Information Security in the Extended Enterprise
Topics: Enterprise IT
M. Eric Johnson, Hans Brechbühl
Field Study, 2005
What are the main drivers of private-section investment in information security? How exposed are firms to cyber risks arising from their reliance on the information infrastructure? Initial results are presented from a field study of a manufacturing company and four of its suppliers of different sizes. We find that many managers believe: that information security is less a competitive advantage than a qualifier for doing business; that firms’ internal networks are not at additional risk as a result of using the information infrastructure to integrate their supply chains; and that their supply chains are robust to internet outages of up to a week in duration. We discuss their security perceptions and actions in the context of a cost model.