Institutional Repository

An Information Security Governance Framework

Show simple item record Da Veiga, Adele Eloff, Jan 2014-11-07T09:10:13Z 2014-11-07T09:10:13Z 2007
dc.identifier.citation To cite this Article: Da Veiga, A. and Eloff, J. H. P. (2007) 'An Information Security Governance Framework', Information Systems Management, 24:4, 361 - 372 To link to this article: DOI: 10.1080/10580530701586136 URL:
dc.identifier.issn 1058-0530
dc.description Please follow the doi link at the top of this record to view the online published version of this article
dc.description.abstract Information security culture develops in an organization due to certain actions taken by the organization. Management implements information security components, such as policies and technical security measures with which employees interact and that they include in their working procedures. Employees develop certain perceptions and exhibit behavior, such as the reporting of security incidents or sharing of passwords, which could either contribute or be a threat to the securing of information assets. To inculcate an acceptable level of information security culture, the organization must govern information security effectively by implementing all the required information security components. This article evaluates four approaches towards information security governance frameworks in order to arrive at a complete list of information security components. The information security components are used to compile a new comprehensive Information Security Governance framework. The proposed governance framework can be used by organizations to ensure they are governing information security from a holistic perspective, thereby minimising risk and cultivating an acceptable level of information security culture. en
dc.language.iso en en
dc.publisher Information Systems Management en
dc.subject information security governance framework en
dc.subject information security components en
dc.subject information security culture en
dc.subject information security behaviour en
dc.title An Information Security Governance Framework en
dc.type Article en
dc.description.department Computing en

Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


My Account