of IT security risks.
Autoren/Hrsg.
Weitere Infos & Material
1;Foreword;5
2;Acknowledgements;7
3;Table of Contents;8
4;List of Tables;11
5;List of Figures;12
6;List of Abbreviations;13
7;Abstract;15
8;Zusammenfassung;17
9;1 Introduction;19
9.1;1.1 Problem Description and Motivation;19
9.2;1.2 Objectives and Benefits;23
9.3;1.3 Structure of the Thesis;27
10;2 Foundations;32
10.1;2.1 Cloud Computing;32
10.1.1;2.1.1 Essential Characteristics;33
10.1.2;2.1.2 Delivery Models;34
10.1.3;2.1.3 Deployment Models;35
10.2;2.2 IT Security Risk Perception;37
10.2.1;2.2.1 The Nature of Perceived Risks;38
10.2.2;2.2.2 Perceived IT Security Risks in the Context of the Cloud;40
10.3;2.3 Organizational IT Security Risk Management;43
10.3.1;2.3.1 Phase I: Identification of IT Security Threat;44
10.3.2;2.3.2 Phase II: IT Security Risk Analysis;45
10.3.3;2.3.3 Phase III: Solution Analysis;47
10.3.4;2.3.4 Phase IV: Decision;48
10.3.5;2.3.5 Phase V: Implementation;50
11;3 Part I: The Inhibiting Role of Unrealistic Optimism in Providers’ IT Security Risk Management;51
11.1;3.1 Theoretical Background and Hypotheses Development;51
11.1.1;3.1.1 Organizational IT Security Risk Management;52
11.1.2;3.1.2 Technology Threat Avoidance Theory;53
11.1.3;3.1.3 Institutional Theory;62
11.1.4;3.1.4 Decision Makers’ IT Security Risk Perceptions;66
11.1.5;3.1.5 Unrealistic Optimism in Decision Makers’ IT Security Risk Perceptions;71
11.2;3.2 Research Methodology;75
11.2.1;3.2.1 Measurement Model;75
11.2.2;3.2.2 Survey Administration;83
11.2.3;3.2.3 Sample Characteristics;83
11.2.4;3.2.4 Data Analyses;85
11.3;3.3 Results;87
11.3.1;3.3.1 Impacts of Decision Makers’ IT Security Risk Perceptions on Providers’ IT Security Risk Management;87
11.3.2;3.3.2 Existence of Unrealistic Optimism in the IT Security Risk Perceptions of Providers’ Decision Makers;95
11.4;3.4 Discussion of Study Findings;104
12;4 Part II: Perceptual Incongruences regarding the IT Security Risks as a Barrier to Cloud Adoption;109
12.1;4.1 Theoretical Background and Hypotheses Development;109
12.1.1;4.1.1 Perceptual Congruence;109
12.1.2;4.1.2 Perceptual Incongruences regarding the IT Security Risks;111
12.1.3;4.1.3 Cognitive Dissonance Theory;113
12.1.4;4.1.4 Expectation Confirmation Theory;115
12.1.5;4.1.5 Cloud Adoption;116
12.2;4.2 Research Methodology;119
12.2.1;4.2.1 Measurement Model;119
12.2.2;4.2.2 Survey Administration;120
12.2.3;4.2.3 Sample Characteristics;121
12.2.4;4.2.4 Data Analyses;123
12.3;4.3 Results;125
12.3.1;4.3.1 Existence of Perceptual Incongruences between Providers and Customers regarding the IT Security Risks;125
12.3.2;4.3.2 Impacts of Perceptual Incongruences between Providers and Customers regarding the IT Security Risks on Cloud Adoption;127
12.4;4.4 Discussion of Study Findings;132
13;5 Conclusion and Summary of Key Findings;135
13.1;5.1 Implications for Theory and Research;135
13.2;5.2 Implications for Practice;139
13.2.1;5.2.1 Implications and Recommended Actions for Providers;139
13.2.2;5.2.2 Implications and Recommended Actions for (Potential) Customers;142
13.3;5.3 Limitations and Future Research Directions;143
13.4;5.4 Résumé;146
14;Appendix;148
14.1;A.1 Supporting Material for Part I (Chapter 3);148
14.1.1;A.1.1 Measurement Items;148
14.1.2;A.1.2 Validity Analysis;153
14.1.3;A.1.3 Consistency Analysis of the Absolute Unrealistic Optimism Classifier;154
14.1.4;A.1.4 Multi-Group Analysis of the Structural Model;155
14.2;A.2 Supporting Material for Part II (Chapter 4);156
14.2.1;A.2.1 Measurement Items;156
14.2.2;A.2.2 Validity Analysis;157
14.2.3;A.2.3 Formation of IT Security Risk Perceptions in the Context of the Cloud;158
15;References;159
