Information Security Governance Practices and Commitments in Organizations

2019 ◽  
pp. 280-315
Keyword(s):  
Information Security ◽  
Participation Rate ◽  
Research Literature ◽  
The Other ◽  
Banking Services ◽  
Security Governance ◽  
Governmental Organizations ◽  
Governance Practices ◽  
Information Security Governance ◽  
Practical Model

Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance. The statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries such as retail/wholesale, banking, services, telecom, private and governmental organizations provides a record of current practices in information security governance. The findings allowed the authors to propose a practical framework to evaluate the information security governance in organizations.

Building a Maturity Framework for Information Security Governance Through an Empirical Study in Organizations

2021 ◽  
pp. 143-173
Author(s):  
Yassine Maleh ◽  
Mounia Zaydi ◽  
Abdelkbir Sahid ◽  
Abdellah Ezzati
Keyword(s):  
Information Security ◽  
Empirical Study ◽  
Academic Research ◽  
Participation Rate ◽  
Research Literature ◽  
The Other ◽  
Information Security Management ◽  
Security Governance ◽  
Information Security Governance ◽  
Practical Model

There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance via a statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries. Based on the results of the survey regarding practices of information security management and governance, a practical maturity framework for the information security governance and management in organizations is presented.

Building a Maturity Framework for Information Security Governance Through an Empirical Study in Organizations

2018 ◽  
pp. 96-127 ◽  
Author(s):  
Yassine Maleh ◽  
Mounia Zaydi ◽  
Abdelkbir Sahid ◽  
Abdellah Ezzati
Keyword(s):  
Information Security ◽  
Empirical Study ◽  
Academic Research ◽  
Participation Rate ◽  
Research Literature ◽  
The Other ◽  
Information Security Management ◽  
Security Governance ◽  
Information Security Governance ◽  
Practical Model

There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to explore the engagement processes and the practices of organizations involved in a strategy of information security governance via a statistical and econometric analysis of data from a survey of 1000 participants (with a participation rate of 83.67%) from large and medium companies belonging to various industries. Based on the results of the survey regarding practices of information security management and governance, a practical maturity framework for the information security governance and management in organizations is presented.

Information Security Governance in Large Organizations

2019 ◽  
pp. 316-348
Keyword(s):  
Information Security ◽  
Academic Research ◽  
Research Literature ◽  
The Other ◽  
Information Security Management ◽  
Security Governance ◽  
Capability Maturity ◽  
Human Aspects ◽  
Information Security Governance ◽  
Practical Model

There is a dearth of academic research literature on the practices and commitments of information security governance in organizations. Despite the existence of referential and standards of the security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance. This chapter aims to discuss the information security governance and to address the weaknesses identified in the literature. Based on practices of information security management and governance, the authors propose ISGO, a practical maturity framework for the information security governance and management in organizations. The findings will help organizations to assess their capability maturity state and to address the procedural, technical, and human aspects of information security governance and management process.

Evaluating the Effectiveness of Information Security Governance Practices in Developing Nations

2015 ◽  
pp. 1317-1333
Author(s):  
Winfred Yaokumah
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Information Security ◽  
Performance Measurement ◽  
Strategic Alignment ◽  
Security Governance ◽  
Governance Effectiveness ◽  
Governance Practices ◽  
Information Security Governance ◽  
And Performance

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 = .505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes.

Sign in / Sign up

Export Citation Format

Share Document