@article{7f2054d926c24ef3955b73281348a075,
title = "Theorizing the concept and role of assurance in information systems security",
abstract = "Assurance has different meanings, depending on the source, audience, and interpretation. We applied institutional theory and the Capability Maturity Model to conceptualize assurance: its symbolic aspects to gain social acceptance, and its substantive aspects to improve organizational capability and effectiveness in performing IS security risk management (SRM). An empirical study examined assurance-seeking behavior and outcomes for regulatory compliance. Some degree of process maturity in SRM was found necessary for producing convincing verbal accounts and compliance evidence. Findings suggest that unless an organization's assurance claims are based on achieving Level 4 maturity, assurance will be based more on symbolism than effectiveness.",
author = "Spears, {Janine L.} and Henri Barki and Barton, {Russell R.}",
note = "Funding Information: Janine L. Spears is an Assistant Professor at DePaul University's School of Computing where she teaches graduate and undergraduate courses in information security management, legal issues in information assurance, system analysis, and organizational modeling. Professor Spears{\textquoteright} research focuses on regulatory and organizational issues in information security and consumer privacy, and on methodologies for integrating information security into information systems analysis and design. She holds a PhD from the Smeal College of Business at the Pennsylvania State University and completed a postdoctoral fellowship at HEC Montreal. She holds an MBA from Case Western Reserve University and a B.S. in Computer Information Systems from California State University at Los Angeles. Funding Information: The authors would like to thank the Smeal College of Business , the Center for Digital Transformation at the Smeal College of Business , EWA Information Infrastructure and Technologies , NSF Grant DMI-0335720 , and the Canada Research Chairs Program for their financial support. ",
year = "2013",
doi = "10.1016/j.im.2013.08.004",
language = "English (US)",
volume = "50",
pages = "598--605",
journal = "Information and Management",
issn = "0378-7206",
publisher = "Elsevier B.V.",
number = "7",
}