|dc.description.abstract||Title: The holistic management of information security processes
Keywords: cybersecurity, information security, strategy, security process, security governance, security management
This research examines information security management and associated processes within a large Australian financial institution by providing a rich, in-depth view of organisational information security management within the specifics of its dynamic context. Using a single in-depth qualitative case study, this research examines the role of internal and external actors in relation to the information security management processes. Relational process and stakeholder theoretical lenses are applied to derive the findings of this research. The three key outcomes of the research are:
The information security management process is a product of a multitude of interactions between internal and external actors within organisations. These actors pursue individual agendas and objectives, therefore requiring those who ensure organisational information security to utilise a combination of cognitive, political and social processes to ensure cooperation. The use of such processes can contribute to the effectiveness of formal security governance, assist in embedding a security culture and help position information security as a business enabler.
External and internal actors vary in their impact upon the information security process within organisations. This variation is a result of difference in power, legitimacy and urgency of these stakeholder claims. Internal and external stakeholders are continuously interacting with each other through a network of dynamic and multi-directional relationships.
Identifying, prioritising and engaging with the variety of stakeholders impacting on the information management process can contribute to the achievement of organisational information security management objectives. A classification framework is provided that can guide the prioritisation process and seek appropriate modes of engagement with the||en_AU|
|dc.publisher||University of Sydney||en_AU|
|dc.publisher||Discipline of Business Information Systems||en_AU|
|dc.rights||The author retains copyright of this thesis. It may only be used for the purposes of research and study. It must not be used for any other purposes and may not be transmitted or shared with others without prior permission.||en_AU|
|dc.title||The holistic management of information security processes||en_AU|
|dc.type.pubtype||Doctor of Philosophy Ph.D.||en_AU|
|dc.description.disclaimer||Access is restricted to staff and students of the University of Sydney . UniKey credentials are required. Non university access may be obtained by visiting the University of Sydney Library.||en_AU|
|Appears in Collections:||Sydney Digital Theses (University of Sydney Access only)|