A Policy-Based Metrics Framework for Information Security Performance Measurement

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 = .505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes.

Download Full-text

Performance measurement guide for information security

10.6028/nist.sp.800-55r1 ◽

2008 ◽

Cited By ~ 38

Author(s):

E Chew ◽

M Swanson ◽

K M Stine ◽

N Bartol ◽

A Brown ◽

...

Keyword(s):

Information Security ◽

Performance Measurement

Download Full-text

An empirical examination of the relationship between information security/business strategic alignment and information security governance domain areas

Journal of Business Systems Governance & Ethics ◽

10.15209/jbsge.v9i2.718 ◽

2014 ◽

Vol 9 (2) ◽

Cited By ~ 2

Author(s):

Winfred Yaokumah ◽

Steven Brown

Keyword(s):

Risk Management ◽

Resource Management ◽

Information Security ◽

Performance Measurement ◽

Linear Regression Analysis ◽

Strategic Alignment ◽

Management Performance ◽

Empirical Examination ◽

Security Governance ◽

Information Security Governance

The purpose of this study was to examine empirically the extent of the relationships between information security governance (ISG) strategic alignment and other individual information security domain areas consisting of risk management, value delivery, performance measurement, and resource management in order to ascertain whether the domain areas were integrated for ISG success in Ghanaian organizations. Corporate governance theories, including agency theory, stakeholder theory, and organizational theory, were employed to explore the literature. These theories were mapped to strategic alignment, risk management, resource management, performance measurement, and value delivery domains of information security governance. Random sampling strategy was used and data were collected via web survey. The data analysis employed a linear regression analysis to determine the degree of correlation among the domain areas. The study found that relationships between information security governance strategic alignment and other ISG domains were positively statistically significant. Strategic alignment was related to risk management (R² = .836); to value delivery (R² = .718), to performance measurement (R² = .722), and to resource management (R² = .747). The results highlighted consistent importance of strategic alignment practices as a predictor of organizational information security risk management, performance measurement, resource management, and value delivery. This implies that effective information security governance strategic alignment greatly improves organizations’ risk management, resource management, performance measurement, and delivers business value. Therefore, organizations should improve strategic alignment attributes in order to attain effective information security governance.

Download Full-text

Evaluating the Effectiveness of Information Security Governance Practices in Developing Nations

Standards and Standardization ◽

10.4018/978-1-4666-8111-8.ch062 ◽

2015 ◽

pp. 1317-1333

Author(s):

Winfred Yaokumah

Keyword(s):

Risk Management ◽

Resource Management ◽

Information Security ◽

Performance Measurement ◽

Strategic Alignment ◽

Security Governance ◽

Governance Effectiveness ◽

Governance Practices ◽

Information Security Governance ◽

And Performance

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 = .505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes.

Download Full-text