Perception of risk and the strategic impact of existing IT on information security strategy at board level

Abstract: Purpose -Information security is becoming increasingly more important as organisations are endangered by a variety of threats from both its internal and external environments. Many theorists now advocate that effective security policies should be created at senior management level. This is because executives are able to evaluate the organisation using a holistic approach as well as having the power to ensure that new systems and procedures are implemented in a timely manner. There is, however, a continuing lac… Show more

“…First senior management seemed to ignore IS&PP [23,30]. However, now more IT knowledge can be found in board rooms, although still not with satisfying numbers [3,15,21]. This is mainly confirmed by the project professionals.…”

“…No consensus was reached about a possible solution to this question, nor was a clear vision reached during this interesting discussion. Also roles and responsibilities of board members and senior executives with regard to information security have received only limited attention in recent academic literature [15].…”

“…Due to lack of knowledge and expertise, decision makers feel that they are not sufficiently equipped to discuss IS&PP topics, let alone make well-deliberate risk-based decisions about it [15,23,25].…”

“…Boards may come to rely quite heavily on the expertise and knowledge of IS&PP experts to assist them with there IS&PP governance duty. However, the ultimate accountability and decision making remains theirs alone [3,15].…”

“…In today's business world, information is one of the most important assets [4,15,29]. Information has become the life blood of the company and seems even necessary to gain competitive advantage [5,7,21,29].…”

Communication Barriers in the Decision-making Process: System Language and System Thinking

“…First senior management seemed to ignore IS&PP [23,30]. However, now more IT knowledge can be found in board rooms, although still not with satisfying numbers [3,15,21]. This is mainly confirmed by the project professionals.…”

“…No consensus was reached about a possible solution to this question, nor was a clear vision reached during this interesting discussion. Also roles and responsibilities of board members and senior executives with regard to information security have received only limited attention in recent academic literature [15].…”

“…Due to lack of knowledge and expertise, decision makers feel that they are not sufficiently equipped to discuss IS&PP topics, let alone make well-deliberate risk-based decisions about it [15,23,25].…”

“…Boards may come to rely quite heavily on the expertise and knowledge of IS&PP experts to assist them with there IS&PP governance duty. However, the ultimate accountability and decision making remains theirs alone [3,15].…”

“…In today's business world, information is one of the most important assets [4,15,29]. Information has become the life blood of the company and seems even necessary to gain competitive advantage [5,7,21,29].…”

Communication Barriers in the Decision-making Process: System Language and System Thinking

Dynamics of organizational information security

IT Security Risk Management in the Context of Cloud Computing