PACIS 2021 Proceedings

Paper Type


Paper Number



This study presents a synthesis of the literature on information security strategy that identifies the knowledge gaps in our understanding on how information security strategies are formulated and operationalized in organizations. The findings show that primarily information security research examines security strategy from the perspective of preventing or the mitigation of security threats and attacks. Organizations focus on compliance with security strategies by employees to ensure that information security regulations and standards are met. This study examines the security strategy formulation process. Using the Arksey and O’Malley scoping review framework, 23 articles were systematically selected and reviewed. Analyses from the review showed that information security strategy is under-researched in the top IS journals. Analyses of the literature showed that there is no unified approach to security strategy. The literature approaches information security strategy from an operational and technical perspective. Finally, research gaps and areas for future research are discussed.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.