Abstract
Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry.
 Design/methodology/approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis.
 Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable.
 Limitations of the investigation: The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known.
 Practical implications: To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company’s reliability in power supply.
 Originality/value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.
Highlights
Cyber attacks are increasingly more sophisticated and complex, leading companies to financial collapse and degradation of their image
Information security governance in the electricity industry performing a comparative analysis of the results found and the findings of the authors surveyed in the bibliometric research, in order to propose Information Security (IS) governance guidelines to the electricity industry, in order to propose IS governance guidelines to the electricity industry
The present study, first surveyed the literature on IS governance in corporate ambit, how strategic management directly affected the area and how the electricity industry was positioned about the theme
Summary
Cyber attacks are increasingly more sophisticated and complex, leading companies to financial collapse and degradation of their image. On 05/07/2021 the Colonial Pipeline System (Texas, USA), the company that operates the largest fuel transfer pipeline on the east coast of the USA, suffered an attack forcing the company to deactivate its operation (Sanger et al, 2021). Another example is a malware that, on 01/25/2003, deactivated the security system from a nuclear company in the United States, Ohio, making impossible the control of temperature measurement sensors’ indicators (Rodofile et al, 2019)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
