EFFECTIVE INFORMATION SECURITY REQUIRES A BALANCE OF SOCIAL AND TECHNOLOGY FACTORS Academic Article

abstract

• Industry experts have called for organizations to be more strategic in their approach to information security, yet it has not been clear what such an approach looks like in practice or how firms actually achieve this. To address this issue, we interviewed 21 information security executives from 11 organizations. Our results suggest that a strategically focused information security strategy encompasses not only IT products and solutions but also organizational integration and social alignment mechanisms. Together, these form a framework for a socio-technical approach to information security that achieves three objectives: balancing the need to secure information assets against the need to enable the business, maintaining compliance, and ensuring cultural fit. The article describes these objectives and the security alignment mechanisms needed to achieve them and concludes with guidelines that can be applied to ensure effective information security management in different organizational settings. 2010 University of Minnesota.

authors

• Whitten, G.

published proceedings

• MIS QUARTERLY EXECUTIVE

author list (cited authors)

• Kayworth, T., & Whitten, D.

complete list of authors

• Kayworth, Tim||Whitten, Dwayne

publication date

• December 2010

published in

• MIS Quarterly Executive: a research journal dedicated to improving practice  Journal

start page

• 163

end page

• 175

volume

• 9

issue

• 3