An Empirical Study into Information Security Governance Focus Areas and their Effects on Risk Management

This paper aimed at determining the extent to which information security governance (ISG) focus areas impact risk management. A total of 81 valid questionnaires were collected and processed using multiple linear regression and frequency analyses. The results showed that 92.7% of the variances in risk management were explained by the resource management, information security and business strategic alignment, value delivery, and performance measurement. Resource management and strategic alignment made significant positive contribution to risk management. Among the most applied attributes within the ISG focus areas, the organizations appreciably implemented policies that address risk management and non-compliance to security risk. However, risk assessment was not frequently and exhaustively performed and security personnel were not adequately trained. The study contributed to the literature by empirically determining the impact of ISG focus areas on risk management, provided organizational leaders better understanding of ISG focus areas, and suggested improvement to ISG practices.