Administrative and managerial activities designed to implement an organizational information security program. These activities include setting the information security mission, vision, and policies, implementing technical and procedural controls, business continuity and disaster recovery planning, analyzing the economic effectiveness of implemented controls, and compliance with relevant regulations.
Published in Chapter:
An Integrative Framework for the Study of Information Security Management Research
John D’Arcy (University of Notre Dame, USA) and Anat Hovav (Korea University, Korea)
Copyright: © 2009
|Pages: 13
DOI: 10.4018/978-1-59904-855-0.ch006
Abstract
A number of academic studies that focus on various aspects of information security management (ISM) have emerged in recent years. This body of work ranges from the technical, economic, and behavioral aspects of ISM to the effect of industry standards, regulations, and best practices. The purpose of this chapter is to review the current state of ISM research, while providing an integrative framework for future studies. Using the proposed framework as a guide, we identify areas of depth within current ISM literature and areas where research is underdeveloped. Finally, we call for a more comprehensive approach to ISM research that considers multiple dimensions of our framework and their interrelationships.