IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v36y2016i2p215-225.html
   My bibliography  Save this article

Information security management needs more holistic approach: A literature review

Author

Listed:
  • Soomro, Zahoor Ahmed
  • Shah, Mahmood Hussain
  • Ahmed, Javed

Abstract

Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area.

Suggested Citation

  • Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    • Handle: RePEc:eee:ininma:v:36:y:2016:i:2:p:215-225
    DOI: 10.1016/j.ijinfomgt.2015.11.009
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0268401215001103
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijinfomgt.2015.11.009?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2009. "The information security policy unpacked: A critical study of the content of university policies," International Journal of Information Management, Elsevier, vol. 29(6), pages 449-457.
    2. Kevin Hamlen & Murat Kantarcioglu & Latifur Khan & Bhavani Thuraisingham, 2010. "Security Issues for Cloud Computing," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 4(2), pages 36-48, April.
    3. Hong, Ilyoo B. & Cha, Hoon S., 2013. "The mediating role of consumer trust in an online merchant in predicting purchase intention," International Journal of Information Management, Elsevier, vol. 33(6), pages 927-939.
    4. Pontus Johnson & Robert Lagerström & Per Närman & Mårten Simonsson, 2007. "Enterprise architecture analysis with extended influence diagrams," Information Systems Frontiers, Springer, vol. 9(2), pages 163-180, July.
    5. Hicks, B.J., 2007. "Lean information management: Understanding and eliminating waste," International Journal of Information Management, Elsevier, vol. 27(4), pages 233-249.
    6. Carlos Devece, 2013. "The value of business managers' ‘Information Technology’ competence," The Service Industries Journal, Taylor & Francis Journals, vol. 33(7-8), pages 720-733, May.
    7. Heinz-Josef Tüselmann & Frank McDonald & Arne Heise & Matthew M. C. Allen & Svitlana Voronkova, 2007. "Employee Relations in Multinational Companies," Palgrave Macmillan Books, in: Employee Relations in Foreign-Owned Subsidiaries, chapter 3, pages 25-36, Palgrave Macmillan.
    8. Morteza Alaeddini & Sepideh Salekfard, 2013. "Investigating the role of an enterprise architecture project in the business-IT alignment in Iran," Information Systems Frontiers, Springer, vol. 15(1), pages 67-88, March.
    9. Chen, Ruey-Shun & Sun, Chia-Ming & Helms, Marilyn M. & (Kenny) Jih, Wen-Jang, 2008. "Aligning information technology and business strategy with a dynamic capabilities perspective: A longitudinal study of a Taiwanese Semiconductor Company," International Journal of Information Management, Elsevier, vol. 28(5), pages 366-378.
    10. Caulkins, Jonathan P. & Feichtinger, Gustav & Grass, Dieter & Hartl, Richard F. & Kort, Peter M. & Seidl, Andrea, 2013. "When to make proprietary software open source," Journal of Economic Dynamics and Control, Elsevier, vol. 37(6), pages 1182-1194.
    11. Riedel, Nadine & Runkel, Marco, 2007. "Company tax reform with a water's edge," Journal of Public Economics, Elsevier, vol. 91(7-8), pages 1533-1554, August.
    12. Dutot, Vincent & Bergeron, François & Raymond, Louis, 2014. "Information management for the internationalization of SMEs: An exploratory study based on a strategic alignment perspective," International Journal of Information Management, Elsevier, vol. 34(5), pages 672-681.
    13. Martin, Andrew & Dmitriev, Dmitry & Akeroyd, John, 2010. "A resurgence of interest in Information Architecture," International Journal of Information Management, Elsevier, vol. 30(1), pages 6-12.
    14. Yeniman Yildirim, Ebru & Akalp, Gizem & Aytac, Serpil & Bayram, Nuran, 2011. "Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey," International Journal of Information Management, Elsevier, vol. 31(4), pages 360-365.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    2. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    3. Liang, Hui & Sit, Jason & Chang, Jian & Zhang, Jian Jun, 2016. "Computer animation data management: Review of evolution phases and emerging issues," International Journal of Information Management, Elsevier, vol. 36(6), pages 1089-1100.
    4. Gong, Yiwei & Janssen, Marijn, 2019. "The value of and myths about enterprise architecture," International Journal of Information Management, Elsevier, vol. 46(C), pages 1-9.
    5. Calvard, Thomas Stephen & Jeske, Debora, 2018. "Developing human resource data risk management in the age of big data," International Journal of Information Management, Elsevier, vol. 43(C), pages 159-164.
    6. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    7. Henriques de Gusmão, Ana Paula & Mendonça Silva, Maisa & Poleto, Thiago & Camara e Silva, Lúcio & Cabral Seixas Costa, Ana Paula, 2018. "Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 43(C), pages 248-260.
    8. Noor Suhani Sulaiman & Muhammad Ashraf Fauzi & Walton Wider & Jegatheesan Rajadurai & Suhaidah Hussain & Siti Aminah Harun, 2022. "Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review," Social Sciences, MDPI, vol. 11(9), pages 1-17, August.
    9. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    10. Moon, Yun Ji & Choi, Myeonggil & Armstrong, Deborah J., 2018. "The impact of relational leadership and social alignment on information security system effectiveness in Korean governmental organizations," International Journal of Information Management, Elsevier, vol. 40(C), pages 54-66.
    11. Ou, Carol & Zhang, Xiaowei & Angelopoulos, Spyros & Davison, Robert & Janse, Noury, 2022. "Security breaches and organization response strategy : Exploring consumers’ threat and coping appraisals," Other publications TiSEM 9ac0c2eb-87e8-4c1d-a0b0-c, Tilburg University, School of Economics and Management.
    12. Kaw, Javaid A. & Loan, Nazir A. & Parah, Shabir A. & Muhammad, K. & Sheikh, Javaid A. & Bhat, G.M., 2019. "A reversible and secure patient information hiding system for IoT driven e-health," International Journal of Information Management, Elsevier, vol. 45(C), pages 262-275.
    13. Li, Ling & He, Wu & Xu, Li & Ash, Ivan & Anwar, Mohd & Yuan, Xiaohong, 2019. "Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior," International Journal of Information Management, Elsevier, vol. 45(C), pages 13-24.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gong, Yiwei & Janssen, Marijn, 2019. "The value of and myths about enterprise architecture," International Journal of Information Management, Elsevier, vol. 46(C), pages 1-9.
    2. Ana Maria Magalhães Correia & Claudimar Pereira da Veiga & Carlos Otávio Senff & Luiz Carlos Duclós, 2021. "Analysis of the Maturity Level of Business Processes for Science and Technology Parks," SAGE Open, , vol. 11(3), pages 21582440211, September.
    3. Wu Li & Pengya Ai & Annette Ding, 2023. "More Than Just Numbers: How Engagement Metrics Influence User Intention to Pay for Online Knowledge Products," SAGE Open, , vol. 13(1), pages 21582440221, January.
    4. Marcel Gerard, 2006. "Reforming the taxation of Multijurisdictional Enterprises in Europe, "Coopetition" in a Bottom-up Federation," Working Papers 2006-10, University of Kentucky, Institute for Federalism and Intergovernmental Relations.
    5. Nadine Riedel, 2011. "Taxing multi-nationals under union wage bargaining," International Tax and Public Finance, Springer;International Institute of Public Finance, vol. 18(4), pages 399-421, August.
    6. Luigi Balletta & Antonio Tesoriere, 2020. "Cumulative innovation, open source, and distance to frontier," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 22(6), pages 1875-1920, December.
    7. Martinsons, Maris G. & Davison, Robert M. & Huang, Qian, 2017. "Strategic knowledge management failures in small professional service firms in China," International Journal of Information Management, Elsevier, vol. 37(4), pages 327-338.
    8. Štemberger, Mojca Indihar & Manfreda, Anton & Kovačič, Andrej, 2011. "Achieving top management support with business knowledge and role of IT/IS personnel," International Journal of Information Management, Elsevier, vol. 31(5), pages 428-436.
    9. Shunying Zhao & Qiang Yang & Hohjin Im & Baojuan Ye & Yadi Zeng & Zhinan Chen & Lu Liu & Dawu Huang, 2022. "The impulsive online shopper: effects of COVID-19 burnout, uncertainty, self-control, and online shopping trust," Future Business Journal, Springer, vol. 8(1), pages 1-15, December.
    10. Bokolo Anthony Jnr & Sobah Abbas Petersen, 2023. "Validation of a Developed Enterprise Architecture Framework for Digitalisation of Smart Cities: a Mixed-Mode Approach," Journal of the Knowledge Economy, Springer;Portland International Center for Management of Engineering and Technology (PICMET), vol. 14(2), pages 1702-1733, June.
    11. Hines Jr., James R., 2010. "Income misattribution under formula apportionment," European Economic Review, Elsevier, vol. 54(1), pages 108-120, January.
    12. Caterina Liesegang & Marco Runkel, 2009. "Corporate Income Taxation of Multinationals and Fiscal Equalization," CESifo Working Paper Series 2747, CESifo.
    13. Bağış, Mehmet & Kryeziu, Liridon & Akbaba, Yılmaz & Ramadani, Veland & Karagüzel, Ensar Selman & Krasniqi, Besnik A., 2022. "The micro-foundations of a dynamic technological capability in the automotive industry," Technology in Society, Elsevier, vol. 70(C).
    14. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    15. Clemens Fuest, 2008. "The European Commission's proposal for a common consolidated corporate tax base," Oxford Review of Economic Policy, Oxford University Press and Oxford Review of Economic Policy Limited, vol. 24(4), pages 720-739, winter.
    16. Simon Loretz & Margit Schratzenstaller, 2019. "Der EU-Vorschlag zur Harmonisierung der Körperschaftsteuer. Auswirkungen für Österreich," WIFO Monatsberichte (monthly reports), WIFO, vol. 92(1), pages 61-71, January.
    17. Wolfgang Eggert & Jun-Ichi Itaya, 2014. "Tax Rate Harmonization, Renegotiation, and Asymmetric Tax Competition for Profits with Repeated Interaction," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 16(5), pages 796-823, October.
    18. Leonie Kuen & Fiona Schürmann & Daniel Westmattelmann & Sophie Hartwig & Shay Tzafrir & Gerhard Schewe, 2023. "Trust transfer effects and associated risks in telemedicine adoption," Electronic Markets, Springer;IIM University of St. Gallen, vol. 33(1), pages 1-22, December.
    19. Peter Géczy & Noriaki Izumi & Kôiti Hasida, 2013. "Hybrid Cloud Management: Foundations And Strategies," Review of Business and Finance Studies, The Institute for Business and Finance Research, vol. 4(1), pages 37-50.
    20. Garrison, Gary & Wakefield, Robin L. & Kim, Sanghyun, 2015. "The effects of IT capabilities and delivery model on cloud computing success and firm performance for cloud supported processes and operations," International Journal of Information Management, Elsevier, vol. 35(4), pages 377-393.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:36:y:2016:i:2:p:215-225. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.