IT Security Risk Management in the Context of Cloud Computing (eBook)

Dr. André Loske received his doctorate at the chair of Information Systems | Software Business & Information Management at the Technische Universität Darmstadt, Germany. His main research interests are organizational IT risk management and the perception of IT security risks.

Foreword 5
Acknowledgements 7
Table of Contents 8
List of Tables 11
List of Figures 12
List of Abbreviations 13
Abstract 15
Zusammenfassung 17
1 Introduction 19
1.1 Problem Description and Motivation 19
1.2 Objectives and Benefits 23
1.3 Structure of the Thesis 27
2 Foundations 32
2.1 Cloud Computing 32
2.1.1 Essential Characteristics 33
2.1.2 Delivery Models 34
2.1.3 Deployment Models 35
2.2 IT Security Risk Perception 37
2.2.1 The Nature of Perceived Risks 38
2.2.2 Perceived IT Security Risks in the Context of the Cloud 40
2.3 Organizational IT Security Risk Management 43
2.3.1 Phase I: Identification of IT Security Threat 44
2.3.2 Phase II: IT Security Risk Analysis 45
2.3.3 Phase III: Solution Analysis 47
2.3.4 Phase IV: Decision 48
2.3.5 Phase V: Implementation 50
3 Part I: The Inhibiting Role of Unrealistic Optimism in Providers’ IT Security Risk Management 51
3.1 Theoretical Background and Hypotheses Development 51
3.1.1 Organizational IT Security Risk Management 52
3.1.2 Technology Threat Avoidance Theory 53
3.1.3 Institutional Theory 62
3.1.4 Decision Makers’ IT Security Risk Perceptions 66
3.1.5 Unrealistic Optimism in Decision Makers’ IT Security Risk Perceptions 71
3.2 Research Methodology 75
3.2.1 Measurement Model 75
3.2.2 Survey Administration 83
3.2.3 Sample Characteristics 83
3.2.4 Data Analyses 85
3.3 Results 87
3.3.1 Impacts of Decision Makers’ IT Security Risk Perceptions on Providers’ IT Security Risk Management 87
3.3.2 Existence of Unrealistic Optimism in the IT Security Risk Perceptions of Providers’ Decision Makers 95
3.4 Discussion of Study Findings 104
4 Part II: Perceptual Incongruences regarding the IT Security Risks as a Barrier to Cloud Adoption 109
4.1 Theoretical Background and Hypotheses Development 109
4.1.1 Perceptual Congruence 109
4.1.2 Perceptual Incongruences regarding the IT Security Risks 111
4.1.3 Cognitive Dissonance Theory 113
4.1.4 Expectation Confirmation Theory 115
4.1.5 Cloud Adoption 116
4.2 Research Methodology 119
4.2.1 Measurement Model 119
4.2.2 Survey Administration 120
4.2.3 Sample Characteristics 121
4.2.4 Data Analyses 123
4.3 Results 125
4.3.1 Existence of Perceptual Incongruences between Providers and Customers regarding the IT Security Risks 125
4.3.2 Impacts of Perceptual Incongruences between Providers and Customers regarding the IT Security Risks on Cloud Adoption 127
4.4 Discussion of Study Findings 132
5 Conclusion and Summary of Key Findings 135
5.1 Implications for Theory and Research 135
5.2 Implications for Practice 139
5.2.1 Implications and Recommended Actions for Providers 139
5.2.2 Implications and Recommended Actions for (Potential) Customers 142
5.3 Limitations and Future Research Directions 143
5.4 Résumé 146
Appendix 148
A.1 Supporting Material for Part I (Chapter 3) 148
A.1.1 Measurement Items 148
A.1.2 Validity Analysis 153
A.1.3 Consistency Analysis of the Absolute Unrealistic Optimism Classifier 154
A.1.4 Multi-Group Analysis of the Structural Model 155
A.2 Supporting Material for Part II (Chapter 4) 156
A.2.1 Measurement Items 156
A.2.2 Validity Analysis 157
A.2.3 Formation of IT Security Risk Perceptions in the Context of the Cloud 158
References 159