Journal article Open Access

Information Security Risk Management in IT-Based Process Virtualization: A Methodological Design Based on Action Research

Jefferson Camacho Mejía; Jenny Paola Forero Pachón; Luis Carlos Gómez Flórez

Action research is a qualitative research methodology, which leads the researcher to delve into the problems of a community in order to understand its needs in depth and finally, to propose actions that lead to a change of social paradigm. Although this methodology had its beginnings in the human sciences, it has attracted increasing interest and acceptance in the field of information systems research since the 1990s. The countless possibilities offered nowadays by the use of Information Technologies (IT) in the development of different socio-economic activities have meant a change of social paradigm and the emergence of the so-called information and knowledge society. According to this, governments, large corporations, small entrepreneurs and in general, organizations of all kinds are using IT to virtualize their processes, taking them from the physical environment to the digital environment. However, there is a potential risk for organizations related with exposing valuable information without an appropriate framework for protecting it. This paper shows progress in the development of a methodological design to manage the information security risks associated with the IT-based processes virtualization, by applying the principles of the action research methodology and it is the result of a systematic review of the scientific literature. This design consists of seven fundamental stages. These are distributed in the three stages described in the action research methodology: 1) Observe, 2) Analyze and 3) Take actions. Finally, this paper aims to offer an alternative tool to traditional information security management methodologies with a view to being applied specifically in the planning stage of IT-based process virtualization in order to foresee risks and to establish security controls before formulating IT solutions in any type of organization.

Files (209.0 kB)
Name Size
10010626.pdf
md5:c7e0252f7c2d71f7329a54bdd5494406
209.0 kB Download
60
57
views
downloads
All versions This version
Views 6060
Downloads 5757
Data volume 11.9 MB11.9 MB
Unique views 5454
Unique downloads 5555

Share

Cite as