Abstract
This research focuses on the communication of security risk messages among organizations and particularly on communication between IT employees and managers within a bank in Greece. An important aspect of any information systems (IS) security activity is about ensuring the security of its infrastructure, and in doing so, communication is a key necessity for present e-banking security managers. Two questions motivated this research. First, what is the experience of organizations following e-banking security measures and controls as part of security management procedures? Second, what are the communication standards and procedures that play an important role in the success of e-banking security adoption? The research findings aim to shed some light into new communication practices that can be of use to IS security risk management. A case study research approach was used to investigate security communication in e-banking adoption. The issues of communication found to play an important role in e-banking security included: organizational flexibility, availability of resources, e-banking project alignment, support from top management, information transparency and security knowledge and awareness. The article concludes that banks may need to eradicate security communication problems through the successful appliance and establishment of the previously mentioned communication issues in e-banking security adoption.
Similar content being viewed by others
References
Albrechtsen, E. (2007) A qualitative study of user's view on information security. Computer and Security 26 (4): 276–289.
Backhouse, J. and Dhillon, G. (1996) Structures of responsibility and security of information systems. European Journal of Information Systems 5 (1): 2–9.
Beatson, J.G. (1991) Security – A personnel issue: The importance of personnel attitudes and security education. In: K. Dittrich, S. Rautakivi and J. Saari (eds.) Computer Security and Information Integrity. Amsterdam, The Netherlands: Elsevier Science Publishers, pp. 29–38.
Cavaye, A.L. (1996) Case study research: A multi-faceted research approach for IS. Information Systems Journal 6 (3): 227–242.
Debar, H. and Viinikka, J. (2006) Security information management as an outsourced service. Computer Security 14 (5): 416–434.
Denzin, N.K. (1989) The Research Act, 3rd edn. Englewood Cliffs, NJ: Prentice-Hall.
Dhillon, G. (2001) Challenges in managing information security in the new millennium. In: G. Dhillon (ed.) Information Security Management: Global Challenges in the New Millennium. Hershey, PA: Idea Group Publishing, pp. 1–8.
Dhillon, G. and Backhouse, J. (2001) Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal 11 (2): 127–153.
Dhillon, G. and Torkzadeh, G. (2006) Values-focused assessment of information system security in organizations. Information Systems Journal 16 (3): 293–314.
Dobson, J. (1991) A methodology for analysing human and computer-related issues in secure systems. In: K. Dittrich, S. Rautakivi and J. Saari (eds.) Computer Security and Information Integrity. Amsterdam: Elsevier Science Publishers, pp. 151–170.
Eisenhardt, K.M. (1989) Building theories from case study research. Academy of Management Review 14 (4): 532–550.
Flick, U. (1992) Triangulation revisited: Strategy of validation or alternative? Journal for the Theory of Social Behaviour 22 (2): 175–198.
Galliers, R.D. (1992) Choosing information system research approaches. In: R. Galliers (ed.) Information Systems Research: Issues, Methods and Practical Guidelines, pp. 144–146, Oxford: Blackwell Scientific Publications.
Gefen, D., Karahanna, E. and Straub, D. (2003) Trust and TAM in online shopping: An integrated model. MIS Quarterly 27 (1): 51–90.
Gefen, D. and Straub, W. (2004) Consumer trust in b2c e-commerce and the importance of social presence: Experiments in e-products and e-services. Omega 32 (6): 407–424.
James, H. (1996) Managing information systems security: A soft approach. In P. Sallis (ed.) Proceedings of the Information Systems Conference of New Zealand. Washington DC: IEEE, pp. 10–20.
Janesick, V. (2000) The choreography of qualitative research design. In: N.K. Denzin and Y.S. Lincoln(eds.) Handbook of Qualitative Research. Thousand Oaks, CA: Sage.
Keeney, R.L. (1999) The value of internet commerce to the customer. Management Science 45 (3): 533–542.
Kokolakis, S.A., Demopoulos, A.J. and Kiountouzis, E.A. (2000) The use of business process modelling in information systems security analysis and design. Information Management and Computer Security 8 (3): 107–116.
Koskosas, I.V. (2008) Goal setting and trust in a security management context. Information Security Journal: A Global Perspective 17 (3): 151–161.
Leach, J. (2003) Improving user security behaviour. Computers and Security 22 (8): 685–692.
McKnight, D.H., Cummings, L.L. and Chervany, N.L. (2002) Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research 13 (3): 334–359.
Mikhailov, A.I., Chernyi, A.I. and Giliarevskii, R.S. (1984) Scientific Communications and Informatics. Arlington, VA: Information Resources Press.
National Research Council. (1999) Improving Risk Communication. Washington DC: National Academy Press. Report of the Committee on Risk Perception and Communication, Commission on Behavioural and Social Sciences and Education, National Research Council.
Nolan, J. (2005) Best practices for establishing an effective workplace policy for acceptable computer usage. Information Systems Control Journal 6 (2): 32–35.
Orlikowski, W. and Gash, D. (1994) Technological frames: Making sense of information technology in organizations. ACM Transactions on Information Systems 12 (3): 174–207.
Otway, H. and Wynne, B. (1989) Risk communication: Paradigm and paradox. Risk Analysis 9 (2): 141–145.
Patton, M. (1990) Qualitative Evaluation and Research Methods, 2nd edn. London, UK: Sage Publications.
Regan, K. and Macaluso, N. (2000) Report: Consumers cool to net banking. E-Commerce Times October 3, http://www.ecommercetimes.com/story/4449.html, accessed 19 April 2010.
Ridings, C., Gefen, D. and Arinze, B. (2002) Some antecedents and effects of trust in virtual communities. Journal of Strategic Information Systems 11 (3/4): 271–295.
Rogers, E.M. and Kincaid, D.L. (1981) The convergence model of communication and network analysis. In: E. M. Rogers and D. L. Kincaid (eds.) Communication Networks: Toward a New Paradigm for Research. New York: Free Press, pp. 31–78.
Rubin, H.J. and Rubin, I.S. (1995) Qualitative Interviewing, The Art of Hearing Data. California, USA: Sage Publications.
Sarker, S., Valacich, S.J. and Sarker, S. (2003) Virtual team trust: Instrument development and validation in an is educational environment. Information Resources Management Journal 16 (2): 35–55.
Simpson, B. and Wilson, M. (1999) Shared cognition: Mapping commonality and individuality. Advances in Qualitative Organizational Research 2: 73–96.
Siponen, M.T. (2001) An analysis of the recent IS security development approaches: Descriptive and prescriptive implications. In: G. Dhillon (ed.) Information Security Management: Global Challenges in the New Millenium. Hershey, PA: Idea Group Publishing.
Straub, D. and Welke, R. (1998) Coping with systems risks: Security planning models for management decision making. MIS Quarterly 22 (4): 441–469.
Turban, E., Lee, J., King, D. and Chung, H.M. (2000) Electronic Commerce: A Managerial Perspective. Upper Saddle River, NJ: Prentice Hall.
Walsham, G. (1995) Interpretive case studies in is research: Nature and method. European Journal of Information Systems 4 (2): 74–81.
Willcocks, L. and Margetts, H. (1994) Risk assessment and information systems. European Journal of Information Systems 3 (2): 127–138.
Workman, M. (2007) Gaining access with social engineering: An empirical study of the threat. Information Systems Security 16 (6): 315–331.
Yin, R.K. (1994) Case Study Research, Design and Methods. Newbury Park, CA: Sage Publications.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Koskosas, I. E-banking security: A communication perspective. Risk Manag 13, 81–99 (2011). https://doi.org/10.1057/rm.2011.3
Published:
Issue Date:
DOI: https://doi.org/10.1057/rm.2011.3