Information Security Governance: A model based on the Direct–Control Cycle

Solms, Rossouw von; Solms, Sebastiaan H. von

doi:10.1016/j.cose.2006.07.005

Cited by 81 publications

(50 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While information security governance research fail to offers detailed guidance on how to develop information security policies [e.g. 13], there exists practitioner-oriented literature that do [14,15]. However, this literature focuses on design guidelines without reflecting on the end products' usefulness from an employee perspective.…”

Section: Information Security Policy Theoriesmentioning

confidence: 99%

Practice-Based Discourse Analysis of InfoSec Policies

Karlsson

Goldkuhl

Hedström

2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Abstract. Employees' poor compliance with information security policies is a perennial problem for many organizations. Existing research shows that about half of all breaches caused by insiders are accidental, which means that one can question the usefulness of information security policies. In order to support the formulation of practical, from the employees' perspective, information security policies, we propose eight tentative quality criteria. These criteria were developed using practice-based discourse analysis on three information security policy documents from a health care organisation.

show abstract

Section: Information Security Policy Theoriesmentioning

confidence: 99%

Practice-Based Discourse Analysis of InfoSec Policies

Karlsson

Goldkuhl

Hedström

2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

show abstract

“…In order to measure, there exists a need to identify and collect the correct information to measure against [7]. Any directive issued by the board which cannot be measured in some particular way is of little value because compliance and adequate control cannot be achieved [7]. The board should extend this strategic directing and controlling responsibility into IT to ensure that it supports the corporate vision and mission.…”

Section: Directing and Controllingmentioning

confidence: 99%

“…These directives need to be translated into organizational policies, standards and procedures, which will enable strategic, tactical and operational alignment with the company's corporate vision and mission. The board also needs to control an organization by ensuring that there is compliance with all directives, policies, standards, procedures and any relevant laws and regulations [7]. Therefore, to properly control (i.e., manage), thus ensuring compliance with directives and policies, there exists a need to measure.…”

Section: Directing and Controllingmentioning

confidence: 99%

“…Therefore, to properly control (i.e., manage), thus ensuring compliance with directives and policies, there exists a need to measure. In order to measure, there exists a need to identify and collect the correct information to measure against [7]. Any directive issued by the board which cannot be measured in some particular way is of little value because compliance and adequate control cannot be achieved [7].…”

Section: Directing and Controllingmentioning

confidence: 99%

“…The strategic direction is usually implemented and maintained through a system of directing and controlling. [7] describe this as the direct-control cycle, claiming it to be central to corporate governance.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Agency Theory: Can it be Used to Strengthen IT Governance?

Posthumus

Solms

2008

Proceedings of the Ifip Tc 11 23rd International Information Security Conference

Self Cite

View full text Add to dashboard Cite

In recent years it has become questionable whether corporate boards are able to direct and control IT effectively. There seems to be a general lack of boardlevel information regarding IT which may lead to ineffective governance over it. The aim of this paper is to demonstrate how this scenario relates to the agency problem and how agency theory may be used to offer a theoretical framework for addressing IT-related issues more effectively at board level.

show abstract

Introducing the Information Security Governance Model

Solms

2008

Information Security Governance

View full text Add to dashboard Cite

Information Security Governance: A model based on the Direct–Control Cycle

Cited by 81 publications

References 0 publications

Practice-Based Discourse Analysis of InfoSec Policies

Practice-Based Discourse Analysis of InfoSec Policies

Agency Theory: Can it be Used to Strengthen IT Governance?

Introducing the Information Security Governance Model

Contact Info

Product

Resources

About