This thesis research evaluates the extent to which IT decision makers consider security concerns and requirements while performing technology acquisition in small-to-medium sized organizations. The research sought to understand what factors influence decision maker attitudes on the role of security during acquisition and how these attitudes and decision strategies affect security throughout the system lifecycle. Through an interview based study, with fifteen IT decision makers from small-to-medium sized organizations, decision maker attitudes and organizational practices were evaluated. The findings suggest that security is not often considered during the acquisition process and is not a crucial element of acquisition decision and selections strategies for a majority of the sample. There is, however, a significant relationship between acquisition and security throughout the system lifecycle and the findings further suggest that end-user consideration and involvement are crucial elements for both acquisition and security.
Library of Congress Subject Headings
Information technology--Management; Information technology--Evaluation; Computer networks--Security measures; Computer security
Goldman, Eric, "Securing the IT acquisition security chain: Security concerns and human factors in IT acquisition" (2010). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus