IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v36y2016i2p215-225.html
   My bibliography  Save this article

Information security management needs more holistic approach: A literature review

Author

Listed:
  • Soomro, Zahoor Ahmed
  • Shah, Mahmood Hussain
  • Ahmed, Javed

Abstract

Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.

Suggested Citation

  • Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    • Handle: RePEc:eee:ininma:v:36:y:2016:i:2:p:215-225
    DOI: 10.1016/j.ijinfomgt.2015.11.009
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0268401215001103
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijinfomgt.2015.11.009?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Caulkins, Jonathan P. & Feichtinger, Gustav & Grass, Dieter & Hartl, Richard F. & Kort, Peter M. & Seidl, Andrea, 2013. "When to make proprietary software open source," Journal of Economic Dynamics and Control, Elsevier, vol. 37(6), pages 1182-1194.
    2. Yeniman Yildirim, Ebru & Akalp, Gizem & Aytac, Serpil & Bayram, Nuran, 2011. "Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey," International Journal of Information Management, Elsevier, vol. 31(4), pages 360-365.
    3. Hong, Ilyoo B. & Cha, Hoon S., 2013. "The mediating role of consumer trust in an online merchant in predicting purchase intention," International Journal of Information Management, Elsevier, vol. 33(6), pages 927-939.
    4. Pontus Johnson & Robert Lagerström & Per Närman & Mårten Simonsson, 2007. "Enterprise architecture analysis with extended influence diagrams," Information Systems Frontiers, Springer, vol. 9(2), pages 163-180, July.
    5. Hicks, B.J., 2007. "Lean information management: Understanding and eliminating waste," International Journal of Information Management, Elsevier, vol. 27(4), pages 233-249.
    6. Morteza Alaeddini & Sepideh Salekfard, 2013. "Investigating the role of an enterprise architecture project in the business-IT alignment in Iran," Information Systems Frontiers, Springer, vol. 15(1), pages 67-88, March.
    7. Chen, Ruey-Shun & Sun, Chia-Ming & Helms, Marilyn M. & (Kenny) Jih, Wen-Jang, 2008. "Aligning information technology and business strategy with a dynamic capabilities perspective: A longitudinal study of a Taiwanese Semiconductor Company," International Journal of Information Management, Elsevier, vol. 28(5), pages 366-378.
    8. Kevin Hamlen & Murat Kantarcioglu & Latifur Khan & Bhavani Thuraisingham, 2010. "Security Issues for Cloud Computing," International Journal of Information Security and Privacy (IJISP), IGI Global Scientific Publishing, vol. 4(2), pages 36-48, April.
    9. Carlos Devece, 2013. "The value of business managers' ‘Information Technology’ competence," The Service Industries Journal, Taylor & Francis Journals, vol. 33(7-8), pages 720-733, May.
    10. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2009. "The information security policy unpacked: A critical study of the content of university policies," International Journal of Information Management, Elsevier, vol. 29(6), pages 449-457.
    11. Heinz-Josef Tüselmann & Frank McDonald & Arne Heise & Matthew M. C. Allen & Svitlana Voronkova, 2007. "Employee Relations in Multinational Companies," Palgrave Macmillan Books, in: Employee Relations in Foreign-Owned Subsidiaries, chapter 3, pages 25-36, Palgrave Macmillan.
    12. Riedel, Nadine & Runkel, Marco, 2007. "Company tax reform with a water's edge," Journal of Public Economics, Elsevier, vol. 91(7-8), pages 1533-1554, August.
    13. Dutot, Vincent & Bergeron, François & Raymond, Louis, 2014. "Information management for the internationalization of SMEs: An exploratory study based on a strategic alignment perspective," International Journal of Information Management, Elsevier, vol. 34(5), pages 672-681.
    14. Martin, Andrew & Dmitriev, Dmitry & Akeroyd, John, 2010. "A resurgence of interest in Information Architecture," International Journal of Information Management, Elsevier, vol. 30(1), pages 6-12.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    2. Kamran Razzaq & Mahmood Shah & Mohammad Fattahi & Jing Tang, 2025. "Empowering machine learning for robust cyber-attack prevention in online retail: an integrative analysis," Palgrave Communications, Palgrave Macmillan, vol. 12(1), pages 1-15, December.
    3. Gao, Lujia & Chen, Zhaoying & Zhao, Wei & Lai, Xuanyu, 2025. "Does cybersecurity regulation reduce corporate data-breach risk?," Finance Research Letters, Elsevier, vol. 78(C).
    4. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    5. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    6. Henriques de Gusmão, Ana Paula & Mendonça Silva, Maisa & Poleto, Thiago & Camara e Silva, Lúcio & Cabral Seixas Costa, Ana Paula, 2018. "Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 43(C), pages 248-260.
    7. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    8. Jin, Xianglan & Cui, Huizhu & Liu, Fengwei & Hu, Ziqiang & Cai, Yonghao, 2025. "Does cybersecurity regulation promote digital transformation? Evidence from the Cyber Security Law in China," Finance Research Letters, Elsevier, vol. 76(C).
    9. Ou, Carol & Zhang, Xiaowei & Angelopoulos, Spyros & Davison, Robert & Janse, Noury, 2022. "Security breaches and organization response strategy : Exploring consumers’ threat and coping appraisals," Other publications TiSEM 9ac0c2eb-87e8-4c1d-a0b0-c, Tilburg University, School of Economics and Management.
    10. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    11. Liang, Hui & Sit, Jason & Chang, Jian & Zhang, Jian Jun, 2016. "Computer animation data management: Review of evolution phases and emerging issues," International Journal of Information Management, Elsevier, vol. 36(6), pages 1089-1100.
    12. Gong, Yiwei & Janssen, Marijn, 2019. "The value of and myths about enterprise architecture," International Journal of Information Management, Elsevier, vol. 46(C), pages 1-9.
    13. Calvard, Thomas Stephen & Jeske, Debora, 2018. "Developing human resource data risk management in the age of big data," International Journal of Information Management, Elsevier, vol. 43(C), pages 159-164.
    14. Noor Suhani Sulaiman & Muhammad Ashraf Fauzi & Walton Wider & Jegatheesan Rajadurai & Suhaidah Hussain & Siti Aminah Harun, 2022. "Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review," Social Sciences, MDPI, vol. 11(9), pages 1-17, August.
    15. Kaw, Javaid A. & Loan, Nazir A. & Parah, Shabir A. & Muhammad, K. & Sheikh, Javaid A. & Bhat, G.M., 2019. "A reversible and secure patient information hiding system for IoT driven e-health," International Journal of Information Management, Elsevier, vol. 45(C), pages 262-275.
    16. Li, Ling & He, Wu & Xu, Li & Ash, Ivan & Anwar, Mohd & Yuan, Xiaohong, 2019. "Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior," International Journal of Information Management, Elsevier, vol. 45(C), pages 13-24.
    17. Alberto-Tomas Delso-Vicente & Luis Diaz-Marcos & Oscar Aguado-Tevar & María García Blanes-Sebastián, 2025. "Factors influencing employee compliance with information security policies: a systematic literature review of behavioral and technological aspects in cybersecurity," Future Business Journal, Springer, vol. 11(1), pages 1-16, December.
    18. Liu, Xin & Liu, Chenlan & Duan, Mingzhe & Chen, Sicen, 2025. "Cash management amid HFCAA-Induced data breach risks: A comparative analysis of reactive vs. proactive responses in Chinese firms," International Review of Economics & Finance, Elsevier, vol. 99(C).
    19. Moon, Yun Ji & Choi, Myeonggil & Armstrong, Deborah J., 2018. "The impact of relational leadership and social alignment on information security system effectiveness in Korean governmental organizations," International Journal of Information Management, Elsevier, vol. 40(C), pages 54-66.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gong, Yiwei & Janssen, Marijn, 2019. "The value of and myths about enterprise architecture," International Journal of Information Management, Elsevier, vol. 46(C), pages 1-9.
    2. Ana Maria Magalhães Correia & Claudimar Pereira da Veiga & Carlos Otávio Senff & Luiz Carlos Duclós, 2021. "Analysis of the Maturity Level of Business Processes for Science and Technology Parks," SAGE Open, , vol. 11(3), pages 21582440211, September.
    3. Rosillo-Díaz, Elena & Muñoz-Rosas, Juan Francisco & Blanco-Encomienda, Francisco Javier, 2024. "Impact of heuristic–systematic cues on the purchase intention of the electronic commerce consumer through the perception of product quality," Journal of Retailing and Consumer Services, Elsevier, vol. 81(C).
    4. Štemberger, Mojca Indihar & Manfreda, Anton & Kovačič, Andrej, 2011. "Achieving top management support with business knowledge and role of IT/IS personnel," International Journal of Information Management, Elsevier, vol. 31(5), pages 428-436.
    5. Hines Jr., James R., 2010. "Income misattribution under formula apportionment," European Economic Review, Elsevier, vol. 54(1), pages 108-120, January.
    6. Caterina Liesegang & Marco Runkel, 2009. "Corporate Income Taxation of Multinationals and Fiscal Equalization," CESifo Working Paper Series 2747, CESifo.
    7. Bağış, Mehmet & Kryeziu, Liridon & Akbaba, Yılmaz & Ramadani, Veland & Karagüzel, Ensar Selman & Krasniqi, Besnik A., 2022. "The micro-foundations of a dynamic technological capability in the automotive industry," Technology in Society, Elsevier, vol. 70(C).
    8. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    9. Wolfgang Eggert & Jun-Ichi Itaya, 2014. "Tax Rate Harmonization, Renegotiation, and Asymmetric Tax Competition for Profits with Repeated Interaction," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 16(5), pages 796-823, October.
    10. Leonie Kuen & Fiona Schürmann & Daniel Westmattelmann & Sophie Hartwig & Shay Tzafrir & Gerhard Schewe, 2023. "Trust transfer effects and associated risks in telemedicine adoption," Electronic Markets, Springer;IIM University of St. Gallen, vol. 33(1), pages 1-22, December.
    11. Zhen-Song Chen & Sheng Wu & Kannan Govindan & Xian-Jia Wang & Kwai-Sang Chin & Luis Martíınez, 2022. "Optimal pricing decision in a multi-channel supply chain with a revenue-sharing contract," Annals of Operations Research, Springer, vol. 318(1), pages 67-102, November.
    12. Albert van der Horst & Leon Bettendorf & Hugo Rojas-Romagosa, 2007. "Will corporate tax consolidation improve efficiency in the EU?," CPB Document 141, CPB Netherlands Bureau for Economic Policy Analysis.
    13. Haufler, Andreas & Mardan, Mohammed, 2014. "Cross-border loss offset can fuel tax competition," Journal of Economic Behavior & Organization, Elsevier, vol. 106(C), pages 42-61.
    14. Dietrich, Maik, 2009. "Entscheidungswirkungen einer europaweit harmonisierten Konzernbesteuerung [Impacts of European Group Taxation]," MPRA Paper 59870, University Library of Munich, Germany.
    15. Gresik, Thomas A., 2016. "Allowing firms to choose between separate accounting and formula apportionment taxation," Journal of Public Economics, Elsevier, vol. 138(C), pages 32-42.
    16. Hu Wang & Di Li & Changbin Jiang & Yuxiang Zhang, 2023. "Exploring the Interactive Relationship between Retailers’ Free Shipping Decisions and Manufacturers’ Product Sales in Digital Retailing," Sustainability, MDPI, vol. 15(17), pages 1-19, August.
    17. Vineet Kaushik & Ashwani Kumar & Himanshu Gupta & Gaurav Dixit, 2022. "Modelling and prioritizing the factors for online apparel return using BWM approach," Electronic Commerce Research, Springer, vol. 22(3), pages 843-873, September.
    18. Chen, Xuyang & Hindriks, Jean, 2023. "Multinational Taxation under Pressure: The Role of Tax Deductibility," LIDAM Discussion Papers CORE 2023013, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).
    19. Eichner, Thomas & Runkel, Marco, 2009. "Corporate income taxation of multinationals and unemployment," Regional Science and Urban Economics, Elsevier, vol. 39(5), pages 610-620, September.
    20. Buettner, Thiess & Riedel, Nadine & Runkel, Marco, 2011. "Strategic Consolidation Under Formula Apportionment," National Tax Journal, National Tax Association;National Tax Journal, vol. 64(2), pages 225-254, June.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:36:y:2016:i:2:p:215-225. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.