Using Business Process Model Awareness to improve Stakeholder Participation in Information Systems Security Risk Management Processes

2015 | International Conference on Business Informatics | Citations: 0

Authors: Sillaber, Christian; Breu, Ruth

Abstract: The present paper examines stakeholders’ business process model awareness to mea ... Expand

Abstract: The present paper examines stakeholders’ business process model awareness to measure and improve stakeholder participation in information systems security risk management (ISRM) via a multi-method research study at the organizational level. Organizational stakeholders were interviewed to gain an understanding of their awareness of business processes and related security requirements in the context of an ongoing ISRM process. The research model was evaluated in four case studies. The findings indicate that stakeholders’ awareness of business process models contributed to an improved ISRM process, better alignment to the business environment and improved elicitation of security requirements. Following current research that considers users as the most important resource in ISRM, this study highlights the importance of involving appropriate stakeholders at the right time during the ISRM process and provides risk managers with decision support for the prioritization of stakeholder participation during ISRM processes to improve results and reduce overhead. Collapse

Topics: information security risk business process management participatory design risk management IT security

Methods: business process modeling design methodology qualitative interview survey case study

Theories: system quality theory emergent interaction theory buy-in theory of participation