Understanding user participation in information security risk management

Abstract

Risk management is the continuing process to control and manage the risk in organisation for identifying, accessing and controlling threats to an organisation’s capital and earning. The implementation of information security risk management (ISRM) helps to address the risks to information processed by an organisation that may help the organisation to manage the risk effectively. Involving the user throughout the process of ISRM is important to ensure that it provides an effective security risk management (SRM). There are limited evidence shows that user participation is important in ISRM. Therefore, the aim of this paper to investigate user participation in ISRM from user participation and access control constructs. A quantitative method is implemented by distributing a questionnaire to two different organisational backgrounds to 20 respondents. This paper presents the initial findings that user participation play a significant role towards ISRM by presenting the results from the two constructs. The findings contribute to the body of knowledge that understanding user participation in ISRM shows that the process of risk management is different between two organisational backgrounds.