Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.4.915

A study on effects of implementing information security governance by information security committee activities  

Kim, Kunwoo (Chung-Ang University)
Kim, Jungduk (Chung-Ang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.4, 2015 , pp. 915-920 More about this Journal
Abstract
The commitment of top management is still insufficient for information security even the core of information security governance is dependent on the leadership of top management. In this situation, information security committee can be a good way to vitalize the commitment of top management and its activities are essential for implementing information security governance. The purpose of this study is to test that information security committee affects implementing information security governance and security effect. For a empirical analysis, questionnaire survey was conducted and the PLS(Partial Least Square) was used to analyze the measurement and structural model. The study result shows that a hypothesis related value delivery is not accepted and it is required to study various methods about how the information security provides positive value to business.
Keywords
Information Security Governance; Information Security Committee;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Richard A. Caralli, Julia H. Allen, Pamela D. Curtis, David W. White, and Lisa R. Young, "CERT resilience management model version 1.0," Technical Report, CMU/SEI - 2010 - TR - 012, Carnegie Mellon University, May 2010.
2 Todd Fitzgerald, "Building management commitment through security councils," Information Systems Security, vol. 14, no. 2, pp. 27-36, Feb. 2015.
3 Tom Scholtz and F. Christian Byrnes, "Information security and governance: forums and committees," G00207477, Gartner, Oct. 2010.
4 ISO/IEC 27014, "Governance of information security," May 2013.
5 Shaun Posthumus and Rossouw von Solms, "A framework for the governance of information security," Computers and Security, vol. 23, no. 8, pp. 638-646, Dec. 2004.   DOI
6 Paul Williams, "Information security governance," Information Security Technical Report, vol. 6, no. 3, pp. 60-70, Sep. 2001.   DOI
7 Basie von Solms, "Information security governance: compliance management vs operational management," Computers & Security, vol. 24, no. 6, pp. 443-447, Sep. 2005.   DOI
8 Corporate Governance Task Force, "Information security governance: a call to action," USA, 2004.
9 Joan Hash, Nadya Bartol, Holly Rollins, Will Robinson, John Abeles, and Steve Batdorff, "Integrating IT security into the capital planning and investment control process," Special Publication 800-65, National Institute of Standards and Technology, USA, Jan. 2005.
10 Rossouw von Solms and Basie von Solms, "Information security governance: a model based on the direct-control cycle," Computers & Security, vol. 25, no. 6, pp. 408-412, Sep. 2006.   DOI
11 Rolf Moulton and Robert S. Coles, "Applying information security governance," Computers & Security vol. 22, no. 7, pp. 580-584, Oct. 2003.   DOI
12 Richard M. Steinberg, "Enterprise risk management: integrated framework," COSO, Sep. 2004.
13 W. Krag Brotby, "Information security governance guidance for boards of directors and executive management," IT Governance Institute, 2006.
14 Jacqueline H. Hall, Shahram Sarkani, and Thomas A. Mazzuchi, "Impacts of organizational capabilities in information security," Information Management & Computer Security, vol. 19, no. 3, pp. 155-176, 2011.   DOI
15 Chin W.W., "The Partial Least Squares Approach to Structural Equation Modeling," in G. A. Marcoulides(Ed.) Modern Methods for Business Research, Lawrence Erlbaum Associates, pp. 295-336, 1998.
16 Claes Fornell, and David F. Larcker, "Evaluating structural equation models with unobservable variables and measurement error," Journal of Marketing Research, vol. 18, no. 1, pp. 39-50, Feb. 1981.   DOI
17 Falk R.F. and Miller N.B., A Primer for Soft Modeling, The University of Akron Press, Akron, 1992.