An Empirical Study into Information Security Governance Focus Areas and their Effects on Risk Management

Winfred Yaokumah, Steven Brown

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This paper aimed at determining the extent to which information security governance (ISG) focus areas impact risk management. A total of 81 valid questionnaires were collected and processed using multiple linear regression and frequency analyses. The results showed that 92.7% of the variances in risk management were explained by the resource management, information security and business strategic alignment, value delivery, and performance measurement. Resource management and strategic alignment made significant positive contribution to risk management. Among the most applied attributes within the ISG focus areas, the organizations appreciably implemented policies that address risk management and non-compliance to security risk. However, risk assessment was not frequently and exhaustively performed and security personnel were not adequately trained. The study contributed to the literature by empirically determining the impact of ISG focus areas on risk management, provided organizational leaders better understanding of ISG focus areas, and suggested improvement to ISG practices.

Original languageEnglish
Title of host publicationProceedings - 2014 Annual Global Online Conference on Information and Computer Technology, GOCICT 2014
EditorsEmmanuel Udoh
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages42-49
Number of pages8
ISBN (Electronic)9781479983117
DOIs
Publication statusPublished - 26 May 2014
Externally publishedYes
Event2014 Annual Global Online Conference on Information and Computer Technology, GOCICT 2014 - Louisville
Duration: 3 Dec 20145 Dec 2014

Publication series

NameProceedings - 2014 Annual Global Online Conference on Information and Computer Technology, GOCICT 2014

Conference

Conference2014 Annual Global Online Conference on Information and Computer Technology, GOCICT 2014
Country/TerritoryUnited States
CityLouisville
Period3/12/145/12/14

Keywords

  • Information Security Governance
  • Performance Measurement
  • Resource Management
  • Risk Management
  • Strategic Alignment
  • Value Delivery

Fingerprint

Dive into the research topics of 'An Empirical Study into Information Security Governance Focus Areas and their Effects on Risk Management'. Together they form a unique fingerprint.

Cite this