Organizational Context of Security Management: Implications for Information Systems

Authors

  • Anatolii Benzar The Zakhidnodonbaskyi Institute of the Private Joint-Stock Company “Higher Education Institution “Interregional Academy of Personnel Management”, Department of Economics and Management. Pavlohrad, Ukraine Author https://orcid.org/0000-0002-0943-0109
  • Yuliia Kovalenko State Non-Commercial Company “State University “Kyiv Aviation Institute”, Faculty of Computer Sciences and Technologies, Department of Cyber Security. Kyiv, Ukraine Author https://orcid.org/0000-0002-6714-4258
  • Artem Taranenko The Institute of Security, Private Joint-Stock Company “Higher Educational Institution “Interregional Academy of Personnel Management”. Kyiv, Ukraine Author https://orcid.org/0009-0000-5429-1454
  • Olha Balynska viv State University of Internal Affairs, Research Laboratory for the Study of Problems of Combatting Human Trafficking. Lviv, Ukraine Author https://orcid.org/0000-0002-0168-143X
  • Igor Balynskyi King Danylo University, Department of Journalism, Advertising and Public Relations. Ivano-Frankivsk, Ukraine Author https://orcid.org/0000-0002-1703-5352

DOI:

https://doi.org/10.62486/agma2025250

Keywords:

Information, Information Law, Communication, Human Rights, Information Security, Restriction of the Right to Disseminate Information

Abstract

Introduction: In the context of an unprecedented intensification and structural complication of cyber threats, which increasingly manifest as full-scale attacks on organizational entities across diverse economic clusters, the exigency of formulating and implementing conceptually sound and technologically advanced paradigms of information security management has become irrefutable. 
Objective: The principal objective of this scholarly inquiry is the identification and systematic structuring of prevailing trends, as well as the analytical explication of the discursive features characterizing the implementation of innovative approaches to information security within the corporate domain.
Methods: The methodological framework is grounded in a descriptive-analytical model, incorporating elements of methodological pluralism—particularly the confluence of deductive theoretical analysis of security governance paradigms and empirical reflection on secondary data pertinent to the state and specificities of such implementation.
Results: The findings substantiate the premise that the persistent escalation in the complexity of cyber threats precipitates substantial reputational, economic, and operational risks, thereby compelling organizations to recalibrate their strategic posture towards integrative models of information security governance. The most adaptive to the volatile threat landscape are risk-based and holistic approaches. Moreover, regulatory transformations within the European legal framework concerning personal data protection function as a significant catalyst in the strategic reconfiguration of information security imperatives.
Conclusions: The practical significance of this study lies in the critical generalization and systematization of the tendencies that shape the emerging epistemology of information security management in contemporary organizational structures.

References

Stewart H, Jürjens J. Information security management and the human aspect in organisations. Information Computer Security 2017;25(5):494–534. https://doi.org/10.1108/ICS-07-2016-0054 DOI: https://doi.org/10.1108/ICS-07-2016-0054

Soomro ZA, Shah MH, Ahmed J. Information security management needs more holistic approach: A literature review. International journal of information management 2016;36(2):215–225. https://doi.org/10.1016/j.ijinfomgt.2015.11.009 DOI: https://doi.org/10.1016/j.ijinfomgt.2015.11.009

Jerman-Blažič B, Bojanc R. An economic modelling approach to information security risk management. International Journal of Information Management 2008;28(5):413–422. https://doi.org/10.1016/j.ijinfomgt.2008.02.002 DOI: https://doi.org/10.1016/j.ijinfomgt.2008.02.002

Weishäupl E, Yasasin E, Schryen G. Information security investments: An exploratory multiple case study on decision-making, evaluation and learning. Computers Security 2018;77:807–823. https://doi.org/10.1016/j.cose.2018.02.001 DOI: https://doi.org/10.1016/j.cose.2018.02.001

International Monetary Fund. Rising Cyber Threats Pose Serious Concerns for Financial Stability. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.imf.org/en/Blogs/Articles/2024/04/09/rising-cyber-threats-pose-serious-concerns-for-financial-stability

Alliantist. The State of Information Security Report 2024. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.isms.online/state-of-infosec-24/

International Information Systems Security Certification Consortium, ISC2. ISC2 Survey: More Cybersecurity Leadership Training Needed. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.isc2.org/insights/2024/12/isc2-survey-cybersecurity-leadership?queryID=77c010de9f13e0df2cb0b77c783e43f9

KPMG. KPMG Survey: C-Suite Cyber Leaders Optimistic about Defences, but Large Percentage Suffered Recent Cyber Attack. [Internet]. 2024 [cited 28 May 2025]; Available in: https://kpmg.com/us/en/media/news/2024-cybersecurity-survey.html

Stoll M. An information security model for implementing the new ISO 27001. In: Handbook of Research on Emerging Developments in Data Privacy. (pp. 216–238). IGI Global, 2015. https://doi.org/10.4018/978-1-4666-7381-6.ch011 DOI: https://doi.org/10.4018/978-1-4666-7381-6.ch011

Tvaronavičienė M, Plėta T, Della Casa S, Latvys J. Cyber security management of critical energy infrastructure in national cybersecurity strategies: Cases of USA, UK, France, Estonia and Lithuania. Insights into regional development 2020;2(4):802–813. https://doi.org/10.9770/ird.2020.2.4(6) DOI: https://doi.org/10.9770/IRD.2020.2.4(6)

Eloff MM, von Solms SH. Information security management: A hierarchical framework for different approaches. Computers Security 2000;19(3):243–256. https://doi.org/10.1016/S0167-4048(00)88613-7 DOI: https://doi.org/10.1016/S0167-4048(00)88613-7

Lee I. Cybersecurity: Risk management framework and investment cost analysis. Business Horizons 2021;64(5):659–671. https://doi.org/10.1016/j.bushor.2021.02.022 DOI: https://doi.org/10.1016/j.bushor.2021.02.022

Tarasenko O, Lysenko S, Tarlopov I, Pidkaminnyi I, Verhun M. Analysis of the competitiveness of higher education institutions in Ukraine in the context of recovery and development after the war. Multidisciplinary Science Journal 2024;6:e2024ss0210. https://doi.org/10.31893/multiscience.2024ss0210 DOI: https://doi.org/10.31893/multiscience.2024ss0210

Lysenko S, Skurativkyi R. Extended Special Linear group ESL2(F) and matrix equations in SL2(F):SL2(Z) and GL2(Fp). Wseas Transactions on Mathematics 2024;23:643–659. https://doi.org/10.37394/23206.2024.23.68 DOI: https://doi.org/10.37394/23206.2024.23.68

Eloff JH, Eloff M. Information security management: a new paradigm. In: Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology. (pp. 130–136). SAICSIT. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.sis.pitt.edu/jjoshi/courses/is2621/SecManParadigm2.pdf

Kaushik M. Cybersecurity Management: Developing Robust Strategies for Protecting Corporate Information Systems. International Journal for Global Academic Scientific Research 2024;3(2):24–35. https://doi.org/10.55938/ijgasr.v3i2.75 DOI: https://doi.org/10.55938/ijgasr.v3i2.75

Antunes M, Maximiano M, Gomes R, Pinto D. Information security and cybersecurity management: A case study with SMEs in Portugal. Journal of Cybersecurity and Privacy 2021;1(2):219–238. https://doi.org/10.3390/jcp1020012 DOI: https://doi.org/10.3390/jcp1020012

Ahmad A, Maynard SB, Park S. Information security strategies: Towards an organisational multi-strategy perspective. Journal of Intelligent Manufacturing 2014;25:357–370. https://doi.org/10.1007/s10845-012-0683-0 DOI: https://doi.org/10.1007/s10845-012-0683-0

Chen Y, Ramamurthy K, Wen KW. Organisations' information security policy compliance: A stick or carrot approach? Journal of Management Information Systems 2012;29(3):157–188. https://doi.org/10.2753/MIS0742-1222290305 DOI: https://doi.org/10.2753/MIS0742-1222290305

Fenz S, Heurix J, Neubauer T, Pechstein F. Current challenges in information security risk management. Information Management Computer Security 2014;22(5):410–430. https://doi.org/10.1108/IMCS-07-2013-0053 DOI: https://doi.org/10.1108/IMCS-07-2013-0053

Meszaros J, Buchalcevova A. Introducing OSSF: A framework for online service cybersecurity risk management. Computers Security 2017;65:300–313. https://doi.org/10.1016/j.cose.2016.12.008 DOI: https://doi.org/10.1016/j.cose.2016.12.008

Alahmari A, Duncan B. Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. In: 2020 international conference on cyber situational awareness, data analytics and assessment (CyberSA). (pp. 1–5). IEEE, 2020. https://doi.org/10.1109/CyberSA49311.2020.9139638 DOI: https://doi.org/10.1109/CyberSA49311.2020.9139638

Ganin AA, Quach P, Panwar M, Collier ZA, Keisler JM, Marchese D, Linkov I. A multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis 2020;40(1):183–199. https://doi.org/10.1111/risa.12891 DOI: https://doi.org/10.1111/risa.12891

Bondarenko S, Bratko A, Antonov V, Kolisnichenko R, Hubanov O, Mysyk A. Improving the state system of strategic planning of national security in the context of informatization of society. Journal of Information Technology Management 2022a;14:1–24. https://doi.org/10.22059/jitm.2022.88861

Bondarenko S, Makeieva O, Usachenko O, Koval S, Tkachenko T. The legal mechanisms for information security in the context of digitalization. Journal of Information Technology Management 2022b;14:25–58. http://doi.org/10.22059/JITM.2022.88868

Chmyr Y, Nekryach A, Kochybei L, Solodka M, Myroniuk O. Postindustrial society and global informational space as infrastructure medium and factor for actualization of the state informational security. Contributions to Political Science 2023;136:61–73. https://doi.org/10.1007/978-3-031-33724-6_4 DOI: https://doi.org/10.1007/978-3-031-33724-6_4

Hren L, Karpeko N, Kopanchuk O, Dzyuba S, Polishchuk I. Substantive essence and components of the societal phenomenon “Information Security” in the age of information society. Contributions to Political Science 2023;136:75–91. https://doi.org/10.1007/978-3-031-33724-6_5 DOI: https://doi.org/10.1007/978-3-031-33724-6_5

Lelyk L, Olikhovskyi V, Mahas N, Olikhovska M. An integrated analysis of enterprise economy security. Decision Science Letters 2022;11(3):299–310. https://doi.org/10.5267/j.dsl.2022.2.003 DOI: https://doi.org/10.5267/j.dsl.2022.2.003

Likarchuk N. Information state in the context of international security and global identity: Challenges and prospects. International Relations: Theory and Practical Aspects 2024;14:107–121. https://doi.org/10.31866/2616-745X.14.2024.319359 DOI: https://doi.org/10.31866/2616-745X.14.2024.319359

Hiscox Cyber Readiness Report. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.hiscoxgroup.com/cyber-readiness

Statista. The most significant cybersecurity threats in organisations worldwide according to Chief Information Security Officers (CISOs) as of February 2024. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.statista.com/statistics/1350460/cybersecurity-threats-at-companies-worldwide-cisos/

Gartner Survey Reveals Only 14% of Security Leaders Successfully Balance Data Security and Business Objectives. Gartner. [Internet]. 2025 February 11 [cited 28 May 2025]; Available in: https://www.gartner.com/en/newsroom/press-releases/2025-02-11-gartner-survey-reveals-only-14-percent-of-security-leaders-successfully-balance-data-security-and-business-objectives

ISMS. The proven path to ISO 27001 success. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.isms.online/solutions/achieve-iso-27001/

Official Journal of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). [Internet]. 2024a [cited 28 May 2025]; Available in: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679

European Council. The general data protection regulation. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.consilium.europa.eu/en/policies/data-protection/data-protection-regulation/

Official Journal of the European Union. Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act). [Internet]. 2024b [cited 28 May 2025]; Available in: https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng

European Commission. Directive on Security of Network and Information Systems. [Internet]. 2024a [cited 28 May 2025]; Available in: https://ec.europa.eu/commission/presscorner/detail/el/memo_16_2422

European Commission. The EU Cybersecurity Act. [Internet]. 2024 [cited 28 May 2025]; Available in: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act

2024 Global Chief Information Security Officer Organization and Compensation Survey. Heidrick & Struggles. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.heidrick.com/-/media/heidrickcom/publications-and-reports/2024-global-ciso-organization-and-compensation-survey.pdf

Safa NS, Von Solms R. An information security knowledge sharing model in organisations. Computers in Human Behaviour 2016;57:442–451. https://doi.org/10.1016/j.chb.2015.12.037 DOI: https://doi.org/10.1016/j.chb.2015.12.037

Safa NS, Von Solms R, Furnell S. Information security policy compliance model in organisations. Computers Security 2016;5670–82. https://doi.org/10.1016/j.cose.2015.10.006 DOI: https://doi.org/10.1016/j.cose.2015.10.006

Shameli-Sendi A, Aghababaei-Barzegar R, Cheriet M. Taxonomy of information security risk assessment (ISRA). Computers Security 2016;57:14–30. https://doi.org/10.1016/j.cose.2015.11.001 DOI: https://doi.org/10.1016/j.cose.2015.11.001

Shamala P, Ahmad R, Zolait A, Sedek M. Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications 2017;36:1–10. https://doi.org/10.1016/j.jisa.2017.07.004 DOI: https://doi.org/10.1016/j.jisa.2017.07.004

International Organisation for Standardisation. ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems – Requirements. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.iso.org/standard/27001

Šikman L, Latinović T, Paspalj D. ISO 27001-Information Systems Security, development, trends, technical and economic challenges. Annals of the Faculty of Engineering Hunedoara [Internet]. 2019 [cited 28 May 2025];17(4):45–48. Available in: https://www.researchgate.net/publication/338585321

Alexei A. Ensuring information security in public organisations in the Republic of Moldova through the ISO 27001 standard. Journal of Social Sciences 2021;4(1):84–94. https://doi.org/10.52326/jss.utm.2021.4(1).11 DOI: https://doi.org/10.52326/jss.utm.2021.4(1).11

Kamil Y, Lund S, Islam MS. Information security objectives and the output legitimacy of ISO/IEC 27001: stakeholders' perspective on expectations in private organisations in Sweden. Information Systems and e-Business Management 2023;21(3):699–722. https://doi.org/10.1007/s10257-023-00646-y DOI: https://doi.org/10.1007/s10257-023-00646-y

Culot G, Nassimbeni G, Podrecca M, Sartor M. The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda. The TQM Journal 2021;33(7):76–105. https://doi.org/10.1108/TQM-09-2020-0202 DOI: https://doi.org/10.1108/TQM-09-2020-0202

The National Institute of Standards and Technology. Cybersecurity Framework. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.nist.gov/cyberframework

Downloads

Published

2025-06-09

How to Cite

1.
Benzar A, Kovalenko Y, Taranenko A, Balynska O, Balynskyi I. Organizational Context of Security Management: Implications for Information Systems. Management (Montevideo) [Internet]. 2025 Jun. 9 [cited 2025 Jul. 6];3:250. Available from: https://managment.ageditor.uy/index.php/managment/article/view/250