DBA Doctoral Study Proposal Oral Defense

2017

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 largest for-profit United States headquartered corporations. The results of the multiple linear regression indicated the model was able to significantly predict ISG effectiveness, F(5, 89) = 3.08, p = 0.01, R² = 0.15. Strategic alignment was the only statistically significant (t = 2.401, p <= 0.018) predictor. The implications for positive social change include the potential to constructively understand the correlates of ISG effectiveness, thus increasing the propensity for consumer trust and reducing consumers’ costs.

Information is an important asset of any organisation and the protection of this asset, through information security is equally important. This paper examines the relationship between corporate governance and information security and the fact that top management is responsible for high-quality information security.

Integrity and Internal Control in Information Systems V, 2003

International Journal of Research in Commerce, IT and Management, 2013

All the headings should be in a 10 point Calibri Font. These must be bold-faced, aligned left and fully capitalised. Leave a blank line before each heading. SUB-HEADINGS: All the sub-headings should be in a 8 point Calibri Font. These must be bold-faced, aligned left and fully capitalised.

Business and Economic Research, 2019

Using Grounded Theory, this study addresses factors related to forensic accounting, as well as various issues that can arise due to lack of security measures. The study identifies issues related to lack of security measures and cybersecurity crimes, and their impact on corporate-governance practices within organizations. This qualitative research study was phenomenological in nature and participants included a group of twelve employees in the field of forensic accounting, auditing, and information security systems across several organizations in the Southwest United States who were interviewed about cybersecurity and information security. Specific research literature provides a framework for this study, indicating the need for information technology that reinforces data safety and increases the effectiveness of corporate governance. The forensic accounting system depends on auditing and risk-control factors because in their absence, organizations may be unable to keep data confident...

— The matrix analysis of the literature review in this study succeeded in producing factors that contribute to information security awareness. Information security awareness plays an important role in the continuity of an organization. Information security refers to the elements of confidentiality, integrity, and availability, of data or information, in an organization. The research began with definitions of information, information security, and information security awareness, as identified by previous publications. The four independent variables established in this study are policy of information security, education of information security, knowledge of IT, and employee's behaviour towards information security in the workplace. A survey was selected as a research method for the study, and was conducted in order to gain respondent's feedback on the level of information security awareness. The survey findings showed that the level of information security awareness was considered high, but the relation or contribution factors proposed by this study were only slight correlated.

— Information Security (IS) is increasingly becoming an integrated business practice instead of just IT. Security breaches are a challenge to organizations. They run the risk of losing revenue, trust and reputation and in extreme cases they might even go under. IS literature emphasizes the necessity to govern Information Security at the level of the Board of Directors (BoD) and to execute (i.e. plan, build, run and monitor) it at management level. This paper describes explorative research into IS-relevant Governance and Executive management practices. Answering the main research question: " Which practices at the level of Governance are relevant for Business Information Security Maturity " The initial phase of this research consists of a review of academic and practice-oriented literature on these relevant practices. This list of practices is then examined and validated through expert panel research using a Group Support System (GSS). The paper ultimately identifies a list of 22 core principles. This list can function as frame of reference for Boards of Directors and Management Teams in order to increase their level of Business Information Security (BIS) Maturity.

The importance of applying good governance principles has grown over the past decade and many studies have been performed to investigate the role and impact of such principles. One of the difficulties in the governance arena is to provide sufficient empirical evidence that good corporate governance and good governance of information technology is beneficial. This paper describes a framework, based on a value-focused approach, which is used to identify unique dimensions for evaluation in a large organisation. Following the evaluation a practical phishing experiment was used to show how a learning process can be initiated through security incidents and how organisational learning can be used to focus on the improvement of specific governance areas.

Journal of Executive Education, 2013

Information security is a critical aspect of information systems usage in current organizations. Often relegated to the IT staff, it is in fact the responsibility of senior management to assure the secure use and operation of information assets. Most managers recognize that governance is the responsibility of executive management. The primary objective of governance can be achieved when the members of an organization know what to do, how it should be done, as well as who should do it. The focus on governance has expanded to include more aspects of the organizational hierarchy to include information systems and information security. This article offers value to the executive by first defining governance as it is applied to information security and exploring three specific governance-related topics. The first of these examines how governance can be applied to the critical aspect of planning both for normal and contingency operations. The next topic describes the need for measurement programs and how such metrics can be developed for information security assessment and continuous improvement. Finally, aspects of effective communication among and between general and information security managers is presented.

Abstract An important aspect of any system development,activity is about ensuring the security of both,the IT infrastructure and,all the valuable,information contained,within,the organisation. Keeping, information safe and secure, therefore, is a key necessity for present day managers. The,board,of directors are ultimately accountable,for their organisation’s success. Consequently, it is imperative that these senior executives take responsibility for the protection of their company’s information. There has been a lot of research undertaken,on information,security but very,little has been,carried out on information security governance. This paper explores and critiques the literature on bot h information security and information security governance. In order to investigate these areas effectively, it is important to classify the different theories and to trace their