Governing Information Security: Governance Domains and Decision Rights Allocation Patterns

  title={Governing Information Security: Governance Domains and Decision Rights Allocation Patterns},
  author={Yu Andy Wu and Carol Stoak Saunders},
  journal={Inf. Resour. Manag. J.},
Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff's 2007 framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology NIST, the authors present seven domains of information security governance. For each of the governance… 

Figures and Tables from this paper

An Empirical Study into Information Security Governance Focus Areas and their Effects on Risk Management

This paper aimed at determining the extent to which information security governance (ISG) focus areas impact risk management. A total of 81 valid questionnaires were collected and processed using

Information security and information technology governance: a Malaysian case study

Prudential Private Limited Company (PLC) is a company incorporated in England, with its head office in London. With its affiliated companies, Prudential constitutes one of the world's leading

Legal and policy aspects to consider when providing information security in the corporate environment

  • R. Dagada
  • Computer Science, Political Science
  • 2014
It is found that not all provisions of this legislation that deal with information security are implemented by both the government and information security practitioners in corporate South Africa.

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

A Platform for Organisation Security Threat Analytic and Management (POSTAM) using rule-based approach is introduced, which enhances strategies for combating information security threats and thus improves organisations’ commitment in protecting their critical assets.

Effects of Team Collaboration on Sharing Information Security Advice: Insights from Network Analysis

The findings revealed that those who share security advice also tend to give work-and IT-related knowledge and employees who have similar tenure tend to exchange security advice with each other more.

Investigating the formation of an information security climate in a large Vietnamese construction company: a social network analysis approach

The management of organisational information security (InfoSec) has gained importance due to the rise of new and sophisticated cyberthreats with technical measures alone no longer comprising

Examining Personal Information Privacy-Protective Responses (IPPR) with the Use of Smart Devices

Examination of whether users are aware of the privacy issues associated with their download and use of smart devices’ apps and how that knowledge would influence their future privacy preserving behavior is examined.


Some processes in DSS domain of COBIT5 is introduced and mapped in different area of eTOM operations phase to enrich the processes in operations phase included of service assurance and fulfillment and to increase customer retention and loyalty and SLA fulfillment.



An Information Security Governance Framework

The proposed governance framework can be used by organizations to ensure they are governing information security from a holistic perspective, thereby minimising risk and cultivating an acceptable level of information security culture.

Enterprise information security strategies

One Size Does Not Fit All---A Contingency Approach to Data Governance

The article presents the first results of a community action research project on data governance comprising six international companies from various industries and outlines a data governance model that consists of three components (data quality roles, decision areas, and responsibilities), which together form a responsibility assignment matrix.

The executive guide to information security - threats, challenges and solutions

The Executive Guide to Information Security offers realistic, step-by-step recommendations for evaluating and improving information security in any enterprise.

Improved security through information security governance

This article examines information security planning at the strategic level of the enterprise and empirically assess its value in enhancing the quality of information security programs.

Strategic Information Security

The author discusses how developing a good information security program hinges on having a mindset that it is a core part of the business and not just an afterthought.

Information Security Governance

It is generally accepted that Information Security Governance is an integral part of Corporate Governance. It is therefore essential for any company to have a proper Information Security Governance...