Title

Controlling Adverse Selection In Information Security Budgeting: An It Governance Approach

Keywords

Adverse selection; Agency theory; Information asymmetry; Information security; IT budget

Abstract

From an agency theory perspective, top management engages the information security function as the agent to manage security for the organization. Adverse selection in InfoSec budgeting occurs when top management cannot validate the soundness of the ISF's requests for InfoSec investments. IT governance may control adverse selection because it aims at the alignment between business and IT and facilitates monitoring and bonding. Three types of governance mechanisms - process-based, structural, and relational, are analyzed. They are hypothesized to help to reduce information asymmetry. Less asymmetry leads to reduction in adverse selection, which, in turn, boosts top management confidence in InfoSec success. Based on these, a research model is presented and survey research designed to test it.

Publication Date

12-1-2006

Publication Title

Association for Information Systems - 12th Americas Conference On Information Systems, AMCIS 2006

Volume

7

Number of Pages

4542-4547

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

Socpus ID

84870342325 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84870342325

This document is currently not available here.

Share

COinS