Exploring Information Security Governance in Cloud Computing Organisation

The paper reveals factors impacting information security governance within the cloud computing technology implementation in organizations. Case study methodology was used and 15 semi-structured interviews were conducted with directors and information security professionals from 5 different types of organizations. The main component that were identified as playing a significant role in information security governance were: information security strategy, security policies and procedure, risk management and assessment program, compliance and standard, monitoring and auditing, business continuity and disaster recovery, asset management and access control and identity management. The results show that awareness through education and training of employees needs to be given very particular attention in cloud computing security. The paper does not include any end-user perspective in interviews and this end-user context is missing. Companies need to focus upon awareness through education and training of employees. Moreover, management and employee support is the critical component of the effective information security governance framework implementation. Also, organisations should develop their information security using a very precise and detailed planning process that ensures the right cloud computing acceptance by the users. The proposed information security governance framework offers organisations a holistic perspective for governing information security, and minimizes risk and cultivates an acceptable level of information security culture.