Organizations can choose how to integrate information security through planning and structuring of the information security function. This study aims to examine how the planning and structuring choices of the organization impacts the effective utilization of information security strategies. This study examines information security planning integration through a stages of growth perspective and finds that more mature information security planning integration is positively correlated with more effective utilization of information security deterrence, detection, and recovery strategies. This study also finds that a decentralized structure of information security management activities has a positive effect on the maturity of information security planning integration. This study suggest the maturity of information security planning integration that has a direct effect on the utilization of information security strategies and mediates the relationship between structure of information security management activities and utilization of information security strategies.
Young, R. F., & Windsor, J. (2010). Empirical Evaluation of Information Security Planning and Integration. Communications of the Association for Information Systems, 26, pp-pp. https://doi.org/10.17705/1CAIS.02613