Information Security (IS) is increasingly becoming an integrated business practice instead of just IT. Security breaches are a challenge to organizations. They run the risk of losing revenue, trust, and reputation and in extreme cases, they might even go under. IS literature emphasizes the necessity to govern Information Security at the level of the Board of Directors (BoD). This paper describes explorative research into IS-relevant Governance and Executive management practices. Answering the main research question: “Which practices at the level of Governance are relevant for Business Information Security Maturity?". Published on IEEE.org Xplore.
FULL PAPER
