Information Systems Security Governance Research: A Behavioral Perspective
نویسنده
چکیده
Behavioral information systems security governance entails managing the informal structures in an organization to ensure an appropriate security environment. Informal structures in an organization comprise the individual values, beliefs and behavior prevalent in an organization guiding the norms and employee perception of job responsibilities. Five consistent themes arise from a critical review of the extant literature in this area: security culture, internal control assessment, security policy implementation, individual values, beliefs, and security training. A theoretical framework from the field of sociology is proposed to investigate the current issues in behavioral aspects of security governance. Contributions of this paper are discussed and future research directions suggested. Keywords– Information systems security, security governance, theory of anomie, behavioral aspects.
منابع مشابه
Critical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)
The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...
متن کاملInformation Security in Value Chains: A Governance Perspective
As supply chains become more complex and global, organizations increasingly rely on advanced information technology systems to coordinate and support value chain activities. These interorganizational systems while integral to supply chain management also introduce an additional point of vulnerability. Although a matter of increasing concern, who and how the responsibility for securing these sys...
متن کاملAn Optimized Dynamic Process Model of IS Security Governance Implementation
The year 2011 has witnessed a lot of high profiles data breaches despite the availability of IS security and governance controls, frameworks, standards and models for organisations to choose from; and the technical advances made in intrusion prevention and detection. Taking this issue into account the objective of this paper is to identify and analyse the weaknesses in the IS security defences ...
متن کاملGoverning Information System Security: Review of Approaches to Information System Security Assurance and Auditing
Over the past decade information system security issues has been treated mainly from technology perspective. That model of information security management was reactive, mainly technologically driven and rarely aligned to business needs. This paper goes a step further and considers it from the governance view, mainly aligning it with the risk management activities and stressing the necessity for...
متن کاملControlling Adverse Selection in Information Security Budgeting: An IT Governance Approach
From an agency theory perspective, top management engages the information security function as the agent to manage security for the organization. Adverse selection in InfoSec budgeting occurs when top management cannot validate the soundness of the ISF’s requests for InfoSec investments. IT governance may control adverse selection because it aims at the alignment between business and IT and fac...
متن کامل