Towards a Framework for Strategic Security Context in Information Security Governance

被引：8

作者：

Maynard, Sean B. ^{[1
]}

Tan, Terrence ^{[2
]}

Ahmad, Atif ^{[1
]}

Ruighaver, Tobias ^{[3
]}

机构：

[1] Univ Melbourne, Sch Comp & Informat Syst, Melbourne, Vic, Australia

[2] Univ Melbourne, Melbourne, Vic, Australia

[3] Univ Melbourne, Org Informat Secur Grp, Melbourne, Vic, Australia

来源：

PACIFIC ASIA JOURNAL OF THE ASSOCIATION FOR INFORMATION SYSTEMS | 2018年 / 10卷 / 04期

关键词：

Security Culture; Decentralized Decision Making; Security Strategic Context; Business Security Strategies; Information Security Governance;

D O I：

10.17705/1PAIS.10403

中图分类号：

G25 [图书馆学、图书馆事业]; G35 [情报学、情报工作];

学科分类号：

1205 ; 120501 ;

摘要：

Information security governance influences the quality of strategic decision-making to ensure that investments in security are effective. Security governance involves a range of activities including adjusting organisational structures, designating roles and responsibilities, allocating resources, managing risks, measuring results, and gauging the adequacy of audits and reviews. We identified three security issues in an organisation around strategic context in an in-depth and revelatory case study. These are (1) limited diversity in decision-making; (2) lack of guidance in corporate-level mission statements to security decision-makers; (3) a bottom-up approach to security strategic context development. We further argue that instead of an approach that is based on risk and controls, organisations should address objectives and strategies through developing depth in their security strategic context.

引用

页码：65 / 88

页数：24

共 50 条

[1] Towards a holistic Information Security Governance Framework for SOA
Coetzee, Marijke
[J]. 2012 SEVENTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES), 2012, : 155 - 160
[2] An information security governance framework
Da Veiga, A.
Eloff, J. H. P.
[J]. INFORMATION SYSTEMS MANAGEMENT, 2007, 24 (04) : 361 - 372
[3] A framework for the governance of information security
Posthumus, S
von Solms, R
[J]. COMPUTERS & SECURITY, 2004, 23 (08) : 638 - 646
[4] Towards the Formulation of Information Security Governance Framework for the Banking System
Ula, Munirul
Sidek, Zailani Mohamed
Ismail, Zuraini Bt
[J]. BUSINESS TRANSFORMATION THROUGH INNOVATION AND KNOWLEDGE MANAGEMENT: AN ACADEMIC PERSPECTIVE, VOLS 1-2, 2010, : 1261 - 1270
[5] A Framework for Information Security Governance and Management
Carcary, Marian
Renaud, Karen
McLaughlin, Stephen
O'Brien, Conor
[J]. IT PROFESSIONAL, 2016, 18 (02) : 22 - 30
[6] The Importance Of Governance And Culture On Strategic Information Security
Williams, Neville I.
[J]. CREATING GLOBAL COMPETITIVE ECONOMIES: A 360-DEGREE APPROACH, VOLS 1-4, 2011, : 925 - 931
[7] Information governance: information security and access within a UK context
Lomas, Elizabeth
[J]. RECORDS MANAGEMENT JOURNAL, 2010, 20 (02) : 182 - +
[8] Developing and Validating a Healthcare Information Security Governance Framework
Mahncke, Rachel
Williams, Patricia
[J]. ELECTRONIC JOURNAL OF HEALTH INFORMATICS, 2014, 8 (02):
[9] A framework for the governance of information security: Can it be used in an organization
Antoniou, George S.
[J]. IEEE SOUTHEASTCON 2018, 2018,
[10] Improved Security through Information Security Governance
Johnston, Allen C.
Hale, Ron
[J]. COMMUNICATIONS OF THE ACM, 2009, 52 (01) : 126 - 129

← 1 2 3 4 5 →