Decision Making, It Governance, And Information Systems Security
Decision rights; IS security; IT governance; Organizational decision making
The complex issue of IS security involves organizational factors. Decision making, an important area of organizations, however, has only been studied to a limited extent in relation to IS security. In this paper we explore the relationship between organizational distribution of decision rights and IS security. We review the security literature and identify three aspects of an organization as what we term the pillars bolstering the success of IS security - people, processes/structures, and technology. We top our IS Security Architecture with the integrative truss of IS security strategy. Employing Weill and Ross' (2004) IT governance archetypes, we link this IS Security Architecture to IT governance, and propose that IT governance patterns can enhance security when the governance archetype in place matches the decision profile required by a security practice.
Association for Information Systems - 11th Americas Conference on Information Systems, AMCIS 2005: A Conference on a Human Scale
Number of Pages
Article; Proceedings Paper
Source API URL
Wu, Yu Andy and Saunders, Carol S., "Decision Making, It Governance, And Information Systems Security" (2005). Scopus Export 2000s. 3119.