Abstract
Purpose: The purpose of this paper is to define cybersecurity and cybersecurity governance in simplified terms – to explain to the boards of directors and executive management their responsibilities and accountabilities in this regard. Design/methodology/approach: The primary research methodology utilized in this paper is desk research. A literature study is followed by some discussion in terms of the contribution made. Findings: Clearly define the relationship between cybersecurity and information security, especially from a governance perspective. Research limitations/implications: The paper is based predominantly on an ISO standard. Originality/value: The simplification of terminology to be used in the governance of cybersecurity, together with assistance to the guiding of boards of directors regarding their duties and responsibilities as far as cybersecurity is concerned.
Original language | English |
---|---|
Pages (from-to) | 2-9 |
Number of pages | 8 |
Journal | Information and Computer Security |
Volume | 26 |
Issue number | 1 |
DOIs | |
Publication status | Published - 2018 |
Keywords
- Boards of directors
- Cyber security governance
- Cybersecurity
- Information security
- Information security governance
- ISO 27032
ASJC Scopus subject areas
- Management Information Systems
- Software
- Information Systems
- Computer Networks and Communications
- Information Systems and Management
- Management of Technology and Innovation