S. Maynard, Terrence H. Tan, Atif Ahmad, T. Ruighaver
{"title":"Towards a Framework for Strategic Security Context in Information Security Governance","authors":"S. Maynard, Terrence H. Tan, Atif Ahmad, T. Ruighaver","doi":"10.17705/1PAIS.10403","DOIUrl":null,"url":null,"abstract":"Information security governance influences the quality of strategic decision-making to ensure that investments in security are effective. Security governance involves a range of activities including adjusting organizational structures, designating roles and responsibilities, allocating resources, managing risks, measuring results, and gauging the adequacy of audits and reviews. We identified three security issues in an organization around strategic context in an in-depth and revelatory case study. These are (1) limited diversity in decision-making; (2) lack of guidance in corporate-level mission statements to security decision-makers; (3) a bottom-up approach to security strategic context development. We further argue that instead of an approach that is based on risk and controls, organizations should address objectives and strategies through developing depth in their security strategic context.","PeriodicalId":43480,"journal":{"name":"Pacific Asia Journal of the Association for Information Systems","volume":null,"pages":null},"PeriodicalIF":2.4000,"publicationDate":"2018-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pacific Asia Journal of the Association for Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17705/1PAIS.10403","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 11
Abstract
Information security governance influences the quality of strategic decision-making to ensure that investments in security are effective. Security governance involves a range of activities including adjusting organizational structures, designating roles and responsibilities, allocating resources, managing risks, measuring results, and gauging the adequacy of audits and reviews. We identified three security issues in an organization around strategic context in an in-depth and revelatory case study. These are (1) limited diversity in decision-making; (2) lack of guidance in corporate-level mission statements to security decision-makers; (3) a bottom-up approach to security strategic context development. We further argue that instead of an approach that is based on risk and controls, organizations should address objectives and strategies through developing depth in their security strategic context.