Abstract
User participation is essential to identifying information security risks in routine business processes because it is the business users who possess detailed knowledge of business processes. This research develops a theory of the consultative form of user participation that emphasizes the cognitive benefits of user participation. In consultative participation, designated users acting as subject matter experts with detailed knowledge of specific business processes participate in a risk analysis to identify information security vulnerabilities. It is expected that previously unknown information risks will be identified, thereby increasing the quality of information used for information risk management. Knowledge of identified risks is expected to be transferred among peers (e.g., other users) or other participant groups (e.g., IT), which is expected to ultimately lead to improved information security through enhanced policies and procedures.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
