Information security governance in the electricity industry

IF 1.9 Q3 OPERATIONS RESEARCH & MANAGEMENT SCIENCE

Brazilian Journal of Operations & Production Management Pub Date : 2022-01-01 DOI:10.14488/bjopm.2021.045

Igor Antônio Magalhães de Oliveira, M. Méxas, Elaine Mara Marçal Machado, G. Drumond

{"title":"Information security governance in the electricity industry","authors":"Igor Antônio Magalhães de Oliveira, M. Méxas, Elaine Mara Marçal Machado, G. Drumond","doi":"10.14488/bjopm.2021.045","DOIUrl":null,"url":null,"abstract":"Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry. Design/methodology/approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis. Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable. Limitations of the investigation: The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known. Practical implications: To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company’s reliability in power supply. Originality/value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.","PeriodicalId":54139,"journal":{"name":"Brazilian Journal of Operations & Production Management","volume":null,"pages":null},"PeriodicalIF":1.9000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Brazilian Journal of Operations & Production Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14488/bjopm.2021.045","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"OPERATIONS RESEARCH & MANAGEMENT SCIENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry. Design/methodology/approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis. Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable. Limitations of the investigation: The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known. Practical implications: To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company’s reliability in power supply. Originality/value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.

查看原文本刊更多论文

电力行业的信息安全治理

目的:本研究旨在评估信息安全(IS)治理在电力行业和其他细分市场的重要性和使用情况，以便为该行业提出IS治理指南。设计/方法/方法:文献综述了支持实地研究的科学文章、框架和规范，适用于IS领域的管理人员、协调员和专家，共104名来自不同国家的受访者。对收集到的数据进行分析，将其重要性与使用程度进行比较，并采用交叉分析的方法。结果:据观察，大多数受访者同意主题的重要性，然而，在实践中，这些概念并不总是被组织使用。此外，我们观察到，当安全性直接响应组织的高层时，成熟度级别介于优化和管理之间。然而，在安全从属于技术领域的地方，级别出现的百分比更高，可重复。调查的局限性:样本量是一个限制因素，因为它是通过电子手段和社交网络发送给is专家的问卷回答，而且由于人口规模未知，不可能进行概括。实际意义:协助电力行业采取转向信息系统治理的措施，从而增加消费者对其机密数据和公司供电可靠性的保护。原创性/价值:目前的研究原创性在于通过文献综述和应用于IS专家的实地研究，提出了10条IS治理准则，旨在越来越多地提高其成熟度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Brazilian Journal of Operations & Production Management OPERATIONS RESEARCH & MANAGEMENT SCIENCE-

CiteScore

2.90

自引率

9.10%

发文量

审稿时长

44 weeks