Critical success factors for an effective security risk management program in an organization: An exploratory case study




Zafar, Humayun

Journal Title

Journal ISSN

Volume Title



This study investigates differences in perception between layers of management (executive, middle, and lower) and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness. This is an in-depth case study conducted at a Fortune 500 company. Rockart's (1979) CSF method is modified through the use of Kahn et al's (1964) role theory. Role theory tenets such as role consensus, role compliance, communication, role conflict, and role ambiguity form the basis of introducing six initial CSFs. The initial CSFs are executive management, organization maturity, open communication, risk management stakeholders, team member empowerment, and holistic view of organization. Initial CSFs along with three additional CSFs (security maintenance, corporate security strategy, and human resource development) are confirmed to exist in the organization through interviews with select management and staff employees.

Employing ordinary least squares regression using dummy variables from responses of a validated survey, the study shows that management and staff agree that each of the nine CSFs are important for SRM effectiveness. However, they differ on the level of importance of each CSF. With regard to six of the nine CSFs (executive management support, organization maturity, open communication, holistic view of organization, corporate security strategy, and human resource development), management and staff concur on their current implementation practices and have a positive perception regarding their impact on SRM effectiveness. However, more importantly, the results also indicate that both management and staff are not satisfied with the current practices pertaining to risk management stakeholders, team member empowerment, and security maintenance. Recommendations are provided for improving the practices associated with these three CSFs.


This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.


Case Study, Security, Security Risk Management



Information Systems and Cyber Security