Towards a Taxonomy of Information Security Management Practices in Organisations

Date
2014
Authors
Alshaikh, Moneer
Ahmad, Atif
Maynard, Sean B
Chang, Shanton
Supervisor
Item type
Conference Contribution
Degree name
Journal Title
Journal ISSN
Volume Title
Publisher
ACIS
Abstract

There is growing recognition of the role that management performs in protecting organisational information. However, our review of the academic and professional literatures did not find an empirically sound and coherent view of the range of management activities that can be applied as part of an information security program. As a result, organisations have insufficient guidance on what methods can be implemented to meet security objectives. Further, organisations have no empirically evidenced benchmark against which management practices can be assessed. This research project aims to develop a rigorous, comprehensive and empirically evidenced taxonomy of information security management practices to provide organisations with comprehensive guidance. In this paper we report on the first phase of the development of the taxonomy. In this phase we conduct a comprehensive literature review to identify the range of ISMPs in the literature and suggest possible ways of classifying management level activity.

Description
Keywords
Source
Proceedings of the 25th Australasian Conference on Information Systems, 8th - 10th December, Auckland, New Zealand
DOI
Publisher's version
Rights statement