Evaluating the Effectiveness of Information Security Governance Practices in Developing Nations: A Case of Ghana

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 =.505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes. Winfred Yaokumah Pentecost University College, Ghana