Title: Investigating effects of security incident awareness on information risk perception

Authors: Antonio P. Volpentesta, Salvatore Ammirato, Roberto Palmieri

Addresses: GIUDALab, Department of Electronics, Computer Science and Systems, University of Calabria, Via Pietro Bucci, 42\C, Arcavacata di Rende (CS), 87036, Italy. ' GIUDALab, Department of Electronics, Computer Science and Systems, University of Calabria, Via Pietro Bucci, 42\C, Arcavacata di Rende (CS), 87036, Italy. ' GIUDALab, Department of Electronics, Computer Science and Systems, University of Calabria, Via Pietro Bucci, 42\C, Arcavacata di Rende (CS), 87036, Italy

Abstract: This article describes an empirical investigation about the relationship between what is known about information security incidents which occurred within an organisation and the actual perception of information risk. Information security incident awareness takes into account an estimation of the frequency of incidents which occurred in the past as well as the magnitude of information assets impairment caused by them. Information risk perception relies on a subjective assessment of the expected frequency of a specified type of incident having a potentially adverse effect on information resources as well as the expected magnitude of the consequent future loss. Survey instruments were distributed to information security managers of 101 Italian companies and data were collected through telephone interviews. Hypotheses about the influence of two awareness factors (namely, information security incident reporting and existence of an information security policy) on risk perceived by information security managers are formulated and tested through ANOVA techniques.

Keywords: security incident awareness; information risks; risk perception; information security management; IS managers; Italy; technology management; information management; security incident reporting; information security policy; ANOVA.

DOI: 10.1504/IJTM.2011.039317

International Journal of Technology Management, 2011 Vol.54 No.2/3, pp.304 - 320

Published online: 06 Apr 2013 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article