A model for explaining strategic IT- and information security to senior management
2009 (English)In: International Journal of Public Information Systems, ISSN 1653-4360, Vol. 5, no 1, 17-29 p.Article in journal (Refereed) Published
Awareness and understanding of strategic IT- and information security appears to be a low priority amongst senior managers although this falls within their responsibilities. In this paper a tested and confirmed model used to explain strategic IT- and information security is described. The model has been iteratively developed and applied in development, implementation or training in five different organizations. In these five cases, senior management awareness and understanding of strategic IT- and information security was verified as being very low. The model was originally developed to explain IT- and information security to corporate senior management. It has been adapted for use in the public sector by changing some of the terminology to match that used within the public sector. The model may also be used for training purposes, with regards to senior management or personnel in strategic IT- and information security. The importance of senior management ownership and care for strategic elements of the organization's security programme is also discussed and the conclusion drawn is that the operative levels should be coordinated by one or a few members of the senior management team.
Place, publisher, year, edition, pages
2009. Vol. 5, no 1, 17-29 p.
Statistics, computer and systems science - Informatics, computer and systems science
Statistik, data- och systemvetenskap - Informatik, data- och systemvetenskap
Research subject Computer and Systems Science
IdentifiersURN: urn:nbn:se:ltu:diva-11182Local ID: a170e180-f430-11dd-a323-000ea68e967bOAI: oai:DiVA.org:ltu-11182DiVA: diva2:984131
Validerad; 2009; 20090206 (jlm)2016-09-292016-09-29Bibliographically approved