Table 1 The five least important and five most important factors rated across participants (Study 1, n = 38)
From: Factors influencing network risk judgments: a conceptual inquiry and exploratory analysis
| Â | Factor # | Mean | SD | Factor description |
|---|---|---|---|---|
Least Important | 30 | 38.8 | 29.5 | The perceived organizational allegiance (purchases predominantly domestic brands of hardware/software versus purchases foreign brands) |
| Â | 39 | 39.6 | 32.2 | Different methods of paying the contractor (e.g., fixed price versus cost plus) to your perception of risk? Fixed price: Payment is a flat fee that must meet predetermined list of requirements. Cost plus: Payment is not flat fee, but it scales over time to cover unforeseen costs of meeting predetermined requirements. |
|  | 49 | 40.6 | 30.5 | The presence or absence of an organization’s fear-driven responsiveness to threat |
| Â | 44 | 41.8 | 30.5 | The open- or closed-source protection technology used by your organization |
|  | 25 | 42.0 | 30.9 | The recertification cycle (e.g., short versus long) as a constraint effecting the ability to secure the organization’s network before an attack |
Most Important | 66 | 79.9 | 21.4 | The complexity of the organization’s systems and/or networks that makes it easy or difficult to secure |
|  | 45 | 80.5 | 13.7 | The organization’s response to threats (proactively planned for an attack versus reactively responded to an attack) |
| Â | 31 | 80.8 | 23.3 | The level of skill the adversary has (e.g., professional or amateur) |
|  | 51 | 81.1 | 14.3 | The maturity of the organization’s system capabilities for network defense |
|  | 18 | 83.5 | 17.4 | The adversary’s knowledge (e.g., high versus low knowledge) about the organization’s deployed network and security technology |