Information system security governance: Technology intelligence perspective

Abstract

In recent years, the majority of studies and scientific research has primarily focused on the technical perspective of information system security (algorithms, tools, hardware, and infrastructure) which is part of a reactive approach. Over the time, this approach has succeeded, more or less, in managing the information technology (IT) concerns. However, the new technological trends and the new work organizations generate excessively rapid changes in the landscape of information security without forgetting the rapid changes in the society, the interconnected economies and computer networks that are increasing exponentially complicate the security of the constantly evolving information systems issues. In this context, our paper focuses on the fact that Information system also consists of a functional parts (human factor, procedures, politics…etc.) which imply the introduction of a proactive approach and adopting a vision of governance in order to align IT goals with organization strategy. This article is a review of literature on the existing approaches to secure information systems, initiate a reflection on the limits of traditional visions adopted, stress the importance of information systems security governance (ISSG) as a holistic approach, provide an overview of the actual IS security issues while criticizing the model GRC (Governance, Risk Management, Compliance) and proposing a new vision of the ISSG under the Technology intelligence(TI) perspective in order to pursue the emergence of technology and the sudden change of business objectives. Finally, we schematize the new Meta model that we named GRCI-TI. In addition to a fruitful discussion of the research contributions and the forthcoming research, directions are presented.