A model of component interaction between Formal, Technical and Informal components within IS/IT security governance

In most countries, corporate statutes and rules (mandatory or voluntary) about powers and responsibilities in corporations (corporate governance) place responsibility on the Board of Directors acting as a Board. However, these documents do not provide much guidance about recognizing potential problems or about preventative measures. Even so, it is apparent that knowingly tolerating dishonesty or incompetence within the corporation is likely to be regarded as negligence. Most organizations today pay little attention to the inter-relationship between the Formal component, Technical component and Informal component. The Board and senior management of organizations tend to focus more on narrow aspects such as IS/IT management rather than on a comprehensive view. Deficiencies in any of these three components may result in unbalanced IS/IT security implementation. The objective of this study is to integrate the three components simultaneously throughout the IS/IT security implementation. The model of IS/IT security governance is a comprehensive conceptual framework because it emphasizes the two-way relationship between each of the components. In this study, a triangulated approach is adopted, data were collected in three phases, phase 1 is a website analysis, phase 2 is an interview and phase 3 is a mail survey. The interactions of three components, formal, technical and informal are significant in the IS/IT security governance model.

[1]  Gurpreet Dhillon,et al.  Identifying Governance Dimensions to Evaluate Information Systems Security in Organizations , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[2]  Lin-Yao Liao,et al.  Dynamic Backlight Gamma on High Dynamic Range LCD TVs , 2008, Journal of Display Technology.

[3]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[4]  Tim Boyles CCNA security study guide , 2010 .

[5]  Stuart E. Madnick,et al.  Application and analysis of the virtual machine approach to information system security and isolation , 1973, Workshop on Virtual Computer Systems.

[6]  Clive Davidson,et al.  Cyberpunk: Outlaws and hackers on the computer frontier , 1992 .

[7]  Zhang Kai-liang Progress of high dynamic range liquid crystal display based on LED backlight with area control technology , 2009 .

[8]  Philip E. Fites,et al.  The computer virus crisis , 1989 .

[9]  Terry L. Wiant,et al.  Information security policy's impact on reporting security incidents , 2005, Comput. Secur..

[10]  B. Voss,et al.  The Ultimate Defense of Depth: Security Awareness in Your Company , 2001 .

[11]  Charles Cresson Wood Don’t Let Role of Information Security Policies in the Arthur Andersen/Enron Case Go Without Mention to your Chief Executive Officer , 2002 .

[12]  Anil Bazaz,et al.  Towards a Taxonomy of Vulnerabilities , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[13]  Rob Dixon,et al.  A report on the joint CIMA and IIA computer fraud survey , 1992, Comput. Secur..

[14]  Ray J. Paul,et al.  The interrelationship and effect of culture and risk communication in setting internet banking security goals , 2004, ICEC '04.

[15]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[16]  G. Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[17]  G. Ward,et al.  54.2: A High Dynamic Range Display Using Low and High Resolution Modulators , 2003 .

[18]  C. T. Sennett Formal methods for computer security , 1998 .

[19]  Helge Seetzen,et al.  Metrics for Local-Dimming Artifacts in High-Dynamic-Range LCDs , 2009 .

[20]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[21]  Jose J. Gonzalez,et al.  Understanding Hidden Information Security Threats: The Vulnerability Black Market , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[22]  Nadianatra Musa,et al.  Role of the boards and senior management within formal, technical and informal components: IS/IT security governance in the Malaysian publicly listed companies , 2012 .

[23]  Greg Ward,et al.  A wide field, high dynamic range, stereographic viewer , 2002, GRAPHITE '03.

[24]  James Backhouse,et al.  Structures of responsibility and security of information systems , 1996 .

[25]  Gurpreet Dhillon,et al.  Information Systems Security Governance Research : A Behavioral Perspective , 2006 .

[26]  Rossouw von Solms,et al.  From policies to culture , 2004, Comput. Secur..

[27]  Harri Oinas-Kukkonen,et al.  A review of information security issues and respective research contributions , 2007, DATB.

[28]  Lin-Yao Liao,et al.  Blur-Mask Approach for Real-Time Calculation of Light Spreading Function (LSF) on Spatial Modulated High Dynamic Range LCDs , 2010, Journal of Display Technology.

[29]  D. Morgan,et al.  Sociological Paradigms and Organizational Analysis. , 1983 .

[30]  Javier Santos,et al.  Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness , 2006, ISC.

[31]  Charles Cresson Wood Principles of secure information systems design , 1990, Comput. Secur..

[32]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[33]  Shamkant B. Navathe,et al.  Managing vulnerabilities of information systems to security incidents , 2003, ICEC '03.

[34]  Giovanni Ramponi,et al.  Image splitting techniques for a dual layer high dynamic range LCD display , 2008, SPIE Medical Imaging.