Bilişim Sistemlerinde Risk Yönetimi Benimsem Modeli

Bilişim teknolojileri (BT) kurumlar tarafından daha yaygın kullanır hale geldikçe, BT risklerinin yönetimi de kurumların devamı için giderek artan düzeyde önemli olmuştur. BT risklerinin yönetilmesinde önemli bir nokta da, çalışanların kullandıkları BT güvenliği ile ilgili kontrol ve standartlara bağlılığıdır. Bu çalışmanın amacı, kullanıcıların BT riskleri yönetimi uygulamalarına karşı tutumlarını ve davranışlarını etkileyen faktörleri belirlemektir. Araştırma sonucunda Teknoloji Kabullenme Modelinin temel değişkenleri yanısıra, risk algılaması, kurumsal faktörler ve güvenlik konusundaki kişisel bilgi ve bilincin etkili olduğu bulunmuştur.

Information Systems Risk Management Adoption Model

As organizations become using information technology (IT) more extensive, IT risk management is turning out to be more crucial for the continuity of the organizations. One important aspect of IT risk management is the commitment of users to IT security standards and controls. This paper aims to find the leading factors that affect the users' attitude and behaviour towards IT risk management procedures. As the result of the research, besides the basic factors of Technology Acceptance Model, risk perception, organizational factors and security knowledge and consciousness have been found to be effective.

PDF

___

AJZEN, Icek, 1991, "The Theory of Planned Behavior", Organizational Behavior and Human Decision Processes, 50 (2), s:179-211.
AKÇAÖZ, H. , ÖZKAN, B.,. 2005, "Determining Risk Sources and Strategies Among Farmers of Contrasting Risk Awareness: A Case Study For Çukurova Region of Turkey", Journal of Arid Environments, 62 (4), s:661-675.
ATKINSON, William, 2005, "Integrating Risk Management & Security", Risk Management, 52 (10)s:32.
BAJAJ, A , NIDUMOLU, S.R., 1998, "A Feedback Model To Understand Information System Usage", Information & Management, 33 (4), s:213-224.
BRODERICK, Stuart., 2001, "Information Security Risk Management - When Should It Be Managed?", Information Security Technical Report, 6 (3), s: 12-18.
JONES, A.B. , HUBONA, G.S., 2005, "Individual Differences and Usage Behavior: Revisiting A Technology Acceptance Model Assumption", ACMSIGMISDatabase, 36 (2), s:58-77.
CAELLI, William J., 2002, "Trusted ...or... Trustworthy: The Search For A New Paradigm For Computer and Network Security", Computers & Security, 21 (5), s:413-420.
Computer Security Institute, CSI-Computer Crime and Security Survey, 2007.
COOPER, R. , ZMUD, R.W., 1990,"Information Technology Implementation Research: A Technological Diffusion Approach", Management Science, 36 (2), s:123-139.
COVIN, J.G. , SLEVIN, D.P. , HEELEY, M.B., 2001, "Strategic Decision Making In An Intuitive Vs. Technocratic Mode: Structural and Environmental Considerations", Journal of Business Research, 52 (1), s:51-67.
CUNNINGHAM, Scott M., 1967, The Major Dimensions of Perceived Risk., Risk Taking and Information Handling In Consumer Behavior, Boston, Harvard University Press.
DAVIS, Fred D., 1989, "Perceived Usefulness, Perceived Ease Of Use, and User Acceptance of Information Technologies", MIS Quarterly, 13 (3), s:319-340.
Devlet İstatistik Kurumu, Bilişim Teknolojileri Kullanımı Araştırması, Kasım 2007.
FEATHERMAN, M.S. , PAVLOU, P.A., 2003, "Predicting E-Services Adoption: A Perceived Risk Facets Perspective", International Journal of Human-Computer Studies, 59 (4), s:451-474.
FISHBEIN, M. , AJZEN, I. , 1975, Belief, Attitude, Intention and Behavior: An Introduction To Theory and Research, MA, Addison-WesleyPub. Co.
GALLIVAN, Michael J. , 2001, "Organizational Adoption and Assimilation of Complex Technological Innovations: Development and Application of A New Framework", ACM SIGMIS Database, 32 (3), s:51-85.
GERBER, M. , VON SOLMS, R. , 2005, "Management of Risk In The Information Age", Computers & Security, 24(1), s:16-30.
HUANG,E.,CHUANG,M.H.,2004, "Extending The Theory of Planned Behaviour As A Model To Explain Post-Merger Employee Behaviour of Is Use", Computers In Human Behavior, 23 (1), s:240-257.
International Data Corporation, Worldwide It Spending 2007-2011 Forecast Update: November 2007.
JAEGER, C.C., RENN, O., ROSA, E.A. , WEHLER,T., 2001, Risk, Certainty, and Rational Action, Londra, Earthscan.
JARVENPAA, S.L. , IVES, B. , 1991, "Executive Involvement and Participation In The Management of It", MIS Quarterly, 15 (2), s:205-227.
KANKANHALLI, A. , TEO, H. , TAN, B.C.Y. , WEI, K., 2003, "An Integrative Study of Information Systems Security Effectiveness", International Journal of Information Management, 23 (2), s:139-154.
KNAPP,KJ.,MARSHALL,T.E.,RAINER, R.K. Jr. , FORD, F.N. , 2005,"Managerial Dimensions In Information Security- A Theoretical Model of Organizational Effectiveness", A Research Report Prepared For The (Isc)2 Constituency.
KOSKOSAS,I.V.,PAUL,R.J., 2004,"The Interrelationship and Effect of Culture and Risk Communication In Setting Internet Banking Security Goals", Icec'04, Sixth International Conference On Electronic Commerce.
KUTSCH, E. , HALL, M., 2005, "Intervening Conditions On The Management of Project Risk: Dealing With Uncertainty In Information Technology Projects", International Journal of Project Management, 23 (8), s:591-599
KWAK, Y.H. , LAPLACE, K.S. , 2005, "Examining Risk Tolerance In Project-Driven Organization", Technovation, 25 (6), s:691-695.
LUFTMAN, J. , MCLEAN, E.R., 2004, "Key Issues For It Executives ", MIS Quarterly Executive, 3 (2), s:89-104.
PABLO, Amy L., 1997, "Reconciling Predictions of Decision Making Under Risk", Journal of Managerial Psychology, 12 (1), s:4-20.
SCHLIENGER, T. , TEUFEL, S., 2003, "Analyzing Information Security Culture: Increased Trust By An Appropriate Information Security Culture", Proceedings of The 14th International Workshop On Database and Expert Systems Applications.
SIEGRIST, Michael, 2000, "The Influence of Trust and Perceptions of Risks and Benefits On The Acceptance of Gene Technology", Risk Analysis, 20(2), s: 195-204.
STEWART, Andrew, 2004, "On Risk: Perception and Direction", Computers & Security, 23 (5), s:362-370.
TENEYUCA, David, 2001, "Organizational Leader's Use of Risk Management For Information Technology", Information Security Technical Report, 6 (3), s:54-59.
VAN DER HEIJDEN, H., VERHAGEN, T. , CREEMERS, M. , 2003, "Understanding Online Purchase Intentions- Contributions From Technology and Trust Perspectives", European Journal of Information Systems, 12 (1), s:41-48.
VENKATESH, V. , DAVIS, F. D., 2000, "A Theoretical Extension of The Technology Acceptance Model: Four Longitudinal Field Studies", Management Science, 46 (2), s:186-204.
VENKATESH, V. , MORRIS, M.G. , DAVIS, G.B. , DAVIS, F.D., 2003, "User Acceptance of Information Technology: Toward A Unified View", MIS Quarterly, 27 (3), s:425-478.
VIJAYASARATHY, Leo R., 2004, "Predicting Consumer intentions To Use On-Line Shopping: The Case For An Augmented Technology Acceptance Model", Information & Management, 4! (6), s:747-762.
VON NEUMANN, J. MORGENSTERN, O., 1953, Theory of Games and Economic Behavior,Abd, Princeton University Press, 3rd Ed.
VON SOLMS, Basie, 2005, "Information Security Governance: Cobit Or Iso 17799 Or Both?", Computers & Security, 24 (2), s:99-104.
WARD,P.,SMITH,C.L,2002,"The Development of Access Control Policies For Information Technology Systems",Computers & Security, 21 (4), s:356-371.
WEBER, Elke U., 2001, "Personality and Risk Taking", International Encyclopedia of The Social & Behavioral Sciences, İngiltere, Elsevier Science Limited, s: 11274-11276.
WILEMON, D.L., CICERO, J.P., 1970, "The Project Manager— Anomalies and Ambiguities", The Academy of Management Journal,13 (3), s:269-282.