As cyber threats evolve, board engagement is becoming increasingly essential to ensure Information Security (InfoSec) is integrated into an organization's strategic fabric, ensuring the protection of business value. Only through board-level active participation can the organization develop a security-conscious culture. Ultimately, board commitment to InfoSec helps reduce risks, maintain stakeholder trust, and ensure long-term success. However, little is yet known about the board's exact role in Infosec. Leveraging a framework from corporate governance literature identifying board roles, and drawing parallels with extant InfoSec literature, this paper explores board-level involvement in InfoSec in greater depth, leading to the identification and description of the board of directors' roles in this context. Moreover, the paper identifies a future research agenda to be pursued in an empirical setting to contribute to the growth of knowledge regarding board-level InfoSec governance.

Original languageEnglish
Pages (from-to)713-720
Number of pages8
JournalInternational Conference on Enterprise Information Systems, ICEIS - Proceedings
Publication statusPublished - 2024
Event26th International Conference on Enterprise Information Systems, ICEIS 2024 - Angers, France
Duration: 28 Apr 202430 Apr 2024


  • Accountability
  • Board of Directors
  • Governance
  • Information Security (InfoSec)


Dive into the research topics of 'Six Board Roles for Information Security Governance'. Together they form a unique fingerprint.

Cite this