gfwmTHEMEN12Mrz2017Gatekeeper
Sie wollen auch ein ePaper? Erhöhen Sie die Reichweite Ihrer Titel.
YUMPU macht aus Druck-PDFs automatisch weboptimierte ePaper, die Google liebt.
eine Fachpublikation der Gesellschaft für Wissensmanagement e.V.<br />
Ausgabe 12 – März 2017<br />
S. Schwerd: Information Risk Management<br />
hypothesis where the Mann-Whitney-U<br />
Test shows conformity of the test-results<br />
within the range. Also looking here into<br />
the particular answers of the mid-levelmanagers,<br />
which are: 8 votes for “strongly<br />
disagree”, 23 for “disagree”, 26 for<br />
“neither”, 50 for “agree”, and 24 for “fully<br />
agree”. With this a similar trigger as<br />
the above discussed reason might lead<br />
to the different test-results between the<br />
two test methods. The comparable wide<br />
and flat distribution might leads in the<br />
rank-comparison to a confirming result<br />
whereas the calculated means of the T-<br />
Test would “drift” down comparably far<br />
and not confirm conformity.<br />
Interpretation of test results: The test results<br />
show in both test methods a clear<br />
and consistent tendency of significant<br />
conformity to the hypothesis between<br />
the mid-level-managers perception<br />
on the causal relation between IRM-<br />
Information Controls and SDM Damage<br />
Control/Prevention. In other words, the<br />
mid-level-mangers would see the causal<br />
relation with the tendency of importance<br />
that IRM- Damage Control/Prevention<br />
would contribute to SDM Information<br />
Controls as a causal relation even on<br />
a higher level than the empiric norm of<br />
the IRM-Experts. mid-level-managers<br />
perception that SDM Damage Control/<br />
Prevention would be a result of a causal<br />
relation beginning also with IRM Information<br />
Controls measures is confirming the<br />
hypotheses.<br />
Impact for business organizations: as<br />
both test show overall similar tendency<br />
of over-conformity of the perception<br />
compared to the empiric norm an applicable<br />
and balanced level of perception<br />
needs to be reached – here even more,<br />
this calls for detailed and reoccurring<br />
review of the business organizations<br />
to carefully limit the engagement in a<br />
well-balanced and individual way. As<br />
potential concrete corrective actions a<br />
solid training/awareness campaign is<br />
proposed, accompanied by a setup of<br />
an independent experts-organization,<br />
which can help the departments to leverage<br />
activities and efforts on a balanced<br />
level. Especially this case shows clearly,<br />
that there is a general perception of midlevel-managers<br />
on Information Risk-Management<br />
but seemingly limited to only<br />
this special case, which is in tendency<br />
over-stressed.<br />
This consequently might end up in a<br />
risk of highly inconsistent information<br />
risk managementd treatment which is<br />
focused too much on technical controls,<br />
which seem to be the way of doing IRM<br />
at all. Also here aggregated /strategic<br />
decisions are built on this behavior –<br />
consequently, there is a risk in current<br />
business organizations that out of this,<br />
the focus even on executive level is too<br />
limited in this aspect and potentially too<br />
much attention (and money) is given to<br />
it compared to the other triggers in IRM<br />
modelled in this scientific work.<br />
Results Summary<br />
It could be shown that in both relations examined, the tendency of “over-doing” is<br />
clearly visible. In other words, current perception on the correlations shows in both<br />
cases the tendency to first fail similarity in the group-comparison but due to the single<br />
sided hypotheses, it could be shown, that the general conformity is given, but even<br />
with significant difference.<br />
39