Return to search

A Framework for the Governance of Information Security

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant interest in the recent past on how human compliance to information security policy can be achieved in an organization. Various models have been proposed by these researchers. However, there are very few models that have tried to link human commitment attributes with information security governance of an organization. The research problem of this study was to identify the security controls and mechanisms to govern information security effectively. The proposed model was based on agency theory and comprises a relationship between human commitment variables (ethics, integrity and trust) with security governance variables (structural, relational and process) referred as systemic variables in the research. The resulting correlation is further related with governance objectives (goal congruence and reducing information asymmetry) to hypothesize an effective information security in an organization. The research model proposed was tested employing confirmatory factor analysis (CFA) and structural equation modeling (SEM).
There were four models tested in this research. The first model (initial measurement model) comprised human variables linked with relational and the systemic variables linked with goal congruence and information asymmetry. This model could not get through the CFA tests. A modified model comprising human and systemic attributes related with goal congruence and information asymmetry, separately, was taken forward to SEM. This model returned low model fitment scores and hence two alternate models were tested. In the first alternative, the human attributes were related with goal congruence and systemic attributes were linked with information asymmetry. In the second alternative, the relationships of the first alternatives were retained and two alternate relationships were introduced - integrity was linked with information asymmetry and structural was linked with goal congruence. Both models are very close to good model fitment scores. However, the second alternative returned better results and hence, was chosen as the final outcome of the research. The model reflects that human attributes and systemic attributes are fairly independent in an effective information security framework, and drive goal congruence and information asymmetry, respectively. However, integrity is an important human commitment for ensuring information asymmetry and the right organizational structure and roles are important for ensuring goal congruence.

Identiferoai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1142
Date01 January 2013
CreatorsEdwards, Charles Kumar
PublisherNSUWorks
Source SetsNova Southeastern University
Detected LanguageEnglish
Typetext
Formatapplication/pdf
SourceCEC Theses and Dissertations

Page generated in 0.0019 seconds