Title
Governing Information Security: Governance Domains And Decision Rights Allocation Patterns
Abstract
Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff's (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.
Publication Date
3-31-2013
Publication Title
Managing Information Resources and Technology: Emerging Applications and Theories
Number of Pages
29-45
Document Type
Article; Book Chapter
Personal Identifier
scopus
DOI Link
https://doi.org/10.4018/978-1-4666-3616-3.ch003
Copyright Status
Unknown
Socpus ID
84944316085 (Scopus)
Source API URL
https://api.elsevier.com/content/abstract/scopus_id/84944316085
STARS Citation
Wu, Yu Andy and Saunders, Carol, "Governing Information Security: Governance Domains And Decision Rights Allocation Patterns" (2013). Scopus Export 2010-2014. 6787.
https://stars.library.ucf.edu/scopus2010/6787