Eric Goldman


This thesis research evaluates the extent to which IT decision makers consider security concerns and requirements while performing technology acquisition in small-to-medium sized organizations. The research sought to understand what factors influence decision maker attitudes on the role of security during acquisition and how these attitudes and decision strategies affect security throughout the system lifecycle. Through an interview based study, with fifteen IT decision makers from small-to-medium sized organizations, decision maker attitudes and organizational practices were evaluated. The findings suggest that security is not often considered during the acquisition process and is not a crucial element of acquisition decision and selections strategies for a majority of the sample. There is, however, a significant relationship between acquisition and security throughout the system lifecycle and the findings further suggest that end-user consideration and involvement are crucial elements for both acquisition and security.

Library of Congress Subject Headings

Information technology--Management; Information technology--Evaluation; Computer networks--Security measures; Computer security

Publication Date


Document Type



Pan, Yin

Advisor/Committee Member

Rantanen, Esa

Advisor/Committee Member

Baroody, James


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013.


RIT – Main Campus