What do we know about information security governance?

Schinagl, Stef; Shahim, A.

doi:10.1108/ics-02-2019-0033

Cited by 31 publications

(91 citation statements)

References 76 publications

(233 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Senior leaders and board members' commitment is crucial in establishing an effective information security governance system (Damenu & Beaumont, 2017). However, the uplifting of information security "from the basement to the boardroom" (Schinagl & Shahim, 2020) has not been accompanied by the provision of appropriate tools and techniques that board members and other organisational leaders, without an information security background, could use to support their decisions (Mishra, 2015). Information security governance is an under-explored field of study, with the very term 'governance' meaning different things to different people (Nicho, 2018).…”

Section: Literature Reviewmentioning

confidence: 99%

“…Organisational leaders' role in establishing a solid information security governance system is further complicated by the uncertainty that reigns in this domain. Characterised by a mix of practical (the majority) and theoretical (the minority) approaches, the discipline of information security governance is relatively immature, mainly descriptive, and with limited empirical or theoretical guidance (Schinagl & Shahim, 2020).…”

Section: Organisational Leaders and Information Security Governancementioning

confidence: 99%

“…Overall, frameworks for information security governance suffer from flaws that can be broadly synthesised around the following points (Schinagl & Shahim, 2020): first, an information security governance model applicable to all organisations does not exist: industry type, underlying regulatory scenario, years of operations, organisational structure, etc. are all factors that impact the type of model most suitable to a given entity.…”

Section: ---Table I Here---mentioning

confidence: 99%

See 2 more Smart Citations

A quantification mechanism for assessing adherence to information security governance guidelines

Bongiovanni

Renaud

Brydon

et al. 2022

ICS

View full text Add to dashboard Cite

Purpose Boards of Directors and other organisational leaders make decisions about the information security governance systems to implement in their companies. The increasing number of cyber-breaches targeting businesses makes this activity inescapable. Recently, researchers have published comprehensive lists of recommended cyber measures, specifically to inform organisational boards. However, the young cybersecurity industry has still to confirm and refine these guidelines. As a starting point, it would be helpful for organisational leaders to know what other organisations are doing in terms of using these guidelines. In an ideal world, bespoke surveys would be developed to gauge adherence to guidelines, but this is not always feasible. What we often do have is data from existing cybersecurity surveys. The authors argue that such data could be repurposed to quantify adherence to existing information security guidelines, and this paper aims to propose, and test, an original methodology to do so. Design/methodology/approach The authors propose a quantification mechanism to measure the degree of adherence to a set of published information security governance recommendations and guidelines targeted at organisational leaders. The authors test their quantification mechanism using a data set collected in a survey of 156 Italian companies on information security and privacy. Findings The evaluation of the proposed mechanism appears to align with findings in the literature, indicating the validity of the present approach. An analysis of how different industries rank in terms of their adherence to the selected set of recommendations and guidelines confirms the usability of our repurposed data set to measure adherence. Originality/value To the best of the authors’ knowledge, a quantification mechanism as the one proposed in this study has never been proposed, and tested, in the literature. It suggests a way to repurpose survey data to determine the extent to which companies are implementing measures recommended by published cybersecurity guidelines. This way, the proposed mechanism responds to increasing calls for the adoption of research practices that minimise waste of resources and enhance research sustainability.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Organisational Leaders and Information Security Governancementioning

confidence: 99%

Section: ---Table I Here---mentioning

confidence: 99%

See 1 more Smart Citation

A quantification mechanism for assessing adherence to information security governance guidelines

Bongiovanni

Renaud

Brydon

et al. 2022

ICS

View full text Add to dashboard Cite

show abstract

“…In this direction, the important issue of information security in maintaining e-governance processes is raised [5], as an analysis of the information security problems is made in the article [6].…”

Section: Article Info Abstractmentioning

confidence: 99%

Informatization of the Society in the Digital Age

Romansky

2021

BJSTR

View full text Add to dashboard Cite

“…Recent studies argue that digital security is becoming of strategic importance in contemporary firms [1,7,13,21]. Specifically, these studies argue that governance needs to be organized around digital security.…”

Section: Introductionmentioning

confidence: 99%

Tensions that Hinder the Implementation of Digital Security Governance

Schinagl

Khapova

Shahim

2021

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

General rightsCopyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ? Take down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

What do we know about information security governance?

Cited by 31 publications

References 76 publications

A quantification mechanism for assessing adherence to information security governance guidelines

A quantification mechanism for assessing adherence to information security governance guidelines

Informatization of the Society in the Digital Age

Tensions that Hinder the Implementation of Digital Security Governance

Contact Info

Product

Resources

About