Download This Article

Karin Höne, Jan H.P. Eloff ORCID logo


World wide the importance of Information Security Governance is demanding the attention of senior management. This is due to the ever-changing threat landscape requiring that organisations adopt a focussed approach towards the protection of information assets. Any successful approach towards Information Security Governance is dependant on the availability of relevant and timely research outputs. The research community working on Information Security Governance are diverse and appears to be mis-aligned with the needs of the business community. The problem that this paper addresses is twofold. Firstly, it addresses the confusion regarding the meaning of Information Security Governance. Secondly, it assesses the gap between research and business communities from an Information Security Governance perspective. This article analyses the requirements from the business community and mapped it against current research outputs. Findings clearly indicate that the two worlds are not entirely aligned and that in some cases minimum effort is being spent on the topics deemed important by the business community. Information Security Governance in general can benefit from an improved alignment between the needs of business and the outputs of the research community.

Keywords: Security Governance, Information

How to cite this paper: Höne, K. & Eloff, J. H. P. (2009). Information security governance: business requirements and research directions. Corporate Ownership & Control, 7(1-2), 309-317.