A Model of Information Security Governance for E-Business

A Model of Information Security Governance for E-Business

Dieter Fink (Edith Cowan University, Australia) and Tobias Huegle (Institute of Electronic Business–University of Arts, Germany)
DOI: 10.4018/978-1-60566-086-8.ch021

Abstract

This chapter identifies various levels of governance followed by a focus on the role of information technology (IT) governance with reference to information security for today’s electronic business (e-business) environment. It outlines levels of enterprise, corporate, and business governance in relation to IT governance before integrating the latter with e-business security management. E-business has made organisations even more reliant on the application of IT while exploiting its capabilities for generating business advantages. The emergence of and dependence on new technologies, like the Internet, have increased exposure of businesses to technology-originated threats and have created new requirements for security management and governance. Previous IT governance frameworks, such as those provided by the IT Governance Institute, Standards Australia, and The National Cyber Security Partnership, have not given the connection between IT governance and e-business security sufficient attention. The proposed model achieves the necessary integration through risk management in which the tensions between threat reduction and value generation activities have to be balanced.
Chapter Preview
Top

Need For Governance

The case of Enron® exemplifies the need for effective corporate governance. Enron®’s downfall was brought about, as described in broad terms by Zimmerman (2002) in USA TODAY®, by “overaggressive strategies, combined with personal greed.” He believes that there were two main causes for this failure: first, breakdowns caused by ignored or flawed ethics, and second, “Board of directors failed their governance.” He recommends that in order to keep this from happening again, corporate governance should no longer be treated as “soft stuff,” but rather as the “hard stuff” like product quality and customer service. He quotes Business Week® of August 19-26, 2002 when he concludes that “a company’s viability now depends less on making the numbers at any cost and more on the integrity and trustworthiness of its practices.” In other words, good corporate governance.

The term corporate governance is often used synonymously with the term enterprise governance since they are similar in scope as can be seen from the following definitions. They both apply to the role and responsibilities of management at the highest level in the organisation. An example of a framework for enterprise governance is one that is provided by the Chartered Institute of Management Accountants (CIMA)Chartered Institute of Management Accountants (CIMA) and the International Federation of Accountants (IFAC)International Federation of Accountants (IFAC) (2004):

Complete Chapter List

Search this Book:
Reset