information security, IT governance, agency relationships, decision rights
This dissertation is composed by three essays that explore the relationship between good IT governance and effective information security services. Governance steers and verifies performance of fiduciary duties, through the implementation of proper governance mechanisms. With a focus on information security, this essay presents three categories of governance mechanisms - process-based, structural, and relational. When properly instituted, they work together to ensure that IT understands business requirements for information security and strives to fulfill them. An explanation is offered about the efficacy of those mechanisms, based on an agency theory perspective that views IT as an agent for business. The two underlying causes for agency problems are goal incongruence and information asymmetry between the agent and the principal. Governance mechanisms help to reduce both goal incongruence and information asymmetry. Hence, they lead to desired outcomes. A theoretical framework is presented and empirical tested.
Doctor of Philosophy (Ph.D.)
College of Business Administration
Management Information Systems
Length of Campus-only Access
Doctoral Dissertation (Open Access)
Wu, Yu, "Effects Of It Governance On Information Security" (2007). Electronic Theses and Dissertations. 3417.