By Topic

Firm objectives, IT alignment, and information security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $33
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)

More and more attention has been devoted to the alignment of information technology (IT) spending and initiatives with organizational strategic objectives. IT spending across organizations and industries has a high opportunity cost and involves a substantial opportunity for deviations from support for the highest priorities of business units. The business justification and rationale for information security has come under similar scrutiny at a time when the nature of many organizations is being transformed by the network economy. More and more business functions and processes are enabled by information assets and capabilities that are vulnerable to new and adapting threats. This paper examines the impact of the strategic alignment of information security spending with organizational goals and with the risk tolerances of decision makers. It provides an explanation for and insight into the observed differences in executive responses to cyber threats and risk assessments. It models the relationship between security resources and risk mitigation, and it identifies the premiums that organizations expect to receive or pay for bearing or avoiding information security risk.

Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.  

Published in:

IBM Journal of Research and Development  (Volume:54 ,  Issue: 3 )