Organisational Information Security Strategy: Review, Discussion and Future Research

Horne, Craig A.; Maynard, Sean B.; Ahmad, Atif

doi:10.3127/ajis.v21i0.1427

Cited by 11 publications

(22 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We checked whether other search terms, such as “cyber-”, “business-” and “digital security governance”, generated new papers, but this was not the case. The search was not restricted by the articles’ age or the grade of the journal; instead, we preferred to examine each paper found for nuances that could shed light on our evolving understanding of the concept (Horne et al , 2017). This led to an initial set of 126 papers up until 2018. Exclusion criteria : By reading abstracts, papers were excluded from this review for multiple reasons.…”

Section: Methodsmentioning

confidence: 99%

“…Such a collaborative approach results in an IS strategy that is more aligned with business goals and that improves security assimilation, e.g. compliance, better policy alignment, the selection of more effective IS security controls and fewer security incidents (Kayworth and Whitten, 2012;Ahmad et al, 2014;Barton et al, 2016;Soomro et al, 2016Horne et al,2017. 4.1.3 Non-functional security or security embedded by design.…”

Section: Information Security Governancementioning

confidence: 99%

See 1 more Smart Citation

What do we know about information security governance?

Schinagl

Shahim

2020

ICS

View full text Add to dashboard Cite

Purpose This paper aims to review the information security governance (ISG) literature and emphasises the tensions that exist at the intersection of the rapidly changing business climate and the current body of knowledge on ISG. Design/methodology/approach The intention of the authors was to conduct a systematic literature review. However, owing to limited empirical papers in ISG research, this paper is more conceptually organised. Findings This paper shows that security has shifted from a narrow-focused isolated issue towards a strategic business issue with “from the basement to the boardroom” implications. The key takeaway is that protecting the organisation is important, but organizations must also develop strategies to ensure resilient businesses to take advantage of the opportunities that digitalization can bring. Research limitations/implications The concept of DSG is a new research territory that addresses the limitations and gaps of traditional ISG approaches in a digital context. To this extent, organisational theories are suggested to help build knowledge that offers a deeper understanding than that provided by the too often used practical approaches in ISG research. Practical implications This paper supports practitioners and decision makers by providing a deeper understanding of how organisations and their security approaches are actually affected by digitalisation. Social implications This paper helps individuals to understand that they have increasing rights with regard to privacy and security and a say in what parties they assign business to. Originality/value This paper makes a novel contribution to ISG research. To the authors’ knowledge, this is the first attempt to review and structure the ISG literature.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Information Security Governancementioning

confidence: 99%

What do we know about information security governance?

Schinagl

Shahim

2020

ICS

View full text Add to dashboard Cite

show abstract

“…On the other hand, information security, in the context of e-commerce, is in simple terms described as a mechanism that allows authorized people to transact business securely and efficiently over the internet while keeping unauthorized people away from the valuable information (Horne, Ahmad & Maynard, 2015). As such, security concerns aspects that ensure that the valuable information in e-commerce platforms is not accessed, destroyed or compromised by unauthorized users.…”

Section: Literature Reviewmentioning

confidence: 99%

Consumers Trust, Privacy and Security Issues on Mobile Commerce Websites

Mahmoud¹,

Khrais²,

alolayan³

et al. 2019

MAS

View full text Add to dashboard Cite

The proliferation of mobile devices and the increased adoption of the internet across the globe has led to the rise of m-commerce. reports highlight that in spite of the different advancements in the technology, trust in the platform is still a significant hindrance to its adoption. Consequently, the current study seeks to identify privacy and security issues affecting m-commerce users of three shopping sites: Amazon, Alibaba and eBay. The aim here is to develop recommendations that mitigate these challenges. The expected output of the study is an anticipation for insights regarding user perspectives on trust in m-commerce and as a result, contribute to existent knowledge in the area benefitting regulatory bodies and online vendors.

show abstract

“…Organizations also need to formulate or reformulate strategies to the security of their information and to reduce gaps which consider different knowledge levels in this important subject. They also need to carry out condition analysis to motivate the adoption by taking into account the protection from a more internal protection approach to a more systemic approach regarding resources, capabilities and external environment (Horne, Maynard, & Ahmad, 2017).…”

Section: From Strategy To Security Practicesmentioning

confidence: 99%

Multicriteria analysis of the compliance for the improvement of information security

Solana-González

Vanti²,

Fontana

2019

JISTEM

View full text Add to dashboard Cite

Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security.

show abstract

Organisational Information Security Strategy: Review, Discussion and Future Research

Cited by 11 publications

References 43 publications

What do we know about information security governance?

What do we know about information security governance?

Consumers Trust, Privacy and Security Issues on Mobile Commerce Websites

Multicriteria analysis of the compliance for the improvement of information security

Contact Info

Product

Resources

About