Information Security Governance: A Case Study of the Strategic Context of Information Security

Abstract

Security governance influences the quality of strategic decision-making towards ensuring that investments in security are not wasted. Security governance involves a range of activities including adjusting organisational structures, designating roles and responsibilities, allocating resources, managing risks, measuring results, and gauging the adequacy of security audits and reviews. We draw on a case study to identify three security issues in an organisation around strategic context. These are (1) limited diversity in decision-making; (2) lack of guidance in corporate-level mission statements to security decision-makers; (3) a bottom-up approach to security strategic context development. We ..