Description
The 1991 United States Federal Sentencing Guidelines for Organizations (updated in 2004) describes legal requirements for organizations’ ethical business procedures. We adapt this framework for the purpose of developing a high-level “Seven C’s” framework for ethically-responsible information security (InfoSec) procedures. Informed by the Resource Based View (RBV) of strategic management, we analyze case studies of two organizations to demonstrate the adapted guidelines’ applicability. Each organization has a well-established InfoSec program, yet each requires further development according to guidelines in our Seven C’s model. We discuss implications for InfoSec policies and standards.
Recommended Citation
McLaughlin, Mark-David and Gogan, Janis L., "Seven C’s of Information Security" (2017). AMCIS 2017 Proceedings. 33.
https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/33
Seven C’s of Information Security
The 1991 United States Federal Sentencing Guidelines for Organizations (updated in 2004) describes legal requirements for organizations’ ethical business procedures. We adapt this framework for the purpose of developing a high-level “Seven C’s” framework for ethically-responsible information security (InfoSec) procedures. Informed by the Resource Based View (RBV) of strategic management, we analyze case studies of two organizations to demonstrate the adapted guidelines’ applicability. Each organization has a well-established InfoSec program, yet each requires further development according to guidelines in our Seven C’s model. We discuss implications for InfoSec policies and standards.