Towards a Framework for Strategic Security Context in Information Security Governance

IF 2.4 Q2 INFORMATION SCIENCE & LIBRARY SCIENCE
S. Maynard, Terrence H. Tan, Atif Ahmad, T. Ruighaver
{"title":"Towards a Framework for Strategic Security Context in Information Security Governance","authors":"S. Maynard, Terrence H. Tan, Atif Ahmad, T. Ruighaver","doi":"10.17705/1PAIS.10403","DOIUrl":null,"url":null,"abstract":"Information security governance influences the quality of strategic decision-making to ensure that investments in security are effective. Security governance involves a range of activities including adjusting organizational structures, designating roles and responsibilities, allocating resources, managing risks, measuring results, and gauging the adequacy of audits and reviews. We identified three security issues in an organization around strategic context in an in-depth and revelatory case study. These are (1) limited diversity in decision-making; (2) lack of guidance in corporate-level mission statements to security decision-makers; (3) a bottom-up approach to security strategic context development. We further argue that instead of an approach that is based on risk and controls, organizations should address objectives and strategies through developing depth in their security strategic context.","PeriodicalId":43480,"journal":{"name":"Pacific Asia Journal of the Association for Information Systems","volume":null,"pages":null},"PeriodicalIF":2.4000,"publicationDate":"2018-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pacific Asia Journal of the Association for Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17705/1PAIS.10403","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 11

Abstract

Information security governance influences the quality of strategic decision-making to ensure that investments in security are effective. Security governance involves a range of activities including adjusting organizational structures, designating roles and responsibilities, allocating resources, managing risks, measuring results, and gauging the adequacy of audits and reviews. We identified three security issues in an organization around strategic context in an in-depth and revelatory case study. These are (1) limited diversity in decision-making; (2) lack of guidance in corporate-level mission statements to security decision-makers; (3) a bottom-up approach to security strategic context development. We further argue that instead of an approach that is based on risk and controls, organizations should address objectives and strategies through developing depth in their security strategic context.
构建信息安全治理中的战略安全框架
信息安全治理影响战略决策的质量,以确保对安全的投资是有效的。安全治理涉及一系列活动,包括调整组织结构、指定角色和职责、分配资源、管理风险、度量结果,以及度量审计和评审的充分性。在一个深入的、具有启发性的案例研究中,我们围绕战略上下文确定了组织中的三个安全问题。它们是:(1)决策的多样性有限;(2)企业使命宣言对安全决策者缺乏指导;(3)自下而上构建安全战略环境。我们进一步论证,组织应该通过在其安全战略环境中发展深度来处理目标和战略,而不是基于风险和控制的方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
4.10
自引率
33.30%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信