This research argues that the information security governance objectives should be grounded in the values of organizational members. Research literature in decision sciences suggest that individual values play an important role in developing decision objectives. Information security governance objectives, based on values of the stakeholders, are essential for a comprehensive security control program. The study uses Value Theory as a theoretical basis and value focused thinking as a methodology to develop 23 objectives for information security governance. A case study was conducted to reexamine and interpret the significance of the proposed objectives in an organizational context. The results suggest three emergent dimensions of information security governance for effective control structure in organizations: resource allocation, user involvement and process integrity. The synthesis of data suggests eight principles of information security governance which guides organizations in achieving a comprehensive security environment. We also present a means-end model of ISG which proposes the interrelationships of the developed objectives. Contributions are noted and future research directions suggested.
Identifer | oai:union.ndltd.org:vcu.edu/oai:scholarscompass.vcu.edu:etd-2754 |
Date | 09 December 2008 |
Creators | Mishra, Sushma |
Publisher | VCU Scholars Compass |
Source Sets | Virginia Commonwealth University |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | Theses and Dissertations |
Rights | © The Author |
Page generated in 0.0043 seconds