Abstract
As cyber threats evolve, board engagement is becoming increasingly essential to ensure Information Security (InfoSec) is integrated into an organization's strategic fabric, ensuring the protection of business value. Only through board-level active participation can the organization develop a security-conscious culture. Ultimately, board commitment to InfoSec helps reduce risks, maintain stakeholder trust, and ensure long-term success. However, little is yet known about the board's exact role in Infosec. Leveraging a framework from corporate governance literature identifying board roles, and drawing parallels with extant InfoSec literature, this paper explores board-level involvement in InfoSec in greater depth, leading to the identification and description of the board of directors' roles in this context. Moreover, the paper identifies a future research agenda to be pursued in an empirical setting to contribute to the growth of knowledge regarding board-level InfoSec governance.
Original language | English |
---|---|
Pages (from-to) | 713-720 |
Number of pages | 8 |
Journal | International Conference on Enterprise Information Systems, ICEIS - Proceedings |
Volume | 2 |
DOIs | |
Publication status | Published - 2024 |
Event | 26th International Conference on Enterprise Information Systems, ICEIS 2024 - Angers, France Duration: 28 Apr 2024 → 30 Apr 2024 https://iceis.scitevents.org/?y=2024 |
Keywords
- Accountability
- Board of Directors
- Governance
- Information Security (InfoSec)