Cyber Security, IT Governance, and Performance: A Review of the Current Literature

Cyber Security, IT Governance, and Performance: A Review of the Current Literature

Abdalmuttaleb M. A. Musleh Al-Sartawi (Ahlia University, Bahrain) and Anjum Razzaque (Ahlia University, Bahrain)
DOI: 10.4018/978-1-7998-2418-3.ch014


Cybersecurity is an emerging field with a growing body of literature and publications. It is fundamentally based in computer science and computer engineering but has recently gained popularity in business management. Despite the explosion of cybersecurity, there is a scarcity of literature on the definition of the term ‘Cybers Security' and how it is situated within different contexts. Henceforth, this chapter presents a review of the work related to cybersecurity, within different contexts, mainly IT governance and firm performance context. The work reviewed is separated into four main categories: the importance of cybersecurity and how it is measured, corporate governance and IT governance, IT governance mechanisms, and financial performance measures.
Chapter Preview


The Internet is regarded as the fastest growing technical infrastructure within two decades, where it started from an innovation to an indispensable entity with 2.5 billion users, that is one-third of the world’s population, connected to it at all times (World Economic Forum, 2019). In the business environment context, many disruptive technologies like cloud computing, social computing and next generation mobile computing are continuously changing how information technology is used by organizations to share and conduct information. Nowadays, around 70% of transactions are done online which increase the need for highly secured systems to ensure transparent and best transactions (PayTabs, 2018). The terminology used to describe the security aspect of digital devices and information included “Computer Security”, “IT Security”, and “Information Security”. However, recently, new terminology has started to become more popular: “Cyber Security”.

According to Schatz et al., (2017), researchers claim that cyber security represents a superset of security practices such as information security, IT security and other related practices Therefore, the scope of Cyber Security does not include the security of IT systems within the enterprise only but also cover the cyber space itself and its critical infrastructure. Cyber security has a great role in the development information technology and Internet services. Nation's security and economic wellbeing is so crucial; hence, cyber security enhancement and critical information infrastructure protection is so vital (ITU, 2018). There is a scarcity of literature on what the term ‘Cybers Security’ actually means and how it is situated within various contexts. The absence of a universally acceptable definition that captures the different dimensions of cybersecurity hinders technological and scientific advances by reinforcing the predominantly technical view of cybersecurity while separating disciplines that should be acting in concert to resolve complex cybersecurity challenges (Craigen et al., 2014; Al-Sartawi, 2019b).

For the purposes of this book chapter, we look at cyber security from an industrial perspective. ISACA (2014) takes states that cyber security emerges within the fields of information security and traditional security. Business should therefore distinguish between standard information security and cyber security. The difference is in the scope, motive, opportunity and method of the attack (Schatz et al., 2014). Chang (2012), explains the interdisciplinary nature of cybersecurity as a science of which offers several opportunities for advances based on a multidisciplinary approach, because it is based in adversarial engagement. Humans must defend machines that are attacked by other humans using machines. So, in addition to the traditional fields of computer science, perspectives from other fields are needed.

Nonetheless, it is agreed that most business activities are dependent on cyber systems like finance, commerce, communication, national defense, health care, energy, entertainment and communication. Research showed that the public awareness regarding the privacy of personal information has increased since 2006, particularly when social networking platforms started making headlines as a social and a technological phenomenon (Cavoukian, 2009). Due to privacy threats and breaches, Internet users are concerned about how much personal information they share.

Understanding the importance of cyber security may help to improve our thinking in four different ways. First, we may gain a clearer understanding of the value and limitations of the concepts we have mapped form other domains into the cyber system. Second, trying out less common and new metaphors may feed the imagination of researchers and policy developers. Third, metaphors that work well will be developed into a whole new model to approach the cyber security system. Fourth, metaphors serve to bring a clear understanding of cyber security field concepts so that non specialist will be more familiar (Karas, Moore, & Parrott, 2008). Cyber security depends on the decision people make and the care people take while setting up, maintaining and using computers and the internet. It ensures full physical protection of all personal information including hardware and software and all technology resources from all illegal accesses (Federal Commnuications Commission, 2013).

Complete Chapter List

Search this Book: