TY - JOUR
T1 - Information security governance metrics
T2 - a survey and taxonomy
AU - Anu, Vaibhav
N1 - Publisher Copyright:
© 2021 Taylor & Francis Group, LLC.
PY - 2022
Y1 - 2022
N2 - Information Security Governance (ISG) is now considered a vital component of any organization’s Information Technology (IT) Governance. ISG consists of the processes, organizational structures, and most importantly, the corporate leadership involved in the safeguarding of organization’s information assets. Hence, the purpose of ISG is to bring information security to the attention of the executives such as CEOs and Boards, so that the executives can address the issues of information security and take security-related decisions that lead to outcomes that better align with organizational goals such as value delivery, better performance measurement, business process assurance, and risk management. In order for the corporate leadership to make data-driven decisions, data related to various security metrics are collected and presented in the form of dashboards. The goal of this article is to identify those security metrics that are particularly important from an ISG standpoint. A survey was performed on security literature to identify and categorize ISG metrics. An ISG metrics taxonomy was developed as a result of this study. Security teams can benefit from the ISG metrics taxonomy as, when creating security dashboards, the taxonomy can focus their attention on those specific security metrics that are of most value to the corporate leadership.
AB - Information Security Governance (ISG) is now considered a vital component of any organization’s Information Technology (IT) Governance. ISG consists of the processes, organizational structures, and most importantly, the corporate leadership involved in the safeguarding of organization’s information assets. Hence, the purpose of ISG is to bring information security to the attention of the executives such as CEOs and Boards, so that the executives can address the issues of information security and take security-related decisions that lead to outcomes that better align with organizational goals such as value delivery, better performance measurement, business process assurance, and risk management. In order for the corporate leadership to make data-driven decisions, data related to various security metrics are collected and presented in the form of dashboards. The goal of this article is to identify those security metrics that are particularly important from an ISG standpoint. A survey was performed on security literature to identify and categorize ISG metrics. An ISG metrics taxonomy was developed as a result of this study. Security teams can benefit from the ISG metrics taxonomy as, when creating security dashboards, the taxonomy can focus their attention on those specific security metrics that are of most value to the corporate leadership.
KW - Information security governance
KW - cybersecurity
KW - literature review
KW - metrics
KW - taxonomy
UR - http://www.scopus.com/inward/record.url?scp=85106320747&partnerID=8YFLogxK
U2 - 10.1080/19393555.2021.1922786
DO - 10.1080/19393555.2021.1922786
M3 - Article
AN - SCOPUS:85106320747
SN - 1939-3555
VL - 31
SP - 466
EP - 478
JO - Information Security Journal
JF - Information Security Journal
IS - 4
ER -