Managing Security Objectives for Effective Organizational Performance Information Security Management

Gutta, Ramamohan

01 January 2019

Information is a significant asset to organizations, and a data breach from a cyberattack harms reputations and may result in a massive financial loss. Many senior managers lack the competencies to implement an enterprise risk management system and align organizational resources such as people, processes, and technology to prevent cyberattacks on enterprise assets. The purpose of this Delphi study was to explore how the managerial competencies for information security and risk management senior managers help in managing security objectives and practices to mitigate security risks. The National Institute of Standards and Technology framework served as the foundation for this study. The sample was made up of 12 information security practitioners, information security experts, and managers responsible for the enterprise information security management. Participants were from Fortune 500 companies in the United States. Selection was based on their level of experience and knowledge of the topic being studied. Data were collected using a 3 round Delphi study of 12 experts in information security and risk management. Statistical analysis was performed on the collected data during a 3 round Delphi study. The mean, standard deviation, majority agreement, and ranges were used to determine the final concensus for this research study. Findings of this study included the need for managerial support, risk management strategies, and developling the managerial and technical talent to mitigate and respond to cyberattacks. Findings may result in a positive social change by providing information that helps managers to reduce the number of data breaches from cyberattacks, which benefits companies, employees, and customers.

Cyberattack

Governance

Databases and Information Systems