Towards a Taxonomy of Information Security Management Practices in Organisations

Abstract

There is growing recognition of the role that management performs in protecting organisational information. However, our review of the academic and professional literatures did not find an empirically sound and coherent view of the range of management activities that can be applied as part of an information security program. As a result, organisations have insufficient guidance on what methods can be implemented to meet security objectives. Further, organisations have no empirically evidenced benchmark against which management practices can be assessed. This research project aims to develop a rigorous, comprehensive and empirically evidenced taxonomy of information security management practi..