Welcome to the InfoSci Platform
Reference Hub5
Governing Information Security: Governance Domains and Decision Rights Allocation Patterns

Governing Information Security: Governance Domains and Decision Rights Allocation Patterns

Yu ’Andy’ Wu, Carol Stoak Saunders
Copyright: © 2011 |Volume: 24 |Issue: 1 |Pages: 18
ISSN: 1040-1628|EISSN: 1533-7979|EISBN13: 9781613505236|DOI: 10.4018/irmj.2011010103
Cite Article Cite Article

MLA

Wu, Yu ’Andy’, and Carol Stoak Saunders. "Governing Information Security: Governance Domains and Decision Rights Allocation Patterns." IRMJ vol.24, no.1 2011: pp.28-45. http://doi.org/10.4018/irmj.2011010103

APA

Wu, Y. & Saunders, C. S. (2011). Governing Information Security: Governance Domains and Decision Rights Allocation Patterns. Information Resources Management Journal (IRMJ), 24(1), 28-45. http://doi.org/10.4018/irmj.2011010103

Chicago

Wu, Yu ’Andy’, and Carol Stoak Saunders. "Governing Information Security: Governance Domains and Decision Rights Allocation Patterns," Information Resources Management Journal (IRMJ) 24, no.1: 28-45. http://doi.org/10.4018/irmj.2011010103

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Governance of the information security function is critical to effective security. In this paper, the authors present a conceptual model for security governance from the perspective of decision rights allocation. Based on Da Veiga and Eloff’s (2007) framework for security governance and two high-level information security documents published by the National Institute of Standards and Technology (NIST), the authors present seven domains of information security governance. For each of the governance domains, they propose a main decision type, using the taxonomy of information technology decisions defined by Weill and Ross (2004). This framework recommends the selection of decision rights allocation patterns that are proper to those decision types to ensure good security decisions. As a result, a balance can be achieved between decisional authority and responsibility for information security.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.