Organizational Context of Security Management: Implications for Information Systems
DOI:
https://doi.org/10.62486/agma2025250Keywords:
Information, Information Law, Communication, Human Rights, Information Security, Restriction of the Right to Disseminate InformationAbstract
Introduction: In the context of an unprecedented intensification and structural complication of cyber threats, which increasingly manifest as full-scale attacks on organizational entities across diverse economic clusters, the exigency of formulating and implementing conceptually sound and technologically advanced paradigms of information security management has become irrefutable.
Objective: The principal objective of this scholarly inquiry is the identification and systematic structuring of prevailing trends, as well as the analytical explication of the discursive features characterizing the implementation of innovative approaches to information security within the corporate domain.
Methods: The methodological framework is grounded in a descriptive-analytical model, incorporating elements of methodological pluralism—particularly the confluence of deductive theoretical analysis of security governance paradigms and empirical reflection on secondary data pertinent to the state and specificities of such implementation.
Results: The findings substantiate the premise that the persistent escalation in the complexity of cyber threats precipitates substantial reputational, economic, and operational risks, thereby compelling organizations to recalibrate their strategic posture towards integrative models of information security governance. The most adaptive to the volatile threat landscape are risk-based and holistic approaches. Moreover, regulatory transformations within the European legal framework concerning personal data protection function as a significant catalyst in the strategic reconfiguration of information security imperatives.
Conclusions: The practical significance of this study lies in the critical generalization and systematization of the tendencies that shape the emerging epistemology of information security management in contemporary organizational structures.
References
Stewart H, Jürjens J. Information security management and the human aspect in organisations. Information Computer Security 2017;25(5):494–534. https://doi.org/10.1108/ICS-07-2016-0054 DOI: https://doi.org/10.1108/ICS-07-2016-0054
Soomro ZA, Shah MH, Ahmed J. Information security management needs more holistic approach: A literature review. International journal of information management 2016;36(2):215–225. https://doi.org/10.1016/j.ijinfomgt.2015.11.009 DOI: https://doi.org/10.1016/j.ijinfomgt.2015.11.009
Jerman-Blažič B, Bojanc R. An economic modelling approach to information security risk management. International Journal of Information Management 2008;28(5):413–422. https://doi.org/10.1016/j.ijinfomgt.2008.02.002 DOI: https://doi.org/10.1016/j.ijinfomgt.2008.02.002
Weishäupl E, Yasasin E, Schryen G. Information security investments: An exploratory multiple case study on decision-making, evaluation and learning. Computers Security 2018;77:807–823. https://doi.org/10.1016/j.cose.2018.02.001 DOI: https://doi.org/10.1016/j.cose.2018.02.001
International Monetary Fund. Rising Cyber Threats Pose Serious Concerns for Financial Stability. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.imf.org/en/Blogs/Articles/2024/04/09/rising-cyber-threats-pose-serious-concerns-for-financial-stability
Alliantist. The State of Information Security Report 2024. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.isms.online/state-of-infosec-24/
International Information Systems Security Certification Consortium, ISC2. ISC2 Survey: More Cybersecurity Leadership Training Needed. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.isc2.org/insights/2024/12/isc2-survey-cybersecurity-leadership?queryID=77c010de9f13e0df2cb0b77c783e43f9
KPMG. KPMG Survey: C-Suite Cyber Leaders Optimistic about Defences, but Large Percentage Suffered Recent Cyber Attack. [Internet]. 2024 [cited 28 May 2025]; Available in: https://kpmg.com/us/en/media/news/2024-cybersecurity-survey.html
Stoll M. An information security model for implementing the new ISO 27001. In: Handbook of Research on Emerging Developments in Data Privacy. (pp. 216–238). IGI Global, 2015. https://doi.org/10.4018/978-1-4666-7381-6.ch011 DOI: https://doi.org/10.4018/978-1-4666-7381-6.ch011
Tvaronavičienė M, Plėta T, Della Casa S, Latvys J. Cyber security management of critical energy infrastructure in national cybersecurity strategies: Cases of USA, UK, France, Estonia and Lithuania. Insights into regional development 2020;2(4):802–813. https://doi.org/10.9770/ird.2020.2.4(6) DOI: https://doi.org/10.9770/IRD.2020.2.4(6)
Eloff MM, von Solms SH. Information security management: A hierarchical framework for different approaches. Computers Security 2000;19(3):243–256. https://doi.org/10.1016/S0167-4048(00)88613-7 DOI: https://doi.org/10.1016/S0167-4048(00)88613-7
Lee I. Cybersecurity: Risk management framework and investment cost analysis. Business Horizons 2021;64(5):659–671. https://doi.org/10.1016/j.bushor.2021.02.022 DOI: https://doi.org/10.1016/j.bushor.2021.02.022
Tarasenko O, Lysenko S, Tarlopov I, Pidkaminnyi I, Verhun M. Analysis of the competitiveness of higher education institutions in Ukraine in the context of recovery and development after the war. Multidisciplinary Science Journal 2024;6:e2024ss0210. https://doi.org/10.31893/multiscience.2024ss0210 DOI: https://doi.org/10.31893/multiscience.2024ss0210
Lysenko S, Skurativkyi R. Extended Special Linear group ESL2(F) and matrix equations in SL2(F):SL2(Z) and GL2(Fp). Wseas Transactions on Mathematics 2024;23:643–659. https://doi.org/10.37394/23206.2024.23.68 DOI: https://doi.org/10.37394/23206.2024.23.68
Eloff JH, Eloff M. Information security management: a new paradigm. In: Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology. (pp. 130–136). SAICSIT. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.sis.pitt.edu/jjoshi/courses/is2621/SecManParadigm2.pdf
Kaushik M. Cybersecurity Management: Developing Robust Strategies for Protecting Corporate Information Systems. International Journal for Global Academic Scientific Research 2024;3(2):24–35. https://doi.org/10.55938/ijgasr.v3i2.75 DOI: https://doi.org/10.55938/ijgasr.v3i2.75
Antunes M, Maximiano M, Gomes R, Pinto D. Information security and cybersecurity management: A case study with SMEs in Portugal. Journal of Cybersecurity and Privacy 2021;1(2):219–238. https://doi.org/10.3390/jcp1020012 DOI: https://doi.org/10.3390/jcp1020012
Ahmad A, Maynard SB, Park S. Information security strategies: Towards an organisational multi-strategy perspective. Journal of Intelligent Manufacturing 2014;25:357–370. https://doi.org/10.1007/s10845-012-0683-0 DOI: https://doi.org/10.1007/s10845-012-0683-0
Chen Y, Ramamurthy K, Wen KW. Organisations' information security policy compliance: A stick or carrot approach? Journal of Management Information Systems 2012;29(3):157–188. https://doi.org/10.2753/MIS0742-1222290305 DOI: https://doi.org/10.2753/MIS0742-1222290305
Fenz S, Heurix J, Neubauer T, Pechstein F. Current challenges in information security risk management. Information Management Computer Security 2014;22(5):410–430. https://doi.org/10.1108/IMCS-07-2013-0053 DOI: https://doi.org/10.1108/IMCS-07-2013-0053
Meszaros J, Buchalcevova A. Introducing OSSF: A framework for online service cybersecurity risk management. Computers Security 2017;65:300–313. https://doi.org/10.1016/j.cose.2016.12.008 DOI: https://doi.org/10.1016/j.cose.2016.12.008
Alahmari A, Duncan B. Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. In: 2020 international conference on cyber situational awareness, data analytics and assessment (CyberSA). (pp. 1–5). IEEE, 2020. https://doi.org/10.1109/CyberSA49311.2020.9139638 DOI: https://doi.org/10.1109/CyberSA49311.2020.9139638
Ganin AA, Quach P, Panwar M, Collier ZA, Keisler JM, Marchese D, Linkov I. A multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis 2020;40(1):183–199. https://doi.org/10.1111/risa.12891 DOI: https://doi.org/10.1111/risa.12891
Bondarenko S, Bratko A, Antonov V, Kolisnichenko R, Hubanov O, Mysyk A. Improving the state system of strategic planning of national security in the context of informatization of society. Journal of Information Technology Management 2022a;14:1–24. https://doi.org/10.22059/jitm.2022.88861
Bondarenko S, Makeieva O, Usachenko O, Koval S, Tkachenko T. The legal mechanisms for information security in the context of digitalization. Journal of Information Technology Management 2022b;14:25–58. http://doi.org/10.22059/JITM.2022.88868
Chmyr Y, Nekryach A, Kochybei L, Solodka M, Myroniuk O. Postindustrial society and global informational space as infrastructure medium and factor for actualization of the state informational security. Contributions to Political Science 2023;136:61–73. https://doi.org/10.1007/978-3-031-33724-6_4 DOI: https://doi.org/10.1007/978-3-031-33724-6_4
Hren L, Karpeko N, Kopanchuk O, Dzyuba S, Polishchuk I. Substantive essence and components of the societal phenomenon “Information Security” in the age of information society. Contributions to Political Science 2023;136:75–91. https://doi.org/10.1007/978-3-031-33724-6_5 DOI: https://doi.org/10.1007/978-3-031-33724-6_5
Lelyk L, Olikhovskyi V, Mahas N, Olikhovska M. An integrated analysis of enterprise economy security. Decision Science Letters 2022;11(3):299–310. https://doi.org/10.5267/j.dsl.2022.2.003 DOI: https://doi.org/10.5267/j.dsl.2022.2.003
Likarchuk N. Information state in the context of international security and global identity: Challenges and prospects. International Relations: Theory and Practical Aspects 2024;14:107–121. https://doi.org/10.31866/2616-745X.14.2024.319359 DOI: https://doi.org/10.31866/2616-745X.14.2024.319359
Hiscox Cyber Readiness Report. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.hiscoxgroup.com/cyber-readiness
Statista. The most significant cybersecurity threats in organisations worldwide according to Chief Information Security Officers (CISOs) as of February 2024. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.statista.com/statistics/1350460/cybersecurity-threats-at-companies-worldwide-cisos/
Gartner Survey Reveals Only 14% of Security Leaders Successfully Balance Data Security and Business Objectives. Gartner. [Internet]. 2025 February 11 [cited 28 May 2025]; Available in: https://www.gartner.com/en/newsroom/press-releases/2025-02-11-gartner-survey-reveals-only-14-percent-of-security-leaders-successfully-balance-data-security-and-business-objectives
ISMS. The proven path to ISO 27001 success. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.isms.online/solutions/achieve-iso-27001/
Official Journal of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). [Internet]. 2024a [cited 28 May 2025]; Available in: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
European Council. The general data protection regulation. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.consilium.europa.eu/en/policies/data-protection/data-protection-regulation/
Official Journal of the European Union. Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act). [Internet]. 2024b [cited 28 May 2025]; Available in: https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng
European Commission. Directive on Security of Network and Information Systems. [Internet]. 2024a [cited 28 May 2025]; Available in: https://ec.europa.eu/commission/presscorner/detail/el/memo_16_2422
European Commission. The EU Cybersecurity Act. [Internet]. 2024 [cited 28 May 2025]; Available in: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act
2024 Global Chief Information Security Officer Organization and Compensation Survey. Heidrick & Struggles. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.heidrick.com/-/media/heidrickcom/publications-and-reports/2024-global-ciso-organization-and-compensation-survey.pdf
Safa NS, Von Solms R. An information security knowledge sharing model in organisations. Computers in Human Behaviour 2016;57:442–451. https://doi.org/10.1016/j.chb.2015.12.037 DOI: https://doi.org/10.1016/j.chb.2015.12.037
Safa NS, Von Solms R, Furnell S. Information security policy compliance model in organisations. Computers Security 2016;5670–82. https://doi.org/10.1016/j.cose.2015.10.006 DOI: https://doi.org/10.1016/j.cose.2015.10.006
Shameli-Sendi A, Aghababaei-Barzegar R, Cheriet M. Taxonomy of information security risk assessment (ISRA). Computers Security 2016;57:14–30. https://doi.org/10.1016/j.cose.2015.11.001 DOI: https://doi.org/10.1016/j.cose.2015.11.001
Shamala P, Ahmad R, Zolait A, Sedek M. Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications 2017;36:1–10. https://doi.org/10.1016/j.jisa.2017.07.004 DOI: https://doi.org/10.1016/j.jisa.2017.07.004
International Organisation for Standardisation. ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems – Requirements. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.iso.org/standard/27001
Šikman L, Latinović T, Paspalj D. ISO 27001-Information Systems Security, development, trends, technical and economic challenges. Annals of the Faculty of Engineering Hunedoara [Internet]. 2019 [cited 28 May 2025];17(4):45–48. Available in: https://www.researchgate.net/publication/338585321
Alexei A. Ensuring information security in public organisations in the Republic of Moldova through the ISO 27001 standard. Journal of Social Sciences 2021;4(1):84–94. https://doi.org/10.52326/jss.utm.2021.4(1).11 DOI: https://doi.org/10.52326/jss.utm.2021.4(1).11
Kamil Y, Lund S, Islam MS. Information security objectives and the output legitimacy of ISO/IEC 27001: stakeholders' perspective on expectations in private organisations in Sweden. Information Systems and e-Business Management 2023;21(3):699–722. https://doi.org/10.1007/s10257-023-00646-y DOI: https://doi.org/10.1007/s10257-023-00646-y
Culot G, Nassimbeni G, Podrecca M, Sartor M. The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda. The TQM Journal 2021;33(7):76–105. https://doi.org/10.1108/TQM-09-2020-0202 DOI: https://doi.org/10.1108/TQM-09-2020-0202
The National Institute of Standards and Technology. Cybersecurity Framework. [Internet]. 2024 [cited 28 May 2025]; Available in: https://www.nist.gov/cyberframework
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Anatolii Benzar, Yuliia Kovalenko, Artem Taranenko, Olha Balynska, Igor Balynskyi (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
The article is distributed under the Creative Commons Attribution 4.0 License. Unless otherwise stated, associated published material is distributed under the same licence.
