Information Security Management: Factors That Influence Security Investments In SMEs

Abstract

In the modern information economy, the security of information is critically important to organizations. Information-security risk assessments (ISRAs) allow organizations to identify key information assets and security risks so security expenditure can be directed cost-effectively. Unfortunately conducting ISRAs requires special expertise and tends to be complex and costly for small to medium sized organizations (SMEs). Therefore, it remains unclear in practice, and unknown in literature, how SMEs address information security imperatives without the benefit of an ISRA process. This research makes a contribution to theory in security management by identifying the factors that influence key de..