The Efficacy of IS Privacy and Security Governance Structures Research-in-Progress

Information privacy and security governance is a subset of enterprise governance which provides direction and control to help ensure IT performance and risk management. This study is conducted to fmd out the efficacy of different IS Security and Privacy governance structures. To achieve effectiveness and sustainability, security and privacy over information assets must be addressed at the highest levels of the organization and not regarded as a technical specialty relegated to the IT department. The study was conducted by interviewing CIOs of four companies from different industries across five categories: Privacy and Security Concerns, Decision Making Structure, Privacy and Security Impact, Control and Measurement, and Future Goals. The most important issues are listed and, based on that, a framework is developed which presents the factors affecting the privacy and security governance structure as well as their impact on business continuity.