This paper explores whether IT and audit professionals have different perceptions of the substantive and symbolic perspectives of information security assurance and the role of security configuration management (SCM) using a mixture of qualitative and quantitative approaches. Importance performance analysis (IPA) is utilized to identify differences in perceived importance and perceived controllability from both substantive and symbolic perspectives between these two professional groups. Our results suggest that SCM plays a vital role in maintaining consistency between the IT and audit professionals by enhancing their confidence in controlling and managing information security control sets. IPA also helps determine an information security program's strengths and weaknesses and supports remedial strategic actions more efficiently. Implications for both research and practice are discussed.
Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives
- Views Icon Views
- Share Icon Share
- Search Site
Chia-Ming Sun, Yen-Yao Wang, Chen-Bin Yang; Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives. Journal of Information Systems 2021; doi: https://doi.org/10.2308/ISYS-2020-065
Download citation file: