Information security management needs more holistic approach: A literature review

Zahoor Soomoro, Mahmood Shah, Javed Ahmed

Research output: Contribution to journalArticle

85 Citations (Scopus)
492 Downloads (Pure)

Abstract

Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.
Original languageEnglish
Pages (from-to)215-225
Number of pages10
JournalInternational Journal of Information Management
Volume36
Issue number2
Early online date26 Nov 2015
DOIs
Publication statusPublished - 1 Apr 2016
Externally publishedYes

Fingerprint

holistic approach
Security of data
management
Managers
literature
manager
Industry
human resources management
business management
security policy
Information technology
information technology
infrastructure

Keywords

  • Information security
  • managment
  • Information security policy
  • Managerial practices
  • Business Information architecture
  • Business IT aligment
  • Cloud Computing
  • Systematic Literature Review

Cite this

Information security management needs more holistic approach: A literature review. / Soomoro, Zahoor; Shah, Mahmood; Ahmed, Javed.

In: International Journal of Information Management, Vol. 36, No. 2, 01.04.2016, p. 215-225.

Research output: Contribution to journalArticle

@article{d7c4a3056dad4f5ca56791adfd872825,
title = "Information security management needs more holistic approach: A literature review",
abstract = "Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.",
keywords = "Information security, managment, Information security policy, Managerial practices, Business Information architecture, Business IT aligment, Cloud Computing, Systematic Literature Review",
author = "Zahoor Soomoro and Mahmood Shah and Javed Ahmed",
year = "2016",
month = "4",
day = "1",
doi = "10.1016/j.ijinfomgt.2015.11.009",
language = "English",
volume = "36",
pages = "215--225",
journal = "International Journal of Information Management",
issn = "0143-6236",
publisher = "Elsevier",
number = "2",

}

TY - JOUR

T1 - Information security management needs more holistic approach: A literature review

AU - Soomoro, Zahoor

AU - Shah, Mahmood

AU - Ahmed, Javed

PY - 2016/4/1

Y1 - 2016/4/1

N2 - Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.

AB - Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.

KW - Information security

KW - managment

KW - Information security policy

KW - Managerial practices

KW - Business Information architecture

KW - Business IT aligment

KW - Cloud Computing

KW - Systematic Literature Review

U2 - 10.1016/j.ijinfomgt.2015.11.009

DO - 10.1016/j.ijinfomgt.2015.11.009

M3 - Article

VL - 36

SP - 215

EP - 225

JO - International Journal of Information Management

JF - International Journal of Information Management

SN - 0143-6236

IS - 2

ER -