Evaluating the Effectiveness of Information Security Governance Practices in Developing Nations

2013 ◽  
Vol 4 (1) ◽  
pp. 27-43 ◽  
Author(s):  
Winfred Yaokumah
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Information Security ◽  
Performance Measurement ◽  
Management Practices ◽  
Strategic Alignment ◽  
Sampling Technique ◽  
Security Governance ◽  
Governance Effectiveness ◽  
Information Security Governance

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 = .505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes.

scholarly journals Governing Uncertainty or Uncertain Governance? Information Security and the Challenge of Cutting Ties

2020 ◽  
Vol 46 (1) ◽  
pp. 81-111 ◽  
Author(s):  
Rebecca Slayton
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Network Theory ◽  
Information Technologies ◽  
Actor Network Theory ◽  
Actor Network ◽  
Security Governance ◽  
The Us ◽  
History Of ◽  
Information Security Governance

Information security governance has become an elusive goal and a murky concept. This paper problematizes both information security governance and the broader concept of governance. What does it mean to govern information security, or for that matter, anything? Why have information technologies proven difficult to govern? And what assurances can governance provide for the billions of people who rely on information technologies every day? Drawing together several distinct bodies of literature—including multiple strands of governance theory, actor–network theory, and scholarship on sociotechnical regimes—this paper conceptualizes networked action on a spectrum from uncertain governance to governing uncertainty. I advance a twofold argument. First, I argue that networks can better govern uncertainty as they become more able not only to enroll actors in a collective agenda, but also to cut ties with those who seek to undermine that agenda. And second, I argue that the dominant conception of information security governance, which emphasizes governing uncertainty through risk management, in practice devolves to uncertain governance. This is largely because information technologies have evolved toward greater connectedness—and with it, greater vulnerability—creating a regime of insecurity. This evolution is illustrated using the history of the US government’s efforts to govern information security.

scholarly journals An empirical examination of the relationship between information security/business strategic alignment and information security governance domain areas

2014 ◽  
Vol 9 (2) ◽  
Author(s):  
Winfred Yaokumah ◽  
Steven Brown
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Information Security ◽  
Performance Measurement ◽  
Linear Regression Analysis ◽  
Strategic Alignment ◽  
Management Performance ◽  
Empirical Examination ◽  
Security Governance ◽  
Information Security Governance

The purpose of this study was to examine empirically the extent of the relationships between information security governance (ISG) strategic alignment and other individual information security domain areas consisting of risk management, value delivery, performance measurement, and resource management in order to ascertain whether the domain areas were integrated for ISG success in Ghanaian organizations. Corporate governance theories, including agency theory, stakeholder theory, and organizational theory, were employed to explore the literature. These theories were mapped to strategic alignment, risk management, resource management, performance measurement, and value delivery domains of information security governance. Random sampling strategy was used and data were collected via web survey. The data analysis employed a linear regression analysis to determine the degree of correlation among the domain areas. The study found that relationships between information security governance strategic alignment and other ISG domains were positively statistically significant. Strategic alignment was related to risk management (R² = .836); to value delivery (R² = .718), to performance measurement (R² = .722), and to resource management (R² = .747). The results highlighted consistent importance of strategic alignment practices as a predictor of organizational information security risk management, performance measurement, resource management, and value delivery. This implies that effective information security governance strategic alignment greatly improves organizations’ risk management, resource management, performance measurement, and delivers business value. Therefore, organizations should improve strategic alignment attributes in order to attain effective information security governance.

Evaluating the Effectiveness of Information Security Governance Practices in Developing Nations

2015 ◽  
pp. 1317-1333
Author(s):  
Winfred Yaokumah
Keyword(s):  
Risk Management ◽  
Resource Management ◽  
Information Security ◽  
Performance Measurement ◽  
Strategic Alignment ◽  
Security Governance ◽  
Governance Effectiveness ◽  
Governance Practices ◽  
Information Security Governance ◽  
And Performance

The purpose of this empirical study is to evaluate the extent to which information security governance domain practices: strategic alignment, value delivery, resource management, risk management, and performance measurement relate to information security governance effectiveness. Random sampling technique was employed and data were collected via web survey from Ghanaian organizations. Employing three multiple regression models, the results showed there were statistically significant positive linear relationship between information security governance domain practices and information security governance effectiveness. Overall, the model produced R2 = .505, indicating that 50.5% of the variance in information security governance effectiveness was explained by information security governance domain practices. The results highlighted resource management, performance measurement and risk management practices as the predictors of organizational information security governance effectiveness while strategic alignment contributed only marginally to the models. Therefore, to attain higher information security governance effectiveness, organizations should focus on strategic alignment between the business and information security attributes.

Sign in / Sign up

Export Citation Format

Share Document