A role of information security committee based on competing values framework

Abstract

Establishing enterprise information security system in a corporate governance dimension is regarded as a critical issue for managing various risks like reinforcement of compliance requirement and significant impact of IT. However, there are lots of obstacles to implement enterprise-wide information security activity and top management commitment seems to be insufficient as a key player. In this situation, participating information security committee can be a good way to vitalize the commitment of top management and its activities are essential for implementing information security governance. However, rarely study a role of information security committee even information security governance has been studied extensively. The purpose of this research is to identify roles of information security committee as an exploratory study. For comprehensive and theoretical study, we derive 4 dimensions from Quinn’s Competing Values Framework (CVF) that provides analytic methodology and then we identify 8 roles of information security committee related to the dimensions through literature review. The result is discussed by Focus Group Interview (FGI) which organized 4 specialists in the field of information security to accept their opinion in terms of real business experience and finally, we propose 10 roles of information security committee adjusted the opinions. © 2016, ICIC International.