Soomro, Zahoor Ahmed and Shah, Mahmood Hussain (2016) Information Security Management Needs More Holistic Approach: A Literature Review. International Journal of Information Management, 36 (2). pp. 215-225. ISSN 0268-4012
Full text not available from this repository.
Official URL: http://dx.doi.org/10.1016/j.ijinfomgt.2015.11.009
Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.
|Uncontrolled Keywords (separate with ;):||Information security; Management; Information security policy; Managerial practices; Business information architecture; Business IT alignment; Cloud computing; Systematic; Information architecture|
|Subjects:||Social studies > Economics|
|Schools:||Faculty of Business, Law & Applied Social Studies > School of Business|
|Deposited By:||Mahmood Hussain Shah|
|Deposited On:||05 Jan 2016 17:48|
|Last Modified:||27 Feb 2017 14:57|
Downloads per month over past year
Downloads for past 30 days
Repository Staff Only: item control page