Targeting the information security issue related to a bank loan process, this study aims to explore an approach that is user‐friendly to non‐information technology managers to be actively participative in the process of investigating the underlying information‐processing infrastructure.
A case study approach is used to analyze the safeguard gaps between the physical information assets (IAs) of a business process and their digital counterparts.
This study shows the existence of safeguard gaps between the physical IAs of a business process and their digital counterparts, explores a way of investigating such gaps, and provides (detection‐ and prevention‐oriented) managerial proposals to cope with the safeguard gap issue.
The existence of safeguard gaps releases (warning) signal to executives and executives should consult managers on how to manage these safeguard gaps. There are two types of managerial proposals to cope with the safeguard gap issue. The detection‐oriented proposals aim at ensuring early detection and interception of security breaches;, e.g. setting up a cross‐audit function to discover the security breaches. The prevention‐oriented proposals aim at alleviating the safeguard gaps;, e.g. re‐designing the processes of operation management and the associated risk management.
