A Process Model to Improve Information Security Governance in Organisations

01/26/2023
by   Chee Kong Wong, et al.
0

Information security governance (ISG) is a relatively new and under-researched topic. A review of literature shows the lack of an ISG framework or model that can help the implementation of ISG. This research aims to introduce an empirically grounded ISG process model as a practical reference to facilitate the implementation of ISG in organisations. This research has adopted an exploratory research approach where a conceptual ISG process model was proposed based on synthesis of extant literature and detailed review of relevant frameworks and models. The conceptual ISG process model was subsequently refined based on empirical data gathered from 3 case study organisations. The refined ISG process model was finally validated in 6 expert interviews. This research has developed an empirically grounded ISG process model identifying stakeholder groups and explaining how core ISG processes and sub-processes interact. Specifically, the research contributes by: (1) developing ISG process theory, as ISG is a series of events occurring within an organisational context; and (2) developing an information-processing perspective on ISG, as the process model identifies the information and communication flows, and the relationships among stakeholder groups. In addition, the research has: (3) empirically examined and validated the ISG process model based on how ISG is practised in real-world organisations; (4) examined corporate governance theories to provide additional perspectives to ensure that the ISG process model is aligned with corporate governance objectives; (5) identified additional factors that influence the implementation of ISG requiring further research; and finally (6) expanded existing seminal research by introducing an empirically grounded ISG process model that has been developed based on synthesis of cumulative knowledge from previous research and validated with empirical data.

READ FULL TEXT
research
07/01/2017

Core Elements in the Process of Citing Publications: A Conceptual Overview of the Literature

This study provides an overview of the literature dealing with the proce...
research
05/30/2020

Critical pedagogy in the implementation of educational technologies

This paper presents a critical review of the challenges to the implement...
research
03/24/2021

Human Factors in Security Research: Lessons Learned from 2008-2018

Instead of only considering technology, computer security research now s...
research
12/02/2022

Software Requirements Engineering Healthcare Implementation Maturity Model (SRE-HIMM) for Global Health-Care Information System

The fundamental objective of this research work is to develop a Software...
research
09/19/2020

A framework for effective corporate communication after cyber security incidents

A major cyber security incident can represent a cyber crisis for an orga...
research
08/26/2023

Digital Twin conceptual framework for the O M process of cubature building objects

The broader construction industry is struggling with data loss, ineffici...

Please sign up or login with your details

Forgot password? Click here to reset