董事会层面的信息技术治理和网络安全

IF 0.5 Q4 ENGINEERING, MULTIDISCIPLINARY

International Journal of Critical Infrastructures Pub Date : 2020-04-30 DOI:10.1504/ijcis.2020.10029173

A. Sartawi

{"title":"董事会层面的信息技术治理和网络安全","authors":"A. Sartawi","doi":"10.1504/ijcis.2020.10029173","DOIUrl":null,"url":null,"abstract":"Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.","PeriodicalId":44956,"journal":{"name":"International Journal of Critical Infrastructures","volume":"1 1","pages":""},"PeriodicalIF":0.5000,"publicationDate":"2020-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Information technology governance and cybersecurity at the board level\",\"authors\":\"A. Sartawi\",\"doi\":\"10.1504/ijcis.2020.10029173\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.\",\"PeriodicalId\":44956,\"journal\":{\"name\":\"International Journal of Critical Infrastructures\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2020-04-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructures\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/ijcis.2020.10029173\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructures","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijcis.2020.10029173","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 20

摘要

在美国，安全漏洞的代价非常高昂，紧随其后的是中东。股东和投资者要求他们的公司降低各种风险，董事会有责任获得和保持他们的信心。鉴于这种情况，中东和北非地区的公司需要保护他们的数据，而董事会需要在公司中嵌入网络安全文化。本文的目的是研究信息技术治理(ITG)与中东和北非上市公司网络安全水平之间的关系。该研究使用清单收集了截至2018年的94家在中东和北非国家金融股票市场上市的公司的样本数据。研究发现，ITG与企业网络安全水平之间存在显著且直接的关系。这表明任命具有IT知识和经验的董事会成员的重要性。这使得董事会在面对网络威胁和挑战时能够做出更好的决策。此外，董事会的IT专业知识对于理解IT主管在内部做什么很重要，因此要有足够的知识来挑战他们的行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Information technology governance and cybersecurity at the board level

Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Critical Infrastructures ENGINEERING, MULTIDISCIPLINARY-

CiteScore

2.00

自引率

16.70%

发文量

期刊介绍： IJCIS is an inter-disciplinary and refereed journal that provides a professional and scholarly forum for cross-learning between different scientific and technological disciplines, and between business and economic, as well as between societal and managerial, disciplines in the area of critical infrastructures. Critical infrastructures are networks for the provision of telecommunication and information services, energy services, water supply, transportation of people and goods, banking and financial services, government services and emergency services. By addressing commonalities and interrelationships between the various sectors, IJCIS enables scientists, policy makers and professionals in the field to learn from experiences in other countries and in other infrastructure sectors.