Abstract
Business-IT Alignment (BITA) has the potential to link with organizational issues that deal with business-IT relationships at strategic, tactical and operational levels. In such context, information security process (ISP) is one of the issues that can be influenced by BITA. However, the impact has yet not been researched. This paper investigates the BITA impact on ISP. For this investigation, the relationships of elements of the Strategic Alignment Model and the components of Security Values Chain Model are considered. The research process is an in-depth literature survey followed by case study in two organizations located in United States and the Middle East. The results show clear impact of BITA on how organizations would distribute allocated security budget and resources based on the needs and risk exposure. The results should support both practitioners and researchers to gain improved insights of the relationships between BITA and IT security components.
Chapter PDF
Similar content being viewed by others
References
Adams, J.: Risk. Taylor & Francis, London (1995)
Al-Hamdani, W.A.: Non risk assessment information security assurance model. In: Proceedings of the Information Security Curriculum Development Conference, pp. 84–90. ACM, Kennesaw (2009)
AlSabbagh, B., Kowalski, S.: Developing Social Metrics for Security – Modeling the Security Culture of IT Workers Individuals (Case Study). In: Proceedings of the 5th International Conference on Communications, Computers and Applications (2012)
Amer, S.H., Hamilton, J.A.: Understanding security architecture. In: Proceedings of the Spring Simulation Multi-conference, Society for Computer Simulation, Canada (2008)
Avison, D., Jones, J., Powell, P., Wilson, D.: Using and Validating the Strategic Alignment Model. Journal of Strategic Information Systems 13, 223–246 (2004)
Barabanov, R., Kowalski, S.: Group Dynamics in a Security Risk Management Team Context: A Teaching Case Study. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 31–42. Springer, Heidelberg (2010)
Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behaviour in organisations. In: NSPW 2008, pp. 47–58 (2008)
Benbya, H., McKelvey, B.: Using Coevolutionary and Complexity Theories to Improve IS Alignment: A multi-level approach. Journal of Information Tech. 21(4), 284–298 (2006)
Chan, Y.E., Huff, S.L., Barclay, D.W., Copeland, D.G.: Business Strategic Orientation, IS Strategic Orientation, and Strategic Alignment. ISR 8(2), 125–150 (1997)
Chan, Y.E.: Why haven’t we mastered alignment? The Importance of the informal organization structure. MIS Quarterly 1, 97–112 (2002)
Chan, Y.E., Reich, B.H.: IT alignment: what have we learned? Journal of Information Technology 22(4), 297–315 (2007b) (advance online publication)
Doherty, N.F., Fulford, H.: Do information security policies reduce the incidence of security breaches: an exploratory analysis. IRM Journal 18(4), 21–38 (2005)
El-Mekawy, M., Perjons, E., Rusu, L.:Â A Framework to Support Practitioners in Evaluating Business-IT Alignment Models. AIS Electronic Library (2013)
Gordon, L.A., Loeb, M.P.: The Economics of Information Security Investment. ACM Transactions on Information and Systems Security 5(4), 438–457 (2002)
Gordon, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R.: CSI/FBI Computer Crime and Security Survey. Computer Security Institute (2005)
Henderson, J., Venkatraman, N.: Strategic alignment: leveraging information technology for transforming organizations. IBM Systems Journal 32(1), 472–484 (1993)
Herath, H.S.B., Herath, T.C.: Cyber-Insurance: Copula Pricing Framework and Implications for Risk Management. In: Proceedings of the Sixth Workshop on the Economics of Information Security, Carnegie Mellon University, June 7-8 (2007)
Huang, C.D., Hu, Q., Behara, R.S.: Investment in information security by a risk-averse firm. In: Proceedings of the 2005 Softwars Conference, Las Vegas, Nevada (2005)
Huang, C.D., Hu, Q., Behara, R.S.: Economics of Information Security Investment in the Case of Simultaneous Attacks. In: Proceedings of the Fifth Workshop on the Economics of Information Security, Cambridge University, pp. 26–28 (2006)
Johnson, M.E., Goetz, E.: Embedding Information Security into the Organisation. IEEE Security & Privacy 16 – 24 (2007)
Kearns, G.S., Lederer, A.L.: The Effect of Strategic Alignment on the use of IS-Based Resources for Competitive Advantage. Journal of Strategic IS 9(4), 265–293 (2000)
Kowalski, S.: The SBC Model: Modeling the System for Consensus. In: Proceedings of the 7th IFIP TC11 Conference on Information Security, Brighton, UK (1991)
Kowalski, S., Boden, M.: Value Based Risk Analysis: The Key to Successful Commercial Security Target for the Telecom Industry. In: 2nd Annual International Common Criteria CC Conference, Ottawa (2002)
Kowalski, S., Edwards, N.: A security and trust framework for a Wireless World: A Cross Issue Approach, Wireless World Research Forum no. 12, Toronto, Canada (2004)
Kumar, V., Telang, R., Mukhopahhyay, T.: Optimally securing interconnected information systems and assets. In: 6th Workshop on the Economics of IS, CM University (2007)
Lacity, M.C., Willcocks, L., Feeny, D.: IT outsourcing: maximise flexibility and control. Harvard Business (1995)
Lee, S.W., Gandhi, R.A., Ahn, G.J.: Establishing trustworthiness in services of the critical infrastructure through certification and accreditation. SIGSOFT Softw. Eng. Notes 30(4), 1–7 (2005)
Leonard, J., Seddon, P.: A Meta-model of Alignment. Communications of the Association for Information Systems 31(11), 230–259 (2012)
Luftman, J.: Assessing Business-IT Alignment Maturity. Communications of the Association for Information Systems 4, Article 14 (2000)
Luftman, J.N.: Managing IT Resources. Prentice Hall, Upper Saddle (2004)
Luftman, J., Ben-Zvi, T.: Key Issues for IT Executives: Difficult Economy’s Impact on IT. MIS Quarterly Executive 9(1), 49–59 (2010)
Oltedal, S., Moen, B., Klempe, H., Rundmo, T.: Explaining Risk Perception. An evaluation of cultural theory. Norwegian University of Science and Technology (2004)
Ogut, H., Menon, N., Raghunathan, S.: Cyber Insurance and IT security investment: Impact of interdependent risk. In: Workshop on the Economics of Information Security, WEIS 2005, Kennedy School of Government, Harvard University, Cambridge, Mass. (2005)
Reich, B.H., Benbasat, I.: Factors That Influence The Social Dimension of Alignment Between Business And IT Objectives. MIS Quarterly 24(1), 81–113 (2000)
Sabherwal, R., Chan, Y.E.: Alignment Between Business and IS Strategies: A Study of Prospectors, Analyzers, and Defenders. IS Research 12(1), 11–33 (2001)
Saleh, M.: Information Security Maturity Model. Journal of IJCSSÂ 5(3) (2011)
Schwaninger, M.: From dualism to complementarity: a systemic concept for the research process. International Journal of Applied Systemic Studies 1(1), 3–14 (2007)
Smaczny, T.: Is an alignment between business and information technology the appropriate paradigm to manage IT in today’s organisations? Management Decision 39(10), 797–802 (2001)
Tarafdar, M., Qrunfleh, S.: IT-Business Alignment: A Two-Level Analysis. Information Systems Management 26(4), 338–349 (2009)
Whitman, M.E., Mattord, H.J.: Principles of Information Security. Thomson Course Tech. (2003)
Van Der Zee, J.T.M., De Jong, B.: Alignment is Not Enough: Integrating business and information technology management with the balanced business scoreboard. Journal of Management Information Systems 16(2), 137–156 (1999)
von Solms, B., von Solms, R.: The ten deadly sins of information security management. Computers & Security 23(5), 371–376 (2004)
Yee, K.P.: User Interaction Design for Secure Systems. In: Faith Cranor, L., Garfinkel, S. (eds.) Security and Usability: Designing Secure Systems that People Can Use, pp. 13–30. O’Reilly Books (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
El Mekawy, M., AlSabbagh, B., Kowalski, S. (2014). The Impact of Business-IT Alignment on Information Security Process. In: Nah, F.FH. (eds) HCI in Business. HCIB 2014. Lecture Notes in Computer Science, vol 8527. Springer, Cham. https://doi.org/10.1007/978-3-319-07293-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-07293-7_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07292-0
Online ISBN: 978-3-319-07293-7
eBook Packages: Computer ScienceComputer Science (R0)