Security risk management of information systems with proactive and reactive approaches : a case study of small- and medium-sized enterprise organizations in Bangkok metropolis
Article Sidebar
Main Article Content
Abstract
The objectives of this study were 1) to study the relationship between proactive and reactive security management approaches and the success of information system security in the small- and, medium-sized enterprise organizations; 2) to compare the success of Information systems security to the proactive and reactive security management approaches of the small- and, medium-sized enterprise organizations; and (3) to provide a guidance in the security management approaches for the small- and, medium-sized enterprise organizations. The research sample consisted of 221 small- and medium-sized enterprise organizations in Bangkok metropolis. The survey questionnaire was used to collect data and then the data is analyzed using descriptive statistics including frequency, percentage, mean and standard deviation. One-Way ANOVA, Chi-square and Cramer’s V were also used to test these research hypotheses. The findings are as follows:1) Organizations with the differences in the total of employees exhibited a difference in their choice for either a proactive or a reactive security management approach at the statistically significant level of .05. 2) Organizations with the differences in the information security budget exhibited a difference their choice for either a proactive or a reactive security management approaches at the statistically significant level of .05. 3) IT employees with different levels in the security knowledge exhibited their choice for either a proactive or a reactive security management approaches at the statistically significant level of .05. 4) Executives/owners with different levels in the security knowledge exhibited their choice for either a proactive or a reactive security management approaches at the statistically significant level of .05. 5) The proactive approach of the security managements had a greater effect on increasing security success than the reactive approach had with a moderation level in both all perspective and each aspect of confidentiality, integrity and availability, at the statistically significant level of .05. 6) The proactive approach of the security managements had a better success in security than the reactive approach at the statistically significant level of .05.
Article Details
Journal of TCI is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) licence, unless otherwise stated. Please read our Policies page for more information...
References
2 Makumbi, L., Miriti, E. K., Kahonge, A. M.,“An analysis of information technology (IT) security practices : A case study of Kenyan small and medium enterprises (SMEs) in the financial sector”, International Journal of Computer Applications, 18(57), 2012: 33-36.
3 Qian, Y., Fang, Y., Gonzalez, J. J., “Manage information security risks during new technology adoption”, Computers and Security, 31(8), 2012: 859-869.
4 Kwon, J., Johnson, M. E., “Proactive vs reactive security investments in the health sector”, MIS Quarterly, 2(38), 2014: 451-471.
5 Kaspersky Lab ZAO, “Global corporate IT security risks: 2013”, Retrieved July 30, 2014, from http://media.kaspersky.com.
6 Chang, S. E., Ho, C. B., “Organizational factors to the effectiveness of implementing information security management”, Industrial management & data systems, 3(106), 2006: 345-361.
7 Al-Awadi, M., Renaud, K., “Success factors in information security implementation in organizations”, Retrieved August 5, 2014, from http://theses.gla.ac.uk/.
8 ปริญญ์ เสรีพงศ์, “ISO 27001 introduction to information security management system”,สถาบันเพิ่มผลผลิตแห่งชาติ, 2551.
9 Microsoft, “Security strategies”, Retrieved August 31, 2014, from http://technet. microsoft.com/en-us/library/cc723506.aspx
10 Stroie, E. R., Rusu, A. C., “Security risk management - approaches and methodology”, Informatica Economica, 15(1), 2011: 228-240.
11 Symantec Corporation, “Internet security threat report 2016 volume 21”, Retrieved May 11, 2016, from www.symantec.com.
12 Clear, F., “SMEs, electronically-mediated working and data security : cause for concern?”, Int. Journal of Business Science and Applied Management, 2(2), 2007: 1-20.
13 Amrin, N., “The Impact of Cyber Security on SMEs”, Unpublished master's thesis,University of Twente, Enschede, Netherlands, 2014.
14 จุมพฏ กาญจนกำธร, “การพัฒนารูปแบบการประเมินความมั่นคงปลอดภัยระบบเทคโนโลยีสารสนเทศสำหรับสถาบันการศึกษา”, ดุษฎีนิพนธ์ปรัชญาดุษฎีบัณฑิต, มหาวิทยาลัยราชภัฏบ้านสมเด็จเจ้าพระยา, 2555.
15 Ngura, S., Kimwele, M., Rotich, G., “Determinants of Information Security Small and Medium Enterprises in Kenya”, European Journal of Business Management, 2(1), 2015: 124-143.
16 วราภรณ์ ธวิทย์ชัยพร, “แนวทางการนำ Information Security Management มาใช้ในการจัดระเบียบการบริหารจัดการด้านความปลอดภัยสารสนเทศ กรณีศึกษาบริษัทให้คำปรึกษาด้านสารสนเทศแห่งหนึ่ง”, สารนิพนธ์วิทยาศาสตร- มหาบัณฑิต, มหาวิทยาลัยธรรมศาสตร์, 2549.
17 ถนอมศรี เตมานุวัตร์, “การปรับปรุงกระบวนการให้บริการงานสารสนเทศ โดยการประยุกต์ใช้มาตรฐานบริหารความปลอดภัยของข้อมูลสารสนเทศ ISO/IEC 27001”, วิทยานิพนธ์วิทยาศาสตรมหาบัณฑิต, มหาวิทยาลัยราชภัฏสวนสุนันทา, 2554.
18 King, W. R., Teo, T. S. H., “Assessing the impact of proactive versus reactive modes of strategic information systems planning”, Omega The International Journal of Management Science, 6(28), 2000: 667-679.
