Implications of Organizational Governance on Cybersecurity Management: A Qualitative Study in Higher Education
Summary
Today’s digital organizations recognize the imperative of adopting a strategic approach to cybersecurity, acknowledging that managerial and behavioral processes, alongside technical measures, play a crucial role in ensuring organizational cybersecurity. Despite this understanding, the existing literature lacks clarity on the relationship between organizational governance and cybersecurity. Practical guidance is also limited on how different mechanisms of governance—structural, formal, and relational—can be leveraged to enhance an organization’s cybersecurity posture considering its overall governance model. To address this gap, we conducted interviews with 12 employees from a higher education institution. Our findings suggest a robust connection between organizational governance and cybersecurity management, revealing that cybersecurity strategy and behavior are influenced by the governance choices made within an organization. Our results highlight the significance of relational governance in a setting where it is challenging to impose rules and regulations due to the independence of organizational units and the autonomy of employees.
Conference: The 32nd European Conference on Information Systems (ECIS 2024)
Location: Paphos, Cyprus
Date: June 13-19, 2024
Keywords
Cybersecurity, Governance, Higher Education, Qualitative Study
Links
References
APA |
Bulgurcu, B., Levallet, N., & Mashatan, A. (2024). Implications of organizational governance on Cybersecurity Management: A qualitative study in higher education. Proceedings in The 32nd European Conference on Information Systems (ECIS 2024) (pp. 2136-2151). |
---|---|
BibTeX |
@INPROCEEDINGS{bulgurcu2024implications, title={Implications of Organizational Governance on Cybersecurity Management: A Qualitative Study in Higher Education}, author={Bulgurcu, Burcu and Levallet, Nadege and Mashatan, Atefeh}, year={2024}, pages={2136--2151}, booktitle={Proceedings in The 32nd European Conference on Information Systems (ECIS 2024)}, } |
IEEE | B. Bulgurcu, N. Levallet, and A. Mashatan, “Implications of Organizational Governance on Cybersecurity Management: A Qualitative Study in Higher Education,” in Proc. The 32nd European Conference on Information Systems (ECIS 2024), Paphos, Cyprus, June 13-19, 2024, pp. 2136-2151. |