Governing Information Security: Governance Domains and Decision Rights Allocation Patterns
نویسندگان
چکیده
Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff’s (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.
منابع مشابه
Decision Making, IT Governance, and Information Systems Security
The complex issue of IS security involves organizational factors. Decision making, an important area of organizations, however, has only been studied to a limited extent in relation to IS security. In this paper we explore the relationship between organizational distribution of decision rights and IS security. We review the security literature and identify three aspects of an organization as wh...
متن کاملInformation Technology Governance in Information Technology Investment Decision Processes: The Impact of Investment Characteristics, External Environment, and Internal Context
This study identifies governance patterns for information technology investment decision processes and explores the impact of organizations’ investment characteristics, external Bernard Tan was the accepting senior editor for this paper. Christina Soh was the associate editor. Ranganathan Chandrasekaran and Albert Boonstra served as reviewers. The third reviewer chose to remain anonymous. envir...
متن کاملTechnology Governance in the Information Age. The Case of Pharmaceuticals and the Internet
In a civil society, the governance of technology is a matter of law and regulation, but also of responsibility and accountability, within which issues of public safety and security must be balanced against individual and collective rights. Within sociology, studies have not fully examined the complexity of how governance is achieved, and how environmental changes may threaten governance systems...
متن کاملMotivating Information Acquisition through Organization Design
We investigate how monetary incentives and the allocation of decision rights inside an organizational hierarchy can be used together to motivate information acquisition, support accurate communication and guide decision-making. We analyze the di¤erences between a centralized decision-making structure, where local divisions acquire information and communicate it to the headquarters that makes th...
متن کاملCritical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)
The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IRMJ
دوره 24 شماره
صفحات -
تاریخ انتشار 2011