Information Security Governance (ISG) is an important discipline that addresses information security at a strategic level providing strategic direction, optimized use of information resources and proper security incident management. ISG and the impact of poor security incident management have attracted much attention in the literature but unfortunately there is little empirical evidence regarding the explicit link between ISG and its effectiveness in terms of reducing negative impacts on business objectives from security incidents. Consequently, little exploration of ISG factors and their impact on the above mentioned measure of effectiveness exists. Further, to direct endeavors the crucial question is if there exist any differences in how effective these factors are in attaining this target. Currently, there is a lack in research considering this question. The research presented in this article explores the ISG domain further by empirically examine 30 ISG factors and their ability of reducing negative impacts on business objectives from security incidents. Data has been collected by surveying ISG experts. Ten factors were identified to have significant different means in relation to other factors according to a one-way ANOVA analysis that was conducted. The results give an indication on what ISG factors that have an effect, providing both support for further academic research and also decision support for implementing ISG.
Flores, Waldo and Farnian, Adnan, "EXPERT OPINIONS ON INFORMATION SECURITY GOVERNANCE FACTORS: AN EXPLORATORY STUDY" (2011). ECIS 2011 Proceedings. 239.