Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Investment's in Organizations – How it's actually been done? Daniel Dor & Prof. Yuval Elovici Ben-Gurion University of the Negev According.

Published byGriffin Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Investment's in Organizations – How it's actually been done? Daniel Dor & Prof. Yuval Elovici Ben-Gurion University of the Negev According."— Presentation transcript:

1 Information Security Investment's in Organizations – How it's actually been done? Daniel Dor & Prof. Yuval Elovici Ben-Gurion University of the Negev According to Creswell (2009), grounded theory is “a qualitative strategy of inquiry in which the researcher derives a general, abstract theory of process, action, or interaction grounded in the views of participants in a study.” (p. 13 & 229) this process involves using multiple stages of data collection and the refinement and interrelationships of categories of information. In this research, we’ve used a Contextual Analysis software (Machine Learning and Human Input capabilities) combined with Grounded Theory, in order to find correlations between different Categories in the information security investments process, and different concepts within this process. Our research displays connected categories and concepts that appear in the Information security Investments decision process in several SMB’s. Abstract In Grounded Theory, researchers using an iterative coding process, in which they review the data collected, code it, analyze it, understand the concepts and categories that appear in it, and using those concepts and categories in order to formulate a theory. We’ve conducted several interviews with CISOs and CIOs that making decisions regarding Information Security Investment. In those interviews, the subjects told us how the IS Investments process of decision making is being done. We enhanced the subjects results with data that we gained from the Literature. The data was extracted using a Contextual Analysis software, in which we’ve used Machine Learning to “learn” the Literature, and then we’ve tried to see correlations between concepts and categories that found during the interviews. The research is still in progress, but a draft of 14 thorys’ propositions is already ready for discussion. Introduction and with Doctrine and \ or organizational policy. (P5) Organizations cyber security gap analysis is associated with Information security threats, Risk Management and Decision makers. (P6) Detection of required capabilities is associated with Strategy, Prioritization and budgeting, Information security compliance, Information security threats, Risk Management, Decision makers, Competitive Advantage, and with Customer expectations. (P7) Detection of alternatives is associated with Prioritization and budgeting, Applying information security capabilities, Information security threats, and with Start-ups. (P8) Inspection of alternatives is associated with Constraints, Information security compliance, Risk Management, Decision makers and with Decision variable. (P9) Picking a portfolio of projects is associated with Prioritization and budgeting, Organizational cyber security education and awareness, Risk Management and with Decision makers. (P10) Proof of Concept is associated with Decision makers and with Decision variable. (P11) Decision and\or execution is associated with Risk Management, Decision makers and with Decision variable. (P12) Project's initiation is associated with Prioritization and budgeting, Decision makers and whit Projects concept. (P13) Project's Planning is associated with Projects concept (P14) Project's execution and Implementation is associated with Constraints, Organizational cyber security education and awareness, Risk Management, Projects and with Quality Method (P1) External Environments of Business is associated with organizational cyber security education and awareness, the need for Information security compliance and the understanding of Information security threats landscape. (P2) Organizational Structure or Behavior is associated with Prioritization and budgeting, Organizational cyber security education and awareness, Risk Management, Decision makers and Doctrine and \ or organizational policy. (P3) Identification of the cyber threat landscape is associated with Prioritization and budgeting, Organizational cyber security education and awareness, Information security threats, Decision makers, and with Doctrine and \ or organizational policy. (P4) Current cyber security situation in the organization is associated with Quality, Applying information security capabilities, Information security threats, Risk Management, Decision variable Propositions Creswell, J.W. (2009). Research Design: Qualitative, Quantitative, and Mixed Approaches. TO, CA: Sage. Posey, C., Roberts, T. L., Lowry, P. B., & Hightower, R. T. (2014). Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & Management, 51(5), 551-567. Vannoy, S.A. and Salam, A.F. (2010). Managerial Interpretations of the Role of Information Systems in Competitive Actions and Firm Performance:A grounded theory investigation, ISR 21(3): 496–515. References

2 Information Security Investment's in Organizations – How it's actually been done? Daniel Dor & Prof. Yuval Elovici Ben-Gurion University of the Negev The Method -> Machine Learning + Concept Extraction + Grounded Theory The question -> What concepts and categories affects Information Security Investments process?

3 Natural Language Processing Context JL Machine Learning H H Discovery Human Input Texts from websites blogs, tweets, posts, etc. Model Which sentiment rank each text will get? Concepts Categories Other languages sentiment taxonomies Taxonomy Rules

Download ppt "Information Security Investment's in Organizations – How it's actually been done? Daniel Dor & Prof. Yuval Elovici Ben-Gurion University of the Negev According."

Similar presentations

Planning: Processes and Techniques

Planning: Processes and Techniques
Copyright © 2014 by The University of Kansas Collecting and Analyzing Data.

Copyright © 2014 by The University of Kansas Collecting and Analyzing Data.
Introduction to Research Methodology

Introduction to Research Methodology
Quantitative vs. Qualitative Research Method Issues Marian Ford Erin Gonzales November 2, 2010.

Quantitative vs. Qualitative Research Method Issues Marian Ford Erin Gonzales November 2, 2010.
Lessons Learned in Initiating and Conducting Risk Assessments within a Risk Analysis Framework: A FDA/CFSAN Approach Robert Buchanan DHHS Food and Drug.

Lessons Learned in Initiating and Conducting Risk Assessments within a Risk Analysis Framework: A FDA/CFSAN Approach Robert Buchanan DHHS Food and Drug.
Research Methodologies

Research Methodologies
Planning and Strategic Management

Planning and Strategic Management
Chapter 2 Succeeding as a Systems Analyst

Chapter 2 Succeeding as a Systems Analyst
Methodology A preview. What is Methodology  Choosing a method of data collection  Structure of the research  Builds on and draws from problem statement.

Methodology A preview. What is Methodology  Choosing a method of data collection  Structure of the research  Builds on and draws from problem statement.
Quantitative and Qualitative Approaches

Quantitative and Qualitative Approaches
An Approach to Case Analysis

An Approach to Case Analysis
Planning and Strategic Management

Planning and Strategic Management
Quantitative and Qualitative Approaches Dr. William M. Bauer

Quantitative and Qualitative Approaches Dr. William M. Bauer
Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul

Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul
Organizational Execution Capability Assessment Framework

Organizational Execution Capability Assessment Framework
Qualitative Data Collection Strategy, Populations, and Instruments

Qualitative Data Collection Strategy, Populations, and Instruments
Edwin D. Bell Winston-Salem State University

Edwin D. Bell Winston-Salem State University
Research Paradigms and Approaches

Research Paradigms and Approaches
Chapter 10 Conducting & Reading Research Baumgartner et al Chapter 10 Qualitative Research.

Chapter 10 Conducting & Reading Research Baumgartner et al Chapter 10 Qualitative Research.
© 2014 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2014 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

Similar presentations

Ads by Google