Information technology governance and cybersecurity at the board level

IF 0.5 Q4 ENGINEERING, MULTIDISCIPLINARY
A. Sartawi
{"title":"Information technology governance and cybersecurity at the board level","authors":"A. Sartawi","doi":"10.1504/ijcis.2020.10029173","DOIUrl":null,"url":null,"abstract":"Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.","PeriodicalId":44956,"journal":{"name":"International Journal of Critical Infrastructures","volume":"1 1","pages":""},"PeriodicalIF":0.5000,"publicationDate":"2020-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructures","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijcis.2020.10029173","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 20

Abstract

Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.
董事会层面的信息技术治理和网络安全
在美国,安全漏洞的代价非常高昂,紧随其后的是中东。股东和投资者要求他们的公司降低各种风险,董事会有责任获得和保持他们的信心。鉴于这种情况,中东和北非地区的公司需要保护他们的数据,而董事会需要在公司中嵌入网络安全文化。本文的目的是研究信息技术治理(ITG)与中东和北非上市公司网络安全水平之间的关系。该研究使用清单收集了截至2018年的94家在中东和北非国家金融股票市场上市的公司的样本数据。研究发现,ITG与企业网络安全水平之间存在显著且直接的关系。这表明任命具有IT知识和经验的董事会成员的重要性。这使得董事会在面对网络威胁和挑战时能够做出更好的决策。此外,董事会的IT专业知识对于理解IT主管在内部做什么很重要,因此要有足够的知识来挑战他们的行为。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
International Journal of Critical Infrastructures
International Journal of Critical Infrastructures ENGINEERING, MULTIDISCIPLINARY-
CiteScore
2.00
自引率
16.70%
发文量
29
期刊介绍: IJCIS is an inter-disciplinary and refereed journal that provides a professional and scholarly forum for cross-learning between different scientific and technological disciplines, and between business and economic, as well as between societal and managerial, disciplines in the area of critical infrastructures. Critical infrastructures are networks for the provision of telecommunication and information services, energy services, water supply, transportation of people and goods, banking and financial services, government services and emergency services. By addressing commonalities and interrelationships between the various sectors, IJCIS enables scientists, policy makers and professionals in the field to learn from experiences in other countries and in other infrastructure sectors.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信