Information Security Governance Practices and Commitments in Organizations
Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance. The statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries such as retail/wholesale, banking, services, telecom, private and governmental organizations provides a record of current practices in information security governance. The findings allowed the authors to propose a practical framework to evaluate the information security governance in organizations.