Skip to main content
placeholder image

Information security governance challenges and critical success factors: Systematic review

Journal Article


Abstract


  • Information security is a critical aspect and plays a significant role in protecting an organization's business. Organizations are required to safeguard their information and assets to sustain their value and reputation. The systematic literature review presented in this paper aims to introduce information security governance as a comprehensive solution for alignment between information security policies and the organization's objectives. The review identified the need for developing a holistic framework for the information security governance that (1) connects the organization's objectives and its protection, (2) addresses each aspect of strategy, control, and regulation, (3) ensures compliance of procedures and guideline with policies, and (4) ensures continuous evaluation and compliance. The analysis of the literature revealed the main challenges to the adoption of an information security governance program. The review identified seven information security governance domains with 27 critical success that should be considered when developing an effective information security governance framework.

Publication Date


  • 2020

Citation


  • AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers and Security, 99. doi:10.1016/j.cose.2020.102030

Scopus Eid


  • 2-s2.0-85090589289

Volume


  • 99

Issue


Place Of Publication


Abstract


  • Information security is a critical aspect and plays a significant role in protecting an organization's business. Organizations are required to safeguard their information and assets to sustain their value and reputation. The systematic literature review presented in this paper aims to introduce information security governance as a comprehensive solution for alignment between information security policies and the organization's objectives. The review identified the need for developing a holistic framework for the information security governance that (1) connects the organization's objectives and its protection, (2) addresses each aspect of strategy, control, and regulation, (3) ensures compliance of procedures and guideline with policies, and (4) ensures continuous evaluation and compliance. The analysis of the literature revealed the main challenges to the adoption of an information security governance program. The review identified seven information security governance domains with 27 critical success that should be considered when developing an effective information security governance framework.

Publication Date


  • 2020

Citation


  • AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers and Security, 99. doi:10.1016/j.cose.2020.102030

Scopus Eid


  • 2-s2.0-85090589289

Volume


  • 99

Issue


Place Of Publication