Cyber-security, Privacy, Legal and Ethical Issues in IS

Loading...

Media is loading
 

Paper Type

short

Paper Number

1454

Description

The responsibility for information security governance (ISG) is increasingly falling to boards of directors and executive management. Recent high-profile incidents such as the breaches of Equifax, Target and Yahoo have increased awareness of the fiduciary duty of care of the board and the expectations of executive management in protecting organizational information assets. Our review of past research shows practical guidance on implementing ISG relevant to the current dynamic security environment remains deficient, despite the large number of hypothetical frameworks and models proposed. In this paper we propose and develop a novel process model to explain how ISG can be practiced in financial organizations. We subsequently refine the model using a pilot case study and conclude with a brief discussion of our contributions and further work.

Share

COinS
 
Dec 14th, 12:00 AM

Information Security Governance: A Process Model and Pilot Case Study

The responsibility for information security governance (ISG) is increasingly falling to boards of directors and executive management. Recent high-profile incidents such as the breaches of Equifax, Target and Yahoo have increased awareness of the fiduciary duty of care of the board and the expectations of executive management in protecting organizational information assets. Our review of past research shows practical guidance on implementing ISG relevant to the current dynamic security environment remains deficient, despite the large number of hypothetical frameworks and models proposed. In this paper we propose and develop a novel process model to explain how ISG can be practiced in financial organizations. We subsequently refine the model using a pilot case study and conclude with a brief discussion of our contributions and further work.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.