{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,29]],"date-time":"2025-12-29T22:20:23Z","timestamp":1767046823471,"version":"3.41.2"},"reference-count":13,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2008,6,6]],"date-time":"2008-06-06T00:00:00Z","timestamp":1212710400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008,6,6]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>The purpose of this study is to explore the rationale that governs implementation of information systems and network security expenditures through a case study approach.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The research method took the form of a mixed\u2010method assessment of the perceptions of persons of authority in the management and the network security areas of an organization that has implemented network security protocols. Two stages of the research process were completed in order to gather the necessary data for the study. The first stage of the study was the administration of a Likert\u2010type questionnaire in which respondents answered 30 unique items on network security. In the second phase of the study, a number of responders were contacted to further expand upon the themes presented in the Likert\u2010type questionnaire.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>Empirical evidence gathered justifies theoretical claims that personnel from general management have different perspectives towards network security than personnel from the network security management. In particular, the study indicates that such differences are demonstrated on a number of areas such as the effectiveness and the efficiency of the networked system; control of network security; security\u2010related decision\u2010making processes; and users of the network. The latter being the most controversial issue with one side indicating that users should be allowed to use the network in an efficient manner, and the other side emphasizing that users pose one of the greatest security risks to the system.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>The limitations of the study are found in its focus on a specific company and on its perception\u2010centred nature of risk and risk analysis. No two persons identify and frame risk in an identical manner. This creates potential conflict of interest when the participants within a risk assessment process approach the issues and present their arguments as to how to best identify and respond to risks.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>Through comparing and contrasting the perspectives of the two sample populations, the research assists in demonstrating how, why, and to what extent specific problems are recognized by those within management and those within network security. This allowed the analysis of how these problems are defined and what steps can be taken that would help to reduce or eliminate its impact in the organization used in our case study.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>It has been argued in the literature that there is lack of empirically based research to explore and effectively analyze the perceptions held by management and by security specialists within organizations with respect to security. This paper presents the results of the application of a novel two\u2010stage framework on an empirical case study focused on a large national bank. The work allowed the identification of the various perceptions held by management and by security specialists, and the degree to which these perceptions are similar.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220810879645","type":"journal-article","created":{"date-parts":[[2008,6,21]],"date-time":"2008-06-21T07:00:26Z","timestamp":1214031626000},"page":"187-205","source":"Crossref","is-referenced-by-count":17,"title":["Management versus security specialists: an empirical study on security related perceptions"],"prefix":"10.1108","volume":"16","author":[{"given":"H.","family":"Mouratidis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"H.","family":"Jahankhani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M.Z.","family":"Nkhoma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"unstructured":"Babbie, E. (2004), The Practice of Social Research, Wadsworth\/Thomson, Inc., Belmont, CA.","key":"key2022021920271259600_b1"},{"doi-asserted-by":"crossref","unstructured":"Brancheau, J.C., Janz, B.D. and Wetherbe, J.C. (1996), \u201cKey issues in information systems management: 1994\u201095 SIM results\u201d, Management Information Systems Quarterly, Vol. 20 No. 2, pp. 225\u201042.","key":"key2022021920271259600_b2","DOI":"10.2307\/249479"},{"unstructured":"Creswell, J.W. (1994), Research Design. Qualitative and Quantitative Approaches, Sage, London.","key":"key2022021920271259600_b3"},{"unstructured":"Einstein, G. and Abernethy, K. (2000), \u201cSPSS Tutorial: statistical package for the social science\u201d, SPSS Version 10.0, Furman University, http:\/\/s900.furman.edu\/mellonj\/spss1.htm.","key":"key2022021920271259600_b4"},{"unstructured":"Jahankhani, H. and Nkhoma, M.Z. (2005), \u201cInformation security risk assessment practice\u201d, IEE, International Conference on Global e\u2010Security (ICGeS\u201005), 22\u201024 April, 23\u201025 May, London, pp. 119\u201031.","key":"key2022021920271259600_b5"},{"doi-asserted-by":"crossref","unstructured":"Haimes, Y.Y. (2005), \u201cRisk modeling\u201d, Assessment, and Management, Harper Collins, New York, NY.","key":"key2022021920271259600_b6","DOI":"10.1002\/0471723908"},{"doi-asserted-by":"crossref","unstructured":"Koskosas, I.V. and Paul, R.J. (2004), \u201cThe interrelationship and effect of culture and risk communication in setting internet banking security goals\u201d, ACM International Conference Proceeding Series, Vol. 60, pp. 341\u201050.","key":"key2022021920271259600_b7","DOI":"10.1145\/1052220.1052264"},{"doi-asserted-by":"crossref","unstructured":"Kotulic, A.G. and Clark, J.G. (2004), \u201cWhy there aren't more information security research studies?\u201d, Information & Management, Vol. 41 No. 5, pp. 597\u2010607.","key":"key2022021920271259600_b8","DOI":"10.1016\/j.im.2003.08.001"},{"unstructured":"Parker, D.B. (1981), Computer Security Management, Reston Publishing Company, Reston, VA.","key":"key2022021920271259600_b9"},{"unstructured":"Rogers, E.M. (2003), Diffusion of Innovations, 5th ed., The Free Press, New York, NY.","key":"key2022021920271259600_b10"},{"unstructured":"Saad, N.H., Alias, R.A. and Rahman, A.A. (2005), \u201cUsing soft\u2010systems methodology (SSM) in formulating knowledge management systems (KMS) strategy for Malaysian public institutions of higher education\u201d, available at: www.waseda.jp\/assoc\u2010cioacademy\/pdf\/nor.pdf (accessed 10 March 2007).","key":"key2022021920271259600_b11"},{"unstructured":"Schneier, B. (2006), Beyond Fear, Wiley, New York, NY.","key":"key2022021920271259600_b12"},{"doi-asserted-by":"crossref","unstructured":"Straub, D.W. (1990), \u201cEffective IS security: an empirical study\u201d, Information Systems Research, Vol. 1 No. 3, pp. 255\u201076.","key":"key2022021920271259600_b13","DOI":"10.1287\/isre.1.3.255"}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220810879645","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220810879645\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220810879645\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:06Z","timestamp":1753402146000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/16\/2\/187-205\/184562"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,6,6]]},"references-count":13,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2008,6,6]]}},"alternative-id":["10.1108\/09685220810879645"],"URL":"https:\/\/doi.org\/10.1108\/09685220810879645","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2008,6,6]]}}}