Information Security Governance Of Enterprise Information Systems: An Approach To Legislative Compliant

Khoo, Benjamin; Harris, Peter; Hartman, Stephen

doi:10.19030/ijmis.v14i3.840

Cited by 12 publications

(8 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Developments in the field of corporate governance and the related legal and regulatory compliance (von Solms, 2006) have led many organizations to implement ISG (Khoo et al, 2010). ISG forms:…”

Section: Literature Review 21 Motivation For Isg Implementationmentioning

confidence: 99%

Information security governance implementation within Ghanaian industry sectors

Yaokumah

2014

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

Purpose – The purpose of this study is to assess the levels of information security governance (ISG) implementation among major Ghanaian industry sectors. The intent is to benchmark inter-industry sector ISG implementation and to identify areas that may require improvement. Design/methodology/approach – Random sampling strategy was used, and data were collected via Web survey. The data analysis utilized a one-way analysis of variance to determine the differences in means of the levels of implementation of ISG focus areas among five main industry sectors. Findings – The results showed that, as a whole, all the industry sectors have only partially implemented ISG. In particular, there existed statistical significant differences in ISG implementation among the industry sectors. Ranking ISG implementation, Financial Institutions were close to completion, Utility Companies, Others (Information Technology, Oil and Gas, Manufacturing) and Public Services had PI ISG and health care and educational institutions were at the planning stages. The result also revealed that all the industry sectors made marginal effort trying to align information security to business strategy, and performance measurement remained the least implemented focus area. Originality/value – Organizational leaders could use these findings to benchmark industry sectors’ ISG implementation, which could lead to competitiveness. Again, international enterprises that do businesses with these industry sectors would better understand the level of involvement of the top executives in governing information security toward the protection of valuable information assets.

show abstract

Section: Literature Review 21 Motivation For Isg Implementationmentioning

confidence: 99%

Information security governance implementation within Ghanaian industry sectors

Yaokumah

2014

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

show abstract

“…It is divided into five activities: (1) communication and consultation, (2) context setting, (3) information risk assessment, (4) information risk treatment, and (5) monitoring and review. (Khoo B, Harris P, Hartman S, 2010) Information security can be defined as "the protection of the confidentiality, integrity and availability of information and its critical elements, including th software and hardware that use, store, process and transmit that information through the application of pilic, technology, education and awareness" Several studies are led in IS security risk management. These works are formalized in terms of methods, standards and research work.…”

Section: Softwares Development Risk Managementmentioning

confidence: 99%

Information Systems Risk Management: Litterature Review

Amraoui¹,

Elmaallam²,

Bensaid³

et al. 2019

CIS

View full text Add to dashboard Cite

The security of a company's information system (IS) is an important requirement for the pursuit of its business. Risk management contributes to the protection of the IS assets. It saves the organism from the losses caused by the emergence of unwanted events having an incidence on the IS objectives and consequently on its strategy. It has also an important role in the decision making about entering new opportunities. In addition, it promises an optimal allocation of information system resources. The risk management process aims to analyze what can happen and what are the eventual consequences for the organization before deciding what needs to be done and reducing the risks to an acceptable level. This paper presents a literature review of IS risk management and gives a comparative analyse of its processes, methods and standards.

show abstract

“…• Entire set of collaborating firms through value network (Dyer, 1996;Childe, 1998;Doz and Hamel, 1998;Davis and Spekman, 2003;Lyman et al, 2009) • Strategically outsource external resource and core functions (Jagdev and Browne, 1998;Sutton, 2006;Thun, 2010) • Require advanced IT/IS (Jaiswal and Kaushik, 2005) • Medium-to-long term collaboration (Binder and Clegg, 2006) • Weak power and authority due to flat and geographically distributed structure (O'Neil and Sackett, 1994) • Reductions in costs and lead-times from interoperability (Clegg, 2003;Triantafillakis et al, 2004) • Relatively stable; medium level of risk (Binder and Clegg, 2007) Extended Enterprise (EE) ERP III systems Enable dynamic, agile and event-driven operation (Hauser et al, 2010) Support reconfigurable virtual integration (Ponis and Spanos, 2009) Manage and integrate strategic alliances (Muscatello et al, 2003) Create synergy between innovation and customer-focus (Wood, 2010) Information security governance (Khoo et al, 2010) Web-service, SOA (Hofmann, 2008;Ponis and Spanos, 2009) Cloud computing with unhampered data transfer (De Maria et al, 2011) SaaS, PaaS, Utility, SLA mgt.…”

Section: Enterprise Resource Planning Systems and Collaborative Entermentioning

confidence: 99%

“…Customer service improvement (Sharif et al, 2005) Require advanced IT/IS ( Jaiswal and Kaushik, 2005) Optimize inter-firm operational processes (Bond et al, 2000) Medium-to-long term collaboration (Binder and Clegg, 2006) Support global business processing requirements (Zrimsek, 2003) Manage external linkages via digital technology solutions (Li, 1999) More accurate and cost-efficient decision making ("Ted" Weston, 2003) Adaptable and collaborative IS infrastructure (Ericson, 2001) Weak power and authority due to flat and geographically distributed structure (O'Neil and Sackett, 1994) Reductions in costs and lead-times from interoperability (Clegg, 2003;Triantafillakis et al, 2004) Relatively stable; medium level of risk (Binder and Clegg, 2007a, b) Supports e-business - (Callaway, 2000;Moller, 2005) Facilitates organizational change and learning (Eckartz et al, 2009) (continued) (Ponis and Spanos, 2009) Manage and integrate strategic alliances (Muscatello et al, 2003) Create synergy between innovation and customer-focus (Wood, 2010) Information security governance (Khoo et al, 2010) Web-service, SOA (Hofmann, 2008;Ponis and Spanos, 2009) Cloud computing with unhampered data transfer…”

Section: Established Framework For Erp and Is Conceptualizationmentioning

confidence: 99%

Managing enterprises and ERP systems: a contingency model for the enterprization of operations

Clegg

Wan

2013

International Journal of Operations &Amp; Production Management

View full text Add to dashboard Cite

Purpose -The purpose of this paper is to investigate enterprise resource planning (ERP) systems development and emerging practices in the management of enterprises (i.e. parts of companies working with parts of other companies to deliver a complex product and/or service) and identify any apparent correlations. Suitable a priori contingency frameworks are then used and extended to explain apparent correlations. Discussion is given to provide guidance for researchers and practitioners to deliver better strategic, structural and operational competitive advantage through this approach; coined here as the "enterprization of operations". Design/methodology/approach -Theoretical induction uses a new empirical longitudinal case study from Zoomlion (a Chinese manufacturing company) built using an adapted form of template analysis to produce a new contingency framework. Findings -Three main types of enterprises and the three main types of ERP systems are defined and correlations between them are explained. Two relevant a priori frameworks are used to induct a new contingency model to support the enterprization of operations; known as the dynamic enterprise reference grid for ERP (DERG-ERP).Research limitations/implications -The findings are based on one longitudinal case study. Further case studies are currently being conducted in the UK and China. Practical implications -The new contingency model, the DERG-ERP, serves as a guide for ERP vendors, information systems management and operations managers hoping to grow and sustain their competitive advantage with respect to effective enterprise strategy, enterprise structure and ERP systems. Originality/value -This research explains how ERP systems and the effective management of enterprises should develop in order to sustain competitive advantage with respect to enterprise strategy, enterprise structure and ERP systems use.

show abstract

Information Security Governance Of Enterprise Information Systems: An Approach To Legislative Compliant

Cited by 12 publications

References 4 publications

Information security governance implementation within Ghanaian industry sectors

Information security governance implementation within Ghanaian industry sectors

Information Systems Risk Management: Litterature Review

Managing enterprises and ERP systems: a contingency model for the enterprization of operations

Contact Info

Product

Resources

About