Towards a Framework for Strategic Security Context in Information Security Governance

被引：8

作者：

Maynard, Sean B. ^{[1
]}

Tan, Terrence ^{[2
]}

Ahmad, Atif ^{[1
]}

Ruighaver, Tobias ^{[3
]}

机构：

[1] Univ Melbourne, Sch Comp & Informat Syst, Melbourne, Vic, Australia

[2] Univ Melbourne, Melbourne, Vic, Australia

[3] Univ Melbourne, Org Informat Secur Grp, Melbourne, Vic, Australia

来源：

PACIFIC ASIA JOURNAL OF THE ASSOCIATION FOR INFORMATION SYSTEMS | 2018年 / 10卷 / 04期

关键词：

Security Culture; Decentralized Decision Making; Security Strategic Context; Business Security Strategies; Information Security Governance;

D O I：

10.17705/1PAIS.10403

中图分类号：

G25 [图书馆学、图书馆事业]; G35 [情报学、情报工作];

学科分类号：

1205 ; 120501 ;

摘要：

Information security governance influences the quality of strategic decision-making to ensure that investments in security are effective. Security governance involves a range of activities including adjusting organisational structures, designating roles and responsibilities, allocating resources, managing risks, measuring results, and gauging the adequacy of audits and reviews. We identified three security issues in an organisation around strategic context in an in-depth and revelatory case study. These are (1) limited diversity in decision-making; (2) lack of guidance in corporate-level mission statements to security decision-makers; (3) a bottom-up approach to security strategic context development. We further argue that instead of an approach that is based on risk and controls, organisations should address objectives and strategies through developing depth in their security strategic context.

引用

页码：65 / 88

页数：24

共 50 条

[41] Integrating information security into corporate governance
Thomson, KL
von Solms, R
[J]. SECURITY AND PRIVACY IN THE AGE OF UNCERTAINTY, 2003, 122 : 169 - 180
[42] A FRAMEWORK FOR INFORMATION SECURITY MANAGEMENT
Angheluta, Dragos-Ionut
Lupu, Luminita-Mihaela
[J]. FROM MANAGEMENT OF CRISIS TO MANAGEMENT IN A TIME OF CRISIS, 2016, : 2 - 16
[43] Alcatel information security framework
Hayes, J
[J]. ALCATEL TELECOMMUNICATIONS REVIEW, 2002, (04): : 273 - 279
[44] Security Framework for Information Systems
Martins, Jose
dos Santos, Henrique
Nunes, Paulo
[J]. PROCEEDINGS OF THE 8TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2009, : 164 - 176
[45] A FRAMEWORK FOR INFORMATION SECURITY EVALUATION
VONSOLMS, R
VANDEHAAR, H
VONSOLMS, SH
CAELLI, WJ
[J]. INFORMATION & MANAGEMENT, 1994, 26 (03) : 143 - 153
[46] A framework for the management of information security
Leiwo, J
Zheng, YL
[J]. INFORMATION SECURITY, 1998, 1396 : 232 - 245
[47] A responsibility framework for information security
Posthumus, S
von Solms, R
[J]. SECURITY MANAGEMENT, INTEGRITY, AND INTERNAL CONTROL IN INFORMATION SYSTEMS, 2005, 193 : 205 - 221
[48] Towards a Data-Driven Enterprise: Effects on Information, Governance, Infrastructures and Security
Polzonetti, A.
Sagratella, M.
[J]. 2017 IEEE INTERNATIONAL CONFERENCE ON INDUSTRIAL ENGINEERING AND ENGINEERING MANAGEMENT (IEEM), 2017, : 1480 - 1484
[49] IT-Governance Framework Considering Service Quality and Information Security in Banks in India
Singh, Ranjit
Pandiya, Bhartrihari
Upadhyay, Chandra Kant
Singh, Manas K.
[J]. INTERNATIONAL JOURNAL OF HUMAN CAPITAL AND INFORMATION TECHNOLOGY PROFESSIONALS, 2020, 11 (01) : 64 - 91
[50] The Strategic Dimensions of Cyber Security in the Indian Context
Bhattacharjee, Subimal
[J]. STRATEGIC ANALYSIS, 2009, 33 (02) : 196 - 201

← 1 2 3 4 5 →