A Framework for the Governance of Information Security

Autor/in	Edwards, Charles K.
Titel	A Framework for the Governance of Information Security
Quelle	(2013), (229 Seiten) PDF als Volltext Verfügbarkeit Ph.D. Dissertation, Nova Southeastern University
Sprache	englisch
Dokumenttyp	gedruckt; online; Monographie
ISBN	978-1-3036-5143-4
Schlagwörter	Hochschulschrift; Dissertation; Governance; Information Security; Models; Compliance (Legal); Factor Analysis; Structural Equation Models; Correlation; Information Technology; Information Policy + Suchen Sie Ihr Suchwort? Thesis; Dissertations; Academic thesis; Education; Educational policy; Financing; Steuerung; Bildung; Erziehung; Bildungspolitik; Finanzierung; Analogiemodell; Faktorenanalyse; Korrelation; Informationstechnologie; Informationspolitik
Abstract	Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant interest in the recent past on how human compliance to information security policy can be achieved in an organization. Various models have been proposed by these researchers. However, there are very few models that have tried to link human commitment attributes with information security governance of an organization. The research problem of this study was to identify the security controls and mechanisms to govern information security effectively. The proposed model was based on agency theory and comprises a relationship between human commitment variables (ethics, integrity and trust) with security governance variables (structural, relational and process) referred as systemic variables in the research. The resulting correlation is further related with governance objectives (goal congruence and reducing information asymmetry) to hypothesize an effective information security in an organization. The research model proposed was tested employing confirmatory factor analysis (CFA) and structural equation modeling (SEM). There were four models tested in this research. The first model (initial measurement model) comprised human variables linked with relational and the systemic variables linked with goal congruence and information asymmetry. This model could not get through the CFA tests. A modified model comprising human and systemic attributes related with goal congruence and information asymmetry, separately, was taken forward to SEM. This model returned low model fitment scores and hence two alternate models were tested. In the first alternative, the human attributes were related with goal congruence and systemic attributes were linked with information asymmetry. In the second alternative, the relationships of the first alternatives were retained and two alternate relationships were introduced--integrity was linked with information asymmetry and structural was linked with goal congruence. Both models are very close to good model fitment scores. However, the second alternative returned better results and hence, was chosen as the final outcome of the research. The model reflects that human attributes and systemic attributes are fairly independent in an effective information security framework, and drive goal congruence and information asymmetry, respectively. However, integrity is an important human commitment for ensuring information asymmetry and the right organizational structure and roles are important for ensuring goal congruence. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.] (As Provided).
Anmerkungen	ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com/en-US/products/dissertations/individuals.shtml
Erfasst von	ERIC (Education Resources Information Center), Washington, DC
Update	2020/1/01