Abstract

The corporate Chief Information Security Officer (CISO) has one of the most challenging senior leadership roles because of the everchanging threat environment and limited resources. The CISO deploys behavioral strategies, policy, and technology to address today's challenges. Studies suggest that information security programs are often underfunded because they are perceived as bottom-line expenses, not top-line value. The purpose of this paper is to help CISOs better compete for investment capital by demonstrating top-line value to senior management. Drawing on historical and modern institutional, social cognitive, and value theories, this study identifies opportunities for value top-line value within the Information Security discipline. Furthermore, this research paper conducts a comprehensive analysis of 100 NASDAQ company information security value creation policies and presents findings focused on the information security competitive advantages, opening the door for increased investment capital. This study contributes to the Information Security literature by making a case for the information security management's direct inclusion into Porter's value chain model.

Download

Share

COinS