TY - GEN
T1 - An Empirical Study into Information Security Governance Focus Areas and their Effects on Risk Management
AU - Yaokumah, Winfred
AU - Brown, Steven
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/5/26
Y1 - 2014/5/26
N2 - This paper aimed at determining the extent to which information security governance (ISG) focus areas impact risk management. A total of 81 valid questionnaires were collected and processed using multiple linear regression and frequency analyses. The results showed that 92.7% of the variances in risk management were explained by the resource management, information security and business strategic alignment, value delivery, and performance measurement. Resource management and strategic alignment made significant positive contribution to risk management. Among the most applied attributes within the ISG focus areas, the organizations appreciably implemented policies that address risk management and non-compliance to security risk. However, risk assessment was not frequently and exhaustively performed and security personnel were not adequately trained. The study contributed to the literature by empirically determining the impact of ISG focus areas on risk management, provided organizational leaders better understanding of ISG focus areas, and suggested improvement to ISG practices.
AB - This paper aimed at determining the extent to which information security governance (ISG) focus areas impact risk management. A total of 81 valid questionnaires were collected and processed using multiple linear regression and frequency analyses. The results showed that 92.7% of the variances in risk management were explained by the resource management, information security and business strategic alignment, value delivery, and performance measurement. Resource management and strategic alignment made significant positive contribution to risk management. Among the most applied attributes within the ISG focus areas, the organizations appreciably implemented policies that address risk management and non-compliance to security risk. However, risk assessment was not frequently and exhaustively performed and security personnel were not adequately trained. The study contributed to the literature by empirically determining the impact of ISG focus areas on risk management, provided organizational leaders better understanding of ISG focus areas, and suggested improvement to ISG practices.
KW - Information Security Governance
KW - Performance Measurement
KW - Resource Management
KW - Risk Management
KW - Strategic Alignment
KW - Value Delivery
UR - http://www.scopus.com/inward/record.url?scp=84949926549&partnerID=8YFLogxK
U2 - 10.1109/GOCICT.2014.12
DO - 10.1109/GOCICT.2014.12
M3 - Conference contribution
AN - SCOPUS:84949926549
T3 - Proceedings - 2014 Annual Global Online Conference on Information and Computer Technology, GOCICT 2014
SP - 42
EP - 49
BT - Proceedings - 2014 Annual Global Online Conference on Information and Computer Technology, GOCICT 2014
A2 - Udoh, Emmanuel
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 Annual Global Online Conference on Information and Computer Technology, GOCICT 2014
Y2 - 3 December 2014 through 5 December 2014
ER -