TY - JOUR
T1 - Information security governance implementation within Ghanaian industry sectors an empirical study
AU - Yaokumah, Winfred
N1 - Publisher Copyright:
© Emerald Group Publishing Limited 0968-5227.
PY - 2014/7/8
Y1 - 2014/7/8
N2 - Purpose: The purpose of this study is to assess the levels of information security governance (ISG) implementation among major Ghanaian industry sectors. The intent is to benchmark inter-industry sector ISG implementation and to identify areas that may require improvement. Design/methodology/approach: Random sampling strategy was used, and data were collected via Web survey. The data analysis utilized a one-way analysis of variance to determine the differences in means of the levels of implementation of ISG focus areas among five main industry sectors. Findings: The results showed that, as a whole, all the industry sectors have only partially implemented ISG. In particular, there existed statistical significant differences in ISG implementation among the industry sectors. Ranking ISG implementation, Financial Institutions were close to completion, Utility Companies, Others (Information Technology, Oil and Gas, Manufacturing) and Public Services had PI ISG and health care and educational institutions were atthe planning stages. The result also revealed that all the industry sectors made marginal effort trying to align information security to business strategy, and performance measurement remained the least implemented focus area. Originality/value: Organizational leaders could use these findings to benchmark industry sectors' ISG implementation, which could lead to competitiveness. Again, international enterprises that do businesses with these industry sectors would better understand the level of involvement of the top executives in governing information security toward the protection of valuable information assets.
AB - Purpose: The purpose of this study is to assess the levels of information security governance (ISG) implementation among major Ghanaian industry sectors. The intent is to benchmark inter-industry sector ISG implementation and to identify areas that may require improvement. Design/methodology/approach: Random sampling strategy was used, and data were collected via Web survey. The data analysis utilized a one-way analysis of variance to determine the differences in means of the levels of implementation of ISG focus areas among five main industry sectors. Findings: The results showed that, as a whole, all the industry sectors have only partially implemented ISG. In particular, there existed statistical significant differences in ISG implementation among the industry sectors. Ranking ISG implementation, Financial Institutions were close to completion, Utility Companies, Others (Information Technology, Oil and Gas, Manufacturing) and Public Services had PI ISG and health care and educational institutions were atthe planning stages. The result also revealed that all the industry sectors made marginal effort trying to align information security to business strategy, and performance measurement remained the least implemented focus area. Originality/value: Organizational leaders could use these findings to benchmark industry sectors' ISG implementation, which could lead to competitiveness. Again, international enterprises that do businesses with these industry sectors would better understand the level of involvement of the top executives in governing information security toward the protection of valuable information assets.
KW - Benchmarking
KW - Business alignment
KW - Information security
KW - Risk management
UR - http://www.scopus.com/inward/record.url?scp=84927515418&partnerID=8YFLogxK
U2 - 10.1108/IMCS-06-2013-0044
DO - 10.1108/IMCS-06-2013-0044
M3 - Article
AN - SCOPUS:84927515418
SN - 0968-5227
VL - 22
SP - 235
EP - 250
JO - Information Management and Computer Security
JF - Information Management and Computer Security
IS - 3
ER -