Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Tensions that Hinder the Implementation of Digital Security Governance

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2021)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 625))

Abstract

Today’s organizations are exposed to high risk because the established digital technologies are vulnerable to security attacks. The increased impact of security on business demands a strategic approach to information security, commonly referred to as digital security governance. While there is a growing understanding that digital security is one of the leading risks and challenges of today’s organizations, organizations still find it difficult to implement security governance as part of their regular organizing change activities. This study focuses on providing more empirical insight into “tensions that are present during the implementation of digital security governance”.

We conducted an inductive study and interviewed 42 CISOs and CIOs of large organizations in the Netherlands. The study reveals the tensions that hinder the implementation of digital security governance. We draw from management theories to provide a fresh understanding of and guidance for how to unravel the tensions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://cpl.thalesgroup.com/data-threat-report.

  2. 2.

    https://www.imd.org/globalassets/wcc/docs/release-2020/digital/digital_2020.pdf.

  3. 3.

    http://www3.wefrum.org/docs/GCR2018/05FullReport/TheGlobalCompetitivenessReport2018.pdf.

  4. 4.

    Experts also have experience in CISO positions but often where self-employed or ex CISO of large organizations. We named them experts to be transparent about the fact they do not currently work in large-organizations.

References

  1. AlGhamdi, S., Win, K.T., Vlahu-Gjorgievska, E.: Information security governance challenges and critical success factors: systematic review. Comput. Secur. 99, 102030 (2020)

    Article  Google Scholar 

  2. Assal, H., Chiasson, S.: Security in the software development lifecycle. In: Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018), pp. 281–296 (2018)

    Google Scholar 

  3. Gioia, D.A., Corley, K.G., Hamilton, A.L.: Seeking qualitative rigor in inductive research: notes on the Gioia methodology. Organ. Res. Meth. 16(1), 15–31 (2013). https://doi.org/10.1177/1094428112452151

    Article  Google Scholar 

  4. Kam, H.J., Menard, P., Ormond, D., Crossler, R.E.: Cultivating cybersecurity learning: an integration of self-determination and flow. Comput. Secur. 101875 (2020)

    Google Scholar 

  5. Karlsson, F., Karlsson, M., Åström, J.: Measuring employees’ compliance – the importance of value pluralism. Inf. Comput. Secur. 25(3), 279–299 (2017). https://doi-org.vu-nl.idm.oclc.org/10.1108/ICS-11-2016-0084

  6. Lidster, W., Rahman, S.S.: Obstacles to implementation of information security governance. In: 2018 17th IEEE International Conference On Trust, Security And Privacy in Computing and Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 1826–1831. IEEE, August 2018

    Google Scholar 

  7. Manjezi, Z., Botha, R.A.: From concept to practice: untangling the direct-control cycle. In: Proceedings of the 9th International Conference on Information Communication and Management, pp. 101–105, August 2019. https://doi-org.vu-nl.idm.oclc.org/10.1145/3357419.3357427

  8. Maynard, S.B., Tan, T., Ahmad, A., Ruighaver, T.: Towards a framework for strategic security context in information security governance. Pacific Asia J. Assoc. Inf. Syst. 10(4) (2018)

    Google Scholar 

  9. Nicho, M.: A process model for implementing information systems security governance. Inf. Comput. Secur. 26(1), 10–38 (2018). https://doi.org/10.1108/ICS-07-2016-0061

    Article  Google Scholar 

  10. O’Reilly, C.A., III., Tushman, M.L.: Organizational ambidexterity: past, present, and future. Acad. Manage. Perspect. 27(4), 324–338 (2013)

    Article  Google Scholar 

  11. Risi, D., Wickert, C.: Reconsidering the ‘symmetry’ between institutionalization and professionalization: the case of corporate social responsibility managers. J. Manage. Stud. 54(5), 613–646 (2017)

    Article  Google Scholar 

  12. Salovaara, A., Lyytinen, K., Penttinen, E.: High reliability in digital organizing: mindlessness, the frame problem, and digital operations. MIS Q. (2019). https://doi.org/10.25300/MISQ/2019/14577

    Article  Google Scholar 

  13. Schinagl, S., Shahim, A.: What do we know about information security governance? “From the basement to the boardroom”: towards digital security governance. Inf. Comput. Secur. 28(2), 261–292 (2020). https://doi.org/10.1108/ICS-02-2019-0033

    Article  Google Scholar 

  14. Slayton, R.: Governing uncertainty or uncertain governance? Information security and the challenge of cutting ties. Sci. Technol. Hum. Value 46(1), 81–111 (2021). https://doi.org/10.1177/0162243919901159

    Article  Google Scholar 

  15. Smith, P., Beretta, M.: The gordian knot of practicing digital transformation: coping with emergent paradoxes in ambidextrous organizing structures. J. Product Innov. Manage. (2020)

    Google Scholar 

  16. Spremić, M., Šimunic, A.: Cyber security challenges in digital economy. In: Proceedings of the World Congress on Engineering, vol. 1, pp. 341–346 (2018)

    Google Scholar 

  17. Suddaby, R., Viale, T.: Professionals and field-level change: institutional work and the professional project. Curr. Sociol. 59(4), 423–442 (2011). https://doi.org/10.1177/0011392111402586

    Article  Google Scholar 

  18. Vial, G.: Understanding digital transformation: ä review and a research agenda. J. Strat. Inf. Syst. 28(2), 118–144 (2019). https://doi.org/10.1016/j.jsis.2019.01.003

  19. Von Solms, V., Von Solms, B.: Information security governance: a model based on the Direct-Control Cycle’. Comput. Secur. 25(6), 408–412 (2006). https://doi.org/10.1016/j.cose.2006.07.005

    Article  Google Scholar 

  20. Weick, K.E., Sutcliffe, K.M., Obstfeld, D.: Organizing for high reliability: processes of collective mindfulness. In: Sutton, R.S., Staw, B.M. (eds.) Research in Organizational Behavior, vol. 1, pp. 81–123. JAI Press, Stanford (1999)

    Google Scholar 

  21. Wong, C.K., Maynard, S.B., Ahmad, A., Naseer, H.: Information security governance: a process model and pilot case study. In: Forty-First International Conference on Information Systems, India (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Stef Schinagl, Svetlana Khapova & Abbas Shahim

Authors
  1. Stef Schinagl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Svetlana Khapova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abbas Shahim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stef Schinagl .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Audun Jøsang

  2. Nelson Mandela University, Gqeberha, South Africa

    Lynn Futcher

  3. University of Oslo, Oslo, Norway

    Janne Hagen

Rights and permissions

Reprints and permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schinagl, S., Khapova, S., Shahim, A. (2021). Tensions that Hinder the Implementation of Digital Security Governance. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78120-0_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78119-4

  • Online ISBN: 978-3-030-78120-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation