Download full article.
International Journal of Public Information Systems Vol. 2009:1, pp. 17-29
A Model for Explaining Strategic IT- and Information Security to Senior Management Authors: John Lindström, Ann Hägerfors
Keywords: Strategic IT- and information security, senior management, security programme
Abstract Awareness and understanding of strategic IT- and information security appears to be a low priority amongst senior managers although this falls within their responsibilities. In this paper a tested and confirmed model used to explain strategic IT- and information security is described. The model has been iteratively developed and applied in development, implementation or training in five different organizations. In these five cases, senior management awareness and understanding of strategic IT- and information security was verified as being very low. The model was originally developed to explain IT- and information security to corporate senior management. It has been adapted for use in the public sector by changing some of the terminology to match that used within the public sector. The model may also be used for training purposes, with regards to senior management or personnel in strategic IT- and information security. The importance of senior management ownership and care for strategic elements of the organization's security programme is also discussed and the conclusion drawn is that the operative levels should be coordinated by one or a few members of the senior management team.