The current mind-set of federal information security decision-makers on the value of governance: An informative study.

摘要

Understanding the mind-set or perceptions of organizational leaders and decision-makers is important to ascertaining the trends and priorities in policy and governance of the organization. This study finds that a significant shift in the mind-set of government IT and information security leaders has started and will likely result in placing a greater relevance on the holistic management of information security through governance. Previous research and peer reviewed articles have identified that information security is predominantly considered a technological solution that is procured, managed and operationalized within IT departments and is viewed as little more than a budget line-item. However, results of this research show that leaders are beginning to realize the benefit of managing information security as an enterprise solution with strategic standing or equivalency in support of the business/mission need. As a generic qualitative inquiry, this study derived essential data through semi-structured interviews with 20 executives, senior managers and experts in the field of IT and information security serving within agencies and departments of the U.S. government. These accomplished leaders in information technology (IT) management, security and organizational governance contributed significant insight and knowledge that is unparalleled in the study of information security management and governance. Leveraging the theoretical thematic analysis methodology, five exploratory themes or concepts emerged. Three themes were generated from an in-depth literature review of seminal research and peer reviewed articles; while two additional themes developed as a result of the initial findings of collected data. During the conduct of the interview, each theme was represented by two concomitant interrogatives which fostered uninhibited responses by the research participants and stimulated a dialogue relevant to the principal concept or notion of the theme. Heuristic analysis was further validated through analytical functions of the NVivoTM 10 Qualitative Analysis Tool. The results indicate an evolving mindset, emphasizing a more holistic governance approach that aligns information security strategy with the business management of the organization.