Analyzing the Critical Success Factors of Information Technology Risk Management Using Interpretive Structural Modelling Approach: Case Study of Engineering Faculty, Mahidol University
Keywords:
Success Factors, Risk Management, Information Technology, Interpretive Structural Modelling, MICMACAbstract
The objectives of this study are (1) To identify the critical success factors of information technology risk management and (2) To analyze the cause and effect relationship among critical success factors (CSFs) by using an Interpretive Structural Modelling (ISM) and Matrices d'Impacts Croises Multiplication Appliqué a un Classement (MICMAC) approaches. This study uses Engineering faculty, Mahidol University as a case study. Firstly, the twelve CSFs were identified through extensive literature review. Secondly, data was collected from expert participants groups on both academic and administrative staffs through focus group sessions. All experts have acceptable knowledge and experience in information technology risk management. Thirdly, the ISM was applied to analyze the cause and effect relationships among CSFs. Next, the CSFs were categorized based on their driving and dependent power by using MICMAC analysis. The results of this study reveal that the CSFs namely ‘Strategic Alignment’ and ‘Stakeholders Involvement’ are the most significant factors having the highest driving power values. This study can help managerial staffs of engineering faculty to emphasize their efforts towards implementation of information technology risk management.
References
กชพงศ์ เพ็ชรราช. (2547). ระบบวิเคราะห์ความเสี่ยงของสารสนเทศ. (สารนิพนธ์ปริญญามหาบัณฑิต), สถาบันเทคโนโลยีพระจอมเกล้าเจ้าคุณทหารลาดกระบัง. กรุงเทพฯ.
Attri, R., Dev, N., & Sharma, V. (2013). Interpretive Structural Modeling (ISM) approach: An Overview. Research journal of Management of Science, 2(2), 3-8.
Beaver, K. (2015). The importance of a security culture across the organization.Retrieved from https://securityintelligence.com/the-importance-of-a-security-culture-across-the-organization.
Borgman, C.L. (2018). Open data, grey data, and stewardship: universities at the pri- vacy frontier. arXiv: 1802.02953.
Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If someone is watching, I'll do what I'm asked: Mandatoriness, control, and information security. European Journal of Information Systems, 18(2), 151-164.
Choi, M., & Park, E. (2016). The influences of enterprise management strategy on information security effectiveness. International Journal of Applied Engineering Research and Development, 11(15), 8686–8694.
Cao, G. and Duan, Y. (2015). The affordances of business analytics for strategic decision-making and their impact on organizational performance. In Proceedings of the Pacific Asia Conference on Information systems, Singapore.
Cao, G. and Duan, Y. (2014). A path model linking business analytics, data-driven culture, and competitive advantage. In Proceedings of the 22nd European Conference on Information Systems, Tel Aviv, Israel.
Curry, S., (2017). Boards should take responsibility for cybersecurity. Here’s how to do it. Harv. Bus. Retrieved from https://hbr.org/2017/11/boards-should-take-responsibility-for-cybersecurity-heres-how-to-do-it
Devece, C. (2013). The value of business managers information technology competence. The Service Industries Journal, 33(7–8), 720–733.
Durst, S., & Zieba, M. (2017). Knowledge risks - Towards a taxonomy. International Journal of Business Environment, 9, 51–63. Retrieved from https://doi.org/10.1504/IJBE.2017.084705.
Jaeger, J. (2013). Human error, not hackers, cause most data breaches. Retrieved from https://www.complianceweek.com/news/news-article/human-error-not-hackers-cause-most-data-breaches#.WzDycadKiUk
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T., (2017). The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Security 66, 40–51. doi:10.1016/j.cose.2017.01.004.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C., (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput. Security 42, 165–176. doi:10.1016/j.cose.2013.12.003.
Sandbhor, S., and Botre, R.(2014).Applying total interpretive structural modeling to study factors affecting construction labour productivity. Australasian Journal of Construction Economics and Building, 14(1), 20-31.
Shu, X., Tian, K., Ciambrone, A., Yao, D. (2017). Breaking the Target: An Analysis of Target Data Breach and Lessons Learned. CoRR, abs/1701.04940.
Shuradze G, Wagner HT (2016) Towards a conceptualization of data analytics capabilities. In: 2016 49th Hawaii international conference on system sciences (HICSS). IEEE, pp 5052–5064.
Sushil. (2012). Interpreting the interpretive structural model: organization research methods. Global journal of Flexible System Management, 13(2), 87-106.
Vincent, N., Higgs, J., and Pinsker, R. (2017). IT governance and the maturity of IT risk management practices. Journal of Information Systems, 31(1), 59-78.
Wallstin, B. (2018). UVM warns faculty. students of potential breach of personal data. Retrieved from https://www.mychamplainvalley.com/news/local-news/uvm-warns-faculty-students-of-potential-breach-of-personal-data/1198682851
