Expert opinions on information security governance factors: an exploratory study

نویسندگان

  • Waldo Rocha Flores
  • Adnan Farnian
چکیده

Information Security Governance (ISG) is an important discipline that addresses information security at a strategic level providing strategic direction, optimized use of information resources and proper security incident management. ISG and the impact of poor security incident management have attracted much attention in the literature but unfortunately there is little empirical evidence regarding the explicit link between ISG and its effectiveness in terms of reducing negative impacts on business objectives from security incidents. Consequently, little exploration of ISG factors and their impact on the above mentioned measure of effectiveness exists. Further, to direct endeavors the crucial question is if there exist any differences in how effective these factors are in attaining this target. Currently, there is a lack in research considering this question. The research presented in this article explores the ISG domain further by empirically examine 30 ISG factors and their ability of reducing negative impacts on business objectives from security incidents. Data has been collected by surveying ISG experts. Ten factors were identified to have significant different means in relation to other factors according to a one-way ANOVA analysis that was conducted. The results give an indication on what ISG factors that have an effect, providing both support for further academic research and also decision support for implementing ISG.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Critical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)

The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...

متن کامل

Expert Decision Support Technique for Algal Bloom Governance in Urban Lakes Based on Text Analysis

As a typical phenomenon of eutrophication pollution, algal bloom threatens public health and water security. The governance of algal bloom is largely affected by administrators’ knowledge and experience, which may lead to a subjective and one-sided decision-making result. Meanwhile, experts in the specific field can provide professional support. How to utilize expert resources adequately and au...

متن کامل

Bring-Your-Own-Device (BYOD): An Evaluation of Associated Risks to Corporate Information Security

This study evaluates the cyber-risks to Business Information Assets posed by the adoption of Bring-YourOwn-Device (BYOD) to the workplace. BYOD is an emerging trend where employees bring and use personal computing devices on the company’s network to access applications and sensitive data like emails, calendar and scheduling applications, documents, etc. Employees are captivated by BYOD because ...

متن کامل

An Exploratory Study of the Factors Affecting the Future of Entrepreneurial Business in the Field of Knowledge and Information Science

Purpose: Today, with the increase in the number of graduates whose number is increasing every year, unemployment and employment are among the challenges the societies are facing. Graduates of Knowledge and Information Science are not exceptions to this rule and thus often face employment problems. Given this issue as well as the economic crisis throughout the world, identifying and discovering ...

متن کامل

Challenges of Participation in Legislation in the Health Sector (Qualitative Study)

Objective: The purpose of this study is to identify the challenges of legislative participation in the health sector in Iran. Materials & Method: The present study was exploratory and qualitative in terms of implementation process. The method of data collection was semi-structured and purposeful interviews with the selected participants. Experts in the field of health law (with at least 10 yea...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011