Abstract
Information security organization has normally been organized under the IT department. However, as the importance of information security has gradually increased, the way of information security organized for enterprise security management has become a noteworthy issue. The need for separation of Information security organization from IT department is growing, such as restriction on the concurrent positions in CIO and CISO. Nowadays there are many studies about Information security organization while relatively there has been minimal research regarding a departmentalization. For these reasons this study proposes a Information Security Departmentalization Model which is based on business risk and reliance on the IT for effectively organizing Information security organization, using Contingency theory. In addition, this study classified the position of Information security organization into Planning & Coordination, Internal Control, Management and IT and analyze the strengths and weaknesses of each case.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
