Towards a Framework for Strategic Security Context in Information Security Governance

Maynard, Sean B.; Tan, Terrence H.; Ahmad, Atif; Ruighaver, Tobias

doi:10.17705/1pais.10403

Cited by 11 publications

(18 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Initially, definitions mainly focused narrowly on IT: “ ISG can be seen as the overall way in which Information Security as a discipline is deployed to mitigate IT risks ” (Von Solms, 2006; Veiga and Eloff, 2007). Later, definitions expanded towards enterprise-wide or “business” risk, including terms such as “strategic direction” and “adjusting organisational structures” (Tan et al , 2017; Maynard et al , 2018; Nicho, 2018). Williams et al (2013) argue that the meaning of ISG is fluid, dynamic and flexible because of the ongoing changing socio-technical environment.…”

Section: Definitions Perspectives and Modelsmentioning

confidence: 99%

“…Von Solms and Von Solms (2005) propose the term business security governance to better frame the integral part of wide business protection. Furthermore, instead of a preventive approach that is based on risk and controls, organisations should address IS objectives and strategies by developing a resilient business framework (Tan et al , 2017; Maynard et al , 2018). Security throughout the enterprise may be the key to improving the level of security in organisations (Maynard et al , 2018).…”

Section: Definitions Perspectives and Modelsmentioning

confidence: 99%

“…Ruighaver et al (2007) found that security is ad hoc and focuses on things demanding immediate attention owing to incidents at the perimeter of the organisation (Johnston and Hale, 2009). Security is often only regarded as a strategic business issue if something goes wrong (Tan et al , 2017; Maynard et al , 2018). Often, such environments persist because organisations are used to focusing on preventing outside attacks (Rothrock et al , 2018).…”

Section: Tensions “From the Basement To The Boardroom” In A Digital Eramentioning

confidence: 99%

See 2 more Smart Citations

What do we know about information security governance?

Schinagl

Shahim

2020

ICS

View full text Add to dashboard Cite

Purpose This paper aims to review the information security governance (ISG) literature and emphasises the tensions that exist at the intersection of the rapidly changing business climate and the current body of knowledge on ISG. Design/methodology/approach The intention of the authors was to conduct a systematic literature review. However, owing to limited empirical papers in ISG research, this paper is more conceptually organised. Findings This paper shows that security has shifted from a narrow-focused isolated issue towards a strategic business issue with “from the basement to the boardroom” implications. The key takeaway is that protecting the organisation is important, but organizations must also develop strategies to ensure resilient businesses to take advantage of the opportunities that digitalization can bring. Research limitations/implications The concept of DSG is a new research territory that addresses the limitations and gaps of traditional ISG approaches in a digital context. To this extent, organisational theories are suggested to help build knowledge that offers a deeper understanding than that provided by the too often used practical approaches in ISG research. Practical implications This paper supports practitioners and decision makers by providing a deeper understanding of how organisations and their security approaches are actually affected by digitalisation. Social implications This paper helps individuals to understand that they have increasing rights with regard to privacy and security and a say in what parties they assign business to. Originality/value This paper makes a novel contribution to ISG research. To the authors’ knowledge, this is the first attempt to review and structure the ISG literature.

show abstract

Section: Definitions Perspectives and Modelsmentioning

confidence: 99%

Section: Definitions Perspectives and Modelsmentioning

confidence: 99%

Section: Tensions “From the Basement To The Boardroom” In A Digital Eramentioning

confidence: 99%

See 1 more Smart Citation

What do we know about information security governance?

Schinagl

Shahim

2020

ICS

View full text Add to dashboard Cite

show abstract

“…To this extent, security governance approaches must fundamentally shift from being an isolated technical issue to being a strategic business issue. In this way digital security governance is positioned and implemented as an institutionally wide effort that supports digital business strategies and business innovation [8,16].…”

Section: Introductionmentioning

confidence: 99%

“…Digital security governance is achieved by "steering", or direct & controlling [19] the system by which security is embedded in the organizational structures, and in all of the related business dimensions and organizational factors as a whole (machines, people, objects, processes et cetera). Such a security throughout the firm approach is seen as the key to improve the level of security in contemporary organizations [8,13].…”

Section: Introductionmentioning

confidence: 99%

Tensions that Hinder the Implementation of Digital Security Governance

Schinagl

Khapova

Shahim

2021

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

General rightsCopyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ? Take down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

Cybersecurity Governance in Information Technology: A Review of What Has Been Done, and What Is Next

Hoong,

Rezania

2022

Lecture Notes on Data Engineering and Communications Technologies

View full text Add to dashboard Cite

Towards a Framework for Strategic Security Context in Information Security Governance

Cited by 11 publications

References 2 publications

What do we know about information security governance?

What do we know about information security governance?

Tensions that Hinder the Implementation of Digital Security Governance

Cybersecurity Governance in Information Technology: A Review of What Has Been Done, and What Is Next

Contact Info

Product

Resources

About