Evaluating the Effectiveness of Information Security Governance Practices in Developing Nations

2013 ◽  
Vol 4 (1) ◽  
pp. 27-43 ◽  
Author(s):  
Winfred Yaokumah
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Information Security ◽  
Performance Measurement ◽  
Management Practices ◽  
Strategic Alignment ◽  
Sampling Technique ◽  
Security Governance ◽  
Governance Effectiveness ◽  
Information Security Governance

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 = .505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes.

Evaluating the Effectiveness of Information Security Governance Practices in Developing Nations

2015 ◽  
pp. 1317-1333
Author(s):  
Winfred Yaokumah
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Information Security ◽  
Performance Measurement ◽  
Strategic Alignment ◽  
Security Governance ◽  
Governance Effectiveness ◽  
Governance Practices ◽  
Information Security Governance ◽  
And Performance

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 = .505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes.

scholarly journals An empirical examination of the relationship between information security/business strategic alignment and information security governance domain areas

2014 ◽  
Vol 9 (2) ◽  
Author(s):  
Winfred Yaokumah ◽  
Steven Brown
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Information Security ◽  
Performance Measurement ◽  
Linear Regression Analysis ◽  
Strategic Alignment ◽  
Management Performance ◽  
Empirical Examination ◽  
Security Governance ◽  
Information Security Governance

The purpose of this study was to examine empirically the extent of the relationships between information security governance (ISG) strategic alignment and other individual information security domain areas consisting of risk management, value delivery, performance measurement, and resource management in order to ascertain whether the domain areas were integrated for ISG success in Ghanaian organizations. Corporate governance theories, including agency theory, stakeholder theory, and organizational theory, were employed to explore the literature. These theories were mapped to strategic alignment, risk management, resource management, performance measurement, and value delivery domains of information security governance. Random sampling strategy was used and data were collected via web survey. The data analysis employed a linear regression analysis to determine the degree of correlation among the domain areas. The study found that relationships between information security governance strategic alignment and other ISG domains were positively statistically significant. Strategic alignment was related to risk management (R² = .836); to value delivery (R² = .718), to performance measurement (R² = .722), and to resource management (R² = .747). The results highlighted consistent importance of strategic alignment practices as a predictor of organizational information security risk management, performance measurement, resource management, and value delivery. This implies that effective information security governance strategic alignment greatly improves organizations’ risk management, resource management, performance measurement, and delivers business value. Therefore, organizations should improve strategic alignment attributes in order to attain effective information security governance.

scholarly journals Governing Uncertainty or Uncertain Governance? Information Security and the Challenge of Cutting Ties

2020 ◽  
Vol 46 (1) ◽  
pp. 81-111 ◽  
Author(s):  
Rebecca Slayton
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Network Theory ◽  
Information Technologies ◽  
Actor Network Theory ◽  
Actor Network ◽  
Security Governance ◽  
The Us ◽  
History Of ◽  
Information Security Governance

Information security governance has become an elusive goal and a murky concept. This paper problematizes both information security governance and the broader concept of governance. What does it mean to govern information security, or for that matter, anything? Why have information technologies proven difficult to govern? And what assurances can governance provide for the billions of people who rely on information technologies every day? Drawing together several distinct bodies of literature—including multiple strands of governance theory, actor–network theory, and scholarship on sociotechnical regimes—this paper conceptualizes networked action on a spectrum from uncertain governance to governing uncertainty. I advance a twofold argument. First, I argue that networks can better govern uncertainty as they become more able not only to enroll actors in a collective agenda, but also to cut ties with those who seek to undermine that agenda. And second, I argue that the dominant conception of information security governance, which emphasizes governing uncertainty through risk management, in practice devolves to uncertain governance. This is largely because information technologies have evolved toward greater connectedness—and with it, greater vulnerability—creating a regime of insecurity. This evolution is illustrated using the history of the US government’s efforts to govern information security.

Transforming information security governance in India (A SAP-LAP based case study of security, IT policy and e-governance)

2018 ◽  
Vol 26 (1) ◽  
pp. 58-90 ◽  
Author(s):  
Rashmi Anand ◽  
Sanjay Medhavi ◽  
Vivek Soni ◽  
Charru Malhotra ◽  
D.K. Banwet
Keyword(s):  
Decision Making ◽  
Information Security ◽  
Security Policy ◽  
Management Practices ◽  
Security Governance ◽  
Governance Process ◽  
Information Security Governance ◽  
The Impact ◽  
Decision Making Support

Purpose Digital India, the flagship programme of Government of India (GoI) originated from National e-Governance Project (NeGP) in the year 2014. The programme has important aspect of information security and implementation of IT policy which supports e-Governance in a focused approach of Mission Mode. In this context, there is a need to assess situation of the programme which covers a study of initiatives and actions taken by various actor involved and processes which are responsible for overall e-Governance. Therefore, the purpose of this case study is to develop a Situation-Actor-Process (SAP), Learning-Action-Performance (LAP) based inquiry model to synthesize situation of information security governance, IT policy and overall e-Governance. Design/methodology/approach In this case study both systematic inquiry and matrices based SAP-LAP models are developed. Actors are classified who are found responsible and engaged in IT policy framing, infrastructure development and also in e-Governance implementation. Based on a synthesis of SAP components, various LAP elements were then synthesized then which further led to learning from the case study. Suitable actions and performance have also been highlighted, followed by a statement of the impact of the efficacy i.e. transformation of information security, policy and e-Governance on the Digital India programme. Findings On developing the SAP-LAP framework, it was found that actors like the Ministry of Electronics and Information Technology of the Govt. of India secures a higher rank in implementing various initiatives and central sector schemes to accelerate the agenda of e-Governance. Actions of other preferred actors include more investments in IT infrastructure, policy development and a mechanism to address cyber security threats for effective implementation of e-Governance. It was found that actors should be pro-active on enhancing technical skills, capacity building and imparting education related to ICT applications and e-Governance. Decision making should be based on the sustainable management practices of e-Governance projects implementation to manage change, policy making and the governmental process of the Indian administration and also to achieve Sustainable Development Goals by the Indian economy. Research limitations/implications The SAP-LAP synthesis is used to develop the case study. However, few other qualitative and quantitative multi criteria decision making approaches could also be explored for the development of IT security based e-Governance framework in the Indian context. Practical implications The synthesis of SAP leads to LAP components which can bridge the gaps between information security, IT policy governance and e-Governance process. Based on the learning from the Situation, it is said that the case study can provide decision making support and has impact on the e-Governance process i.e. may enhance awareness about e-services available to the general public. Such work is required to assess the transparency and accountability on the Government. Social implications Learning based on the SAP-LAP framework could provide decision making support to the administrators, policy makers and IT sector stakeholders. Thus, the case study would further help in addressing the research gaps, accelerating e-Governance initiatives and in capturing cyber threats. Originality/value The SAP-LAP model is found as an intuitive approach to analyze the present status of information security governance, IT policy and e-Governance in India in a single unitary model.

scholarly journals Pengukuran Tingkat Kematangan Layanan Pengguna Perpustakaan ITS Berbasis Teknologi Informasi (Perpustakaan ITS Menuju WCUL)

2020 ◽  
Vol 9 (1) ◽  
pp. 11
Author(s):  
Davi Wahyuni ◽  
Yeni Anita Gonti ◽  
Eva Mursidah ◽  
Adhatus Solichah
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Performance Measurement ◽  
Strategic Alignment ◽  
Information Control ◽  
University Library ◽  
World Class

Tujuan dari penelitian ini adalah untuk menyusun usulan rekomendasi layanan perpustakaan di Institut Teknologi Sepuluh November Surabaya (ITS) yang berbasis teknologi informasi (TI) dengan menggunakan framework COBIT. COBIT merupakan sebuah panduan standar untuk praktik manajemen teknologi informasi. COBIT dapat membantu untuk menjembatani gap antara risiko-risiko bisnis, kebutuhan kontrol dan permasalahan-permasalahan teknis. Tingkat kematangan layanan pengguna perpustakaan ITS dianalisa berdasarkan faktor internal dan eksternal melalui wawancara dan penyebaran kuisioner. Indikator kepuasan pengguna diturunkan dengan menggunakan metode LibQual dan COBIT. Pada Libqual indikator kepuasan diturunkan dari pengukuran affect of service dan information control. Indikator kerja yang digunakan pada kerangka kerja COBIT adalah domain DS (delivery support). Selanjutnya hasil dari survey dan wawancara akan dibandingkan dengan kriteria World Class University Library (WCUL) untuk mengetahui kekurangan dari standar pelayanan perpustakaan yang diberikan di perpustakaan pusat ITS. Hasil dari penelitian yang dilakukan menunjukkan ITS memiliki nilai rata-rata tingkat kematangan 3 pada proses yang  didefinisikan (defined process). Sedangkan berdasarkan kriteria WCUL, perpustakaan ITS memenuhi 4 item kriteria WCUL dari total 23 item kriteria. 19 item kriteria lainnya sudah diimplementasikan di perpustakaan ITS dengan nilai rata-rata yang hampir mendekati batas nilai untuk kriteria WCUL. Ada beberapa indikator yang digunakan sebagai objek prioritas usulan rekomendasi dalam penelitian ini, yaitu: Keselarasan Strategi (Strategic Alignment), Penyampaian Nilai (Value Delivery), Manajemen Sumber Daya (Resource Management), Manajemen Risiko (Risk Management), dan Pengukuran Kinerja (Performance Measurement).Luaran dari penelitian ini adalah berupa dokumen rekomendasi berdasarkan kelima indikator tersebut.

Sign in / Sign up

Export Citation Format

Share Document