Information security governance implementation within Ghanaian industry sectors: An empirical study

Purpose – The purpose of this study is to assess the levels of information security governance (ISG) implementation among major Ghanaian industry sectors. The intent is to benchmark inter-industry sector ISG implementation and to identify areas that may require improvement. Design/methodology/approach – Random sampling strategy was used, and data were collected via Web survey. The data analysis utilized a one-way analysis of variance to determine the differences in means of the levels of implementation of ISG focus areas among five main industry sectors. Findings – The results showed that, as a whole, all the industry sectors have only partially implemented ISG. In particular, there existed statistical significant differences in ISG implementation among the industry sectors. Ranking ISG implementation, Financial Institutions were close to completion, Utility Companies, Others (Information Technology, Oil and Gas, Manufacturing) and Public Services had PI ISG and health care and educational institutions we...

[1]  P. Lachenbruch Statistical Power Analysis for the Behavioral Sciences (2nd ed.) , 1989 .

[2]  Sebastiaan H. von Solms,et al.  Information Security - The Fourth Wave , 2006, Comput. Secur..

[3]  Michael Schrage,et al.  How boards can be better: a manifesto , 2009 .

[4]  Shirley Gregor,et al.  The transformational dimension in the realization of business value from information technology , 2006, J. Strateg. Inf. Syst..

[5]  Ahmad Abu-Musa Information security governance in Saudi organizations: an empirical study , 2010, Inf. Manag. Comput. Secur..

[6]  R. Sitgreaves Psychometric theory (2nd ed.). , 1979 .

[7]  Gary Hardy,et al.  Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges , 2006, Inf. Secur. Tech. Rep..

[8]  Stephen W. Hartman,et al.  Information Security Governance Of Enterprise Information Systems: An Approach To Legislative Compliant , 2011, BIOINFORMATICS 2011.

[9]  J. Sitzia,et al.  Good practice in the conduct and reporting of survey research. , 2003, International journal for quality in health care : journal of the International Society for Quality in Health Care.

[10]  Emilio Paolucci,et al.  Assessing the strategic value of Information Technology: An analysis on the insurance sector , 2007, Inf. Manag..

[11]  Allen C. Johnston,et al.  Improved security through information security governance , 2009, CACM.

[12]  Deborah J. Armstrong,et al.  Factors impacting the perceived organizational support of IT employees , 2008, Inf. Manag..

[13]  Carla L. Wilkin,et al.  A Review of IT Governance: A Taxonomy to Inform Accounting Information Systems , 2010, J. Inf. Syst..

[14]  Thomas J. Maronick The Role of the Internet in Survey Research: Guidelines for Researchers and Experts , 2009 .

[15]  Paul L. Bowen,et al.  Enhancing IT governance practices: A model and case study of an organization's efforts , 2007, Int. J. Account. Inf. Syst..

[16]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..