Theorizing the concept and role of assurance in information systems security

Janine L. Spears, Henri Barki, Russell R. Barton

Research output: Contribution to journalArticlepeer-review

24 Scopus citations


Assurance has different meanings, depending on the source, audience, and interpretation. We applied institutional theory and the Capability Maturity Model to conceptualize assurance: its symbolic aspects to gain social acceptance, and its substantive aspects to improve organizational capability and effectiveness in performing IS security risk management (SRM). An empirical study examined assurance-seeking behavior and outcomes for regulatory compliance. Some degree of process maturity in SRM was found necessary for producing convincing verbal accounts and compliance evidence. Findings suggest that unless an organization's assurance claims are based on achieving Level 4 maturity, assurance will be based more on symbolism than effectiveness.

Original languageEnglish (US)
Pages (from-to)598-605
Number of pages8
JournalInformation and Management
Issue number7
StatePublished - 2013

All Science Journal Classification (ASJC) codes

  • Management Information Systems
  • Information Systems
  • Information Systems and Management


Dive into the research topics of 'Theorizing the concept and role of assurance in information systems security'. Together they form a unique fingerprint.

Cite this