Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives

Sun, Chia-Ming; Wang, Yen-Yao; Yang, Chen-Bin

doi:10.2139/ssrn.3887486

Download This Paper

Open PDF in Browser

Add Paper to My Library

Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives

1 Pages Posted: 9 Aug 2021

See all articles by Chia-Ming Sun

Yen-Yao Wang

Auburn University - Harbert College of Business

Chen-Bin Yang

National Chung Cheng University

Date Written: March 1, 2021

Abstract

This paper explores whether IT and audit professionals have different perceptions of the substantive and symbolic perspectives of information security assurance and the role of security configuration management (SCM) using a mixture of qualitative and quantitative approaches. Importance performance analysis (IPA) is utilized to identify differences in perceived importance and perceived controllability from both substantive and symbolic perspectives between these two professional groups. Our results suggest that SCM plays a vital role in maintaining consistency between the IT and audit professionals by enhancing their confidence in controlling and managing information security control sets. IPA also helps determine an information security program's strengths and weaknesses and supports remedial strategic actions more efficiently. Implications for both research and practice are discussed.

Keywords: IT professionals, audit professionals, information security assurance, security configuration management, importance performance analysis

Suggested Citation: Suggested Citation

Sun, Chia-Ming and Wang, Yen-Yao and Yang, Chen-Bin, Information Security Assurance and the Role of Security Configuration Management: Substantive and Symbolic Perspectives (March 1, 2021). Available at SSRN: https://ssrn.com/abstract=3887486 or http://dx.doi.org/10.2139/ssrn.3887486