Paper Number
2136
Paper Type
Complete Research Paper
Abstract
Today’s digital organizations recognize the imperative of adopting a strategic approach to cybersecurity, acknowledging that managerial and behavioral processes, alongside technical measures, play a crucial role in ensuring organizational cybersecurity. Despite this understanding, the existing literature lacks clarity on the relationship between organizational governance and cybersecurity. Practical guidance is also limited on how different mechanisms of governance—structural, formal, and relational—can be leveraged to enhance an organization’s cybersecurity posture considering its overall governance model. To address this gap, we conducted interviews with 12 employees from a higher education institution. Our findings suggest a robust connection between organizational governance and cybersecurity management, revealing that cybersecurity strategy and behavior are influenced by the governance choices made within an organization. Our results highlight the significance of relational governance in a setting where it is challenging to impose rules and regulations due to the independence of organizational units and the autonomy of employees.
Recommended Citation
Bulgurcu, Burcu; Levallet, Nadege; and Mashatan, Atefeh, "Implications of Organizational Governance on Cybersecurity Management: A Qualitative Study in Higher Education" (2024). ECIS 2024 Proceedings. 2.
https://aisel.aisnet.org/ecis2024/track02_general/track02_general/2
Implications of Organizational Governance on Cybersecurity Management: A Qualitative Study in Higher Education
Today’s digital organizations recognize the imperative of adopting a strategic approach to cybersecurity, acknowledging that managerial and behavioral processes, alongside technical measures, play a crucial role in ensuring organizational cybersecurity. Despite this understanding, the existing literature lacks clarity on the relationship between organizational governance and cybersecurity. Practical guidance is also limited on how different mechanisms of governance—structural, formal, and relational—can be leveraged to enhance an organization’s cybersecurity posture considering its overall governance model. To address this gap, we conducted interviews with 12 employees from a higher education institution. Our findings suggest a robust connection between organizational governance and cybersecurity management, revealing that cybersecurity strategy and behavior are influenced by the governance choices made within an organization. Our results highlight the significance of relational governance in a setting where it is challenging to impose rules and regulations due to the independence of organizational units and the autonomy of employees.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.