Information Security Governance: A Process Model and Pilot Case Study

Presenter Information

Chee Kong Wong, University of MelbourneFollow
Sean B. Maynard, University of MelbourneFollow
Atif Ahmad, University of MelbourneFollow
Humza Naseer, University of MelbourneFollow

Paper Type

short

Paper Number

1454

Description

The responsibility for information security governance (ISG) is increasingly falling to boards of directors and executive management. Recent high-profile incidents such as the breaches of Equifax, Target and Yahoo have increased awareness of the fiduciary duty of care of the board and the expectations of executive management in protecting organizational information assets. Our review of past research shows practical guidance on implementing ISG relevant to the current dynamic security environment remains deficient, despite the large number of hypothetical frameworks and models proposed. In this paper we propose and develop a novel process model to explain how ISG can be practiced in financial organizations. We subsequently refine the model using a pilot case study and conclude with a brief discussion of our contributions and further work.

Recommended Citation

Wong, Chee Kong; Maynard, Sean B.; Ahmad, Atif; and Naseer, Humza, "Information Security Governance: A Process Model and Pilot Case Study" (2020). ICIS 2020 Proceedings. 3.
https://aisel.aisnet.org/icis2020/cyber_security_privacy/cyber_security_privacy/3