A Structural Model Approach for Assessing Information Security Value in Organizations

Abstract

Data is rapidly becoming one of the most important assets in global markets, and criminals are spotting opportunities to exploit new potential income sources. In response to this, organizations are dedicating increasing resources to information security programs. However, faced with unrelenting breach reports and rising costs, decision makers inevitably wonder which type of security investment is economically viable. In this article, the authors present an empirically tested model describing the underlying key constructs for assessing information security value in an organization. Based on identified latent variables previously put forward in the literature, the authors use a partial least squares structural equation modeling approach to verify the model's soundness. They identify five crucial variables for value-focused information security investment. The relationships among these latent variables are then investigated and contributions of the structural model assessed. The key findings are finally presented to highlight opportunities for security practitioners to apply the proposed model.