Board Composition And Information Security In The Banking Sector
Words: 4125
Pages: 15
16
16
DownloadBoard Composition and Information Security in the Banking Sector
Name University
BOARD COMPOSITION AND INFORMATION SECURITY IN THE BANKING SECTOR
CHAPTER TWO
LITERATURE REVIEW
Corporate governance
Corporate governance entails systems of rules, organizational practices, and processes through which a firm is controlled and directed (Icaew.org, 2017). The primary aim of cooperate governance is to balance the interests of the majority of stakeholders in a given institution (Blackwell, 2002). Stakeholders in organizations include; customers, management, suppliers, finance providers, the central government and the community surrounding the organization (OECD, 2004). The corporate governance issues the acceptable frameworks for attaining the objectives of any given firm. In this case, the influence of corporate government involves all the spheres of management such as the action plans of an entity, the internal management unit, the performance measurement of the administration, and cooperate disclosure.
According to Icaew.org (2017), corporate governance is the system through which corporations are controlled and directed. The shareholders provide appropriate management by appointing directors and company auditors (Icaew.org, 2017). Through this function, the shareholders are convinced that all the undertakings of the organizations will run to their satisfaction. The board has several responsibilities among them are; setting strategic goals of an organization, providing leadership that would execute the goals, supervising the conducts of the management and reporting all activities to the shareholders as their stewards (Icaew.
Wait! Board Composition And Information Security In The Banking Sector paper is just an example!
org, 2017). Therefore, cooperate governance involves the functions of the board and the methods the board sets company values. In the United Kingdom, since 29th June 2010, corporate governance has been part of the legal system in the listed companies.
Board Composition and corporate governance
The composition of the board relates to issues of regarding board independence, and the diversity of the board members. An efficient firm requires a structure of the Executive team that makes it decisions based on objectives views (Blackwell 2002). Arguably the sensible decision by the firms relies on the freedom of board members and the extent to which the arrangements cannot be jeopardized. The freedom of the board refers to a corporate board with a majority of independent outsider dominated directors. Outsider-dominated board is more vigilant than insider-dominated board when it comes monitoring the conducts and behaviors of managers, and making decisions which affect the operations of the firm (Blackwell 2002). A board consist of directors who have diverse sets of functional expertise, industrial experience; academic qualifications, ethnic composition, and gender are likely to be equipped with various methods of dealing with problems affecting the firm (Goodstein et al., 1994). Such board composition help in advising the executive from multiple perspectives which reduces bias in decision making (Blackwell 2002).
The composition of the Board is among the critical factors affecting the performance of any given firm. Goodstein et al., (1994) posit that boards are formed to accomplish three primary functions. The primary duties are; linking the institution to its environment, securing essential resources for the firm, and controlling the management team of an organization. Fama and Jensen (1983) concluded that an active board of directors depends on the diverse skills each member has and competencies that each director has. Effective governance by the board also depends on the effective selection procedure for new directors, which also rests on the definition the duties of these directors (OECD, 2004).
IT Governance
Information Technology governance refers to current and formal frameworks which provide structures to make sure that Investment in Information technology is in line with the objectives of an institution (Pereira and da Silva, 2012). In the United States, the demand for formal corporate Information Technology governance was ignited by the set of enacted regulations. For example, “the Gramm–Leach–Bliley Act” (GLBA) and the Sarbanes-Oxley Act, in the 1990 and early 2000s that resulted from the fallout from several high-profile corporate fraud and deception cases (Brisebois, Boyd, & Shadid, 2007). According to OECD (2004), IT governance is the system and procedure put in place to ensure that an organization is efficient in the application if Information Technology, in achieving the set objectives of an organization. In this definition, every organization must evaluate the selection and priority of funding for competing Information Technology investment that would work toward the set objectives in any given organization. In such kind of decision-making process, information technology in organization considers oversight processes and the responsibilities of the management (Brisebois, Boyd, & Shadid, 2007).
Most organizations approach Information technology governance from the perspective of tool or procedures (Allen 2005). The likelihood of the success of Information Technology governance depends on certain principles. For example, the executive support is imperative to the success of IT governance (Allen 2005). Ideally, any service management implementation without the help or guidance of an Executive level leadership is less likely to be successful (Allen 2005). According to Allen (2005), when working from the bottom to the top, an idea will take the excess effort to initiate due to competition for resources and marketing the concept upstream. The support of the executive leadership is fundamental to the success of launching any idea in the organization. Executive support aids in supporting how IT initiative will help in guiding the concept by relating the information technology initiative with organization goals (OECD 2004). Other factors that may dictate successful IT governance are Communications, and academic qualifications, the structure of the management, the role and responsibilities the IT governance, and the organizational culture (Allen 2005). All these factors reflect on the position of the executive function. Therefore the executive arm of any organization becomes an essential component for the success of IT governance.
The governance of IT mainly focuses on the technology systems and how well they perform (OECD, 2004). This goal can only be achieved in a well-structured environment. Roles need to be appropriately defined, hardware, software and business processes need to be placed under the right ownership to obtain success with IT investments (Allen 2005). This study will attempt to determine how IT governance structures and processes influence the relationship between board composition and information security investments.
IT governance frameworks
According to Rastogi and von Solms (2006), information security governance entails structures, relationships, and procedures. Rastogi and von Solms also point that Security governance also relates to the existing guidance which issues frameworks for implementation of information security governance. An execution proceeds only through mapping of Information Security Governance responsibilities according to the organizational hierarchy (OECD, 2004).
There are internationally recognized third parties who are vendor- neutral frameworks known as ‘IT governance frameworks.’ These frameworks may not be adequate when singled out yet each has IT governance strengths which are significant to specific tasks. The frameworks include Information Technology Infrastructure Library (ITIL); “Control Objectives for Information and Related Technology” (COBIT); and ISO 27001.
ITIL
ITIL is an abbreviation of Information Technology Infrastructure Library. It was established by the United Kingdom Cabinet Office as the library which would provide a guideline for the “best-practice processes for Information Technology service management” (Rastogi and von Solms, 2006).
COBIT
COBIT is an Information Technology control framework which helps organizations meet current business challenges and issues in regards to regulatory compliance, risk management and aligning the Information Technology strategies with organizational goals (Rastogi and von Solms, 2006).
ISO 27001
ISO 27001 is an objective best-practice standard for the information security management in organizations.
Cyber Security and Cyber Crime
2017 was a year coupled with cyber threats in the history of cybercrime (Moore, 2017). Millions of consumers and thousands of business were hit with all sorts of malware (Moore, 2017). Gartner reported that expenditure on information security reached 86.4 Billion Dollars by the end of 2017 (Moore, 2017). At the same time, Cybercrime Reports anticipated cybercrime damages to the tune of Six Trillion dollars in every financial year by 2021 (Moore, 2017).
At the beginning of 2017, the Government of Saudi Arabia through the macro in Microsoft office word to infect targeted computers with information filtering Trojan (Barth and Olenick, 2017). Instead of retrieving the binary payload, the virus attacks rely on malicious scripts in maintaining persistence and consistency on the targeted device (Allen, 2005). The malware also communicates and connects with malicious websites which act as proxies for control server and command. Such script-based malware is treacherous and not easy to identify (Barth and Olenick, 2017). They can escape anti-virus engines thus appealing to cybercriminals (Barth and Olenick, 2017).
Even though businesses might already be overwhelmed by previous cyber threats, Allen (2005) predicts that the attacks will still rise by the end of 2018. There is an emerging increase in cyber-criminal tools; averting such assaults in organizations will demand the expertise in Information Security in every organization (Moore, 2017). News media and pop culture have the successive activities of cyber criminals consistently (Bath and Olenick, 2017). For instance, the pop culture heavily relied on social media to report ransomware generated one billion dollars to crimes in 2017 alone (Barth and Olenick, 2017). Such publicity increases the appetite for cybercrimes across the world. The tactics in cybercrimes are likely to target financial institution because attackers would want quick money (Barth and Olenick, 2017).
Information security
Information Security is a design meant for protecting the confidentiality, integrity of the availability of computer system and data from malicious activities (Evans 2015). Confidentiality, integrity, and availability may sometimes be referred to as the “CIA Triad of information security” (Evans, 2015). The Triad has lately evolved to the people commonly call Parkerian hexad, which consists of confidentiality, controls, authenticity, integrity, availability, and utility (Pereira and da Silva 2012).
Information security deals with risk management. Any event or item that can act as a threat to the Parkerian hexad is deemed as the threat to the entire computer system. Information security ensures that sensitive information is stored well (Nolan and McFarlan, 2018). Such protected data cannot be altered, changed or transferred without permission where there are proper security measures. For example, “if the message could be modified during transmission by someone intercepting it before it reaches the intended recipient.” Efficient cryptography tools help in mitigating such security threat (Evans, 2015). Digital signatures aids in improving information security through enhancing authenticity procedures and prompting individuals accessing the system to authenticate their identity before gaining access to computer data (Chenoweth, 2005).
InfoSec standards
InfoSec standards are published specifications, which contain precise specification designed to be utilized as a guideline, in Information security (Honan, 2017). According to Honan (2017), these standards work as a point of reference for minimum requirements for all concerned parties in information technology. The InfoSec standards work as a reference point to help an institution establish whether it has the set minimum requirement for procedures process and controls relating to Information Technology (Chenoweth, 2005). If organizations are compliant with InfoSec standards, the third parties such as suppliers, customers, and partners gain confidence in the organization regarding its ability to deliver to the specified standard (Chenoweth, 2005). This kind of trust gives one institution a competitive advantage over another institution that does not comply with set standards (Honan, 2017). In some instances, there are regulations which enforce specific rules, for example, an organization an organization which process credit is bound to comply with “PCI DSS Data Security Standard” (Honan, 2017). In such scenario, if organizations defy such compliances, then the authorities may impose fines, or be charged (Honan, 2017). Chenoweth (2005) also suggest that Credit Companies may boycott transacting business such noncompliant firms.
Board Composition and IT Governance
Since the Y2K threats, boards have become increasingly nervous with regards to corporate dependence on Information Technology (Nolan and McFarlan, 2018). Since then, computer crashes, service attack denials, pressure from competitors, and the demand to automate compliance according to set standards by the government have heightened the sensitivity of the board to IT risk. There is no doubt that IT investments take a large portion of the budget in banks, but it is also clear that given the direction of banking and the nature of products being advertised as well as the risk of losing these investments in the event of a cyber-attack, bank boards have no choice than to continue to commit expenditure to this area (Nolan and McFarlan, 2018). “Indeed, board members frequently lack the fundamental knowledge needed to ask intelligent questions about not only IT risk and expense but also competitive risk” (Nolan and McFarlan, 2018). “These risks leave the CIOs, who manage critical corporate information assets exposed to threats” (Nolan and McFarlan, 2018).
According to their article in Harvard Business Review, Nolan and McFarlan (2018) point that, so far, there is no body of knowledge which compares the IT governance and intuitional performance. Nolan and McFarlan (2018) also posit that “lack of board oversight for IT activities is dangerous and puts the firm at risk in the same way that failing to audit its books would.”
Smaller Institutions with this risk knowledge have established effective Information Technology Governance Committee within the board (Nolan and McFarlan, 2018). These provisions allow the firms to carve out competitive advantages (Nolan and McFarlan, 2018).
Other than malware attack and related security issues, for instance, organizations can be subjected to legal problems which are also costly (Nolan and McFarlan, 2018). In this instance, the board requires knowledge based on intellectual property trade issues which relate to information technology (Nolan and McFarlan, 2018). “The advent of the Linux operating system, for example, has been a boon to many companies; at the same time, making free use of the associated patented intellectual property has exposed them to legal risks” (Bader, 2007). In one scenario, SCO filed 3 billion dollars lawsuit against IBM. As per the case, SCO (software company groups) alleged that IBM incorporated intellectual property of SCO illegally in coding the Linux operating system’ base (Bader, 2007). Such Cases have made it authentic every organization must stay alert for plausible issues in avoiding the costly distractions related to IT intellectual property disputes. Bader (2007) concludes that boards must watch out for risks by bringing an appropriate expert in the committee who would keep the management team from being IT related distractions.
Affected Institutions due to lack IT Governance
Despite heavy investment recently by banks into CyberSecurity, there are instances when an information security defenses have been breached (Nolan and McFarlan, 2018). This section provides scenarios where institutions have suffered due to inadequate Information technology security systems.
South Korea Bank Hack of 2013
Unfortunately, according to Barry (2017), South Korea Bank has been a victim of “Dark Seoul” malware more than once. The attacker used this virus to penetrate institutional computers, crash ATMs and disrupted financial networks linked to this bank (Barry, 2017). The event brought to stand still for many days in the South Korean market.
Interestingly, the virus used was unsophisticated in some respects. According to Kitten, (2014), the malware lacked basic obfuscation techniques which would allow it to disappear from origin-based endpoint protection. However, this malware was startlingly effective to the users. The simplicity of malware used and consistency of the attack raises the question to the type of security system South Korean Bank employed. The study by Fuqiang (2013) exposed that South Korean Bank had an inadequate representation of Information security team on their board.
The JP Morgan Security Breach of 2014
This event is one of the most significant data breaches in history to have affected an American corporation’s IT system. According to Forbes, JP Morgan is the largest bank in the United States, the world’s sixth largest bank by total assets, with total assets of US$2.5 trillion, and the world’s second most valuable bank by market capitalization, after the Industrial and Commercial Bank of China (DeCarlo, 2012).
The case presents the most extensive breaches in history because it also affected over ten million individuals and more than seven million businesses (Nolan and McFarlan, 2018). According to Nolan and McFarlan (2018), JP Morgan Breach of 2014 affected a total of 83 million customers. A group of five hackers relied on “malware, social engineering, and spear-phishing attacks to “access email addresses, client contacts, and client information. The clientele information gathered was not from JP Morgan but also from other related businesses associated with JP Morgan. The pilfered of data obtained from this breach, two of the hackers set up a particular stock fraud scheme which garnered than 100 million Dollars before they were shut down (Nolan and McFarlan, 2018).
Other than its size, the JP Morgan breach is notable in different ways. Firstly, before the violation, the company spent 250 Dollars per annum on information security (Nolan and McFarlan, 2018). However, all of that spending was not justified to protect the business from the attack. The breach was plausible as a result of one server that had not been updated with two system authentication. The second interesting fact about the violation is the fact that JP Morgan is the only breach where the culprits had been apprehended (Nolan and McFarlan, 2018).
Effects of IT Governance on Company Performance
From the previous literature on “the impact of corporate governance structure on firm performance” (Brown and Caylor, 2006), this study projects a link between IT governance and the performance of an organization. As discussed in IT governance section, organizations with effective IT governance are likely to carve out competitive advantage regarding technological decisions (Allen, 2005). Information Technology governance makes up the integral part of corporate governance by implementing processes, relational mechanisms, and structures within the firm which allow individuals to execute their expectations in backing up Information Technology Business Value (Wilkin and Chenhall, 2010). According to Weill (2004), most organizations have information Technology governance. However, Institutions with efficient governance team have set of active Information Technology structural mechanisms such as committees, structures procedures and plans which are consistent in promoting actions in line with the firms’ strategies and values (Weill 2004).
Practical Information Technology governance set apart unique assets in the firm for IT use and at the same time ensures that the organization complies with the overall principles mission and vision (Brown and Caylor, 2006). In this regard, a firm with efficient Information Technology governance will ensure that its personnel has IT skills, IT processes, IT knowledge assets and experience. In this way, the organization has the competitive advantage to attain the superior performance of an institution (Wilkin and Chenhall, 2010).
Bassellier et al. (2003) suggested that sets of IT-related experiences possessed by executives help them to showcase Information Technology leadership in their operations. IT experiences to improve the knowledge and understanding of executives thereby increases the administration of such executives in IT related domains institution (Wilkin and Chenhall, 2010).
The Top Management Team with appropriate knowledge and experience in IT are most likely to up organization leadership regarding Information technology (Bassellier et al., 2003). In this regard, this study proposes that organizations whose leaders have Information Technology background are in the best position to initiate Information technology investment, and maintenances and strengthen organization structure that will help the firm achieve business values in Information Technology investment.
Return on IT Investments
This accounting notation refers to business performance measure used in evaluating the efficiency of a given investment (Wilkin and Chenhall, 2010). The perception can as well be relevant when an investor wants to compare the effectiveness of a given business amongst the alternative options available. Return on investment scales returns from one business with the cost incurred in the investment (Wilkin and Chenhall, 2010). The Return on Investment is a popular accounting consideration because the method is simple and versatile (Wilkin and Chenhall, 2010). The calculation is more straightforward to interpret; where a positive result shows the viability of the investment. Likewise, an adverse effect reflects on loss in the given investment (OECD, 2004).
ROI = (RETURNS – COST) /COST
When it comes calculating ROI from an investment in Information Technology, the return can only be calculated on comparison basis (Ashbacher, 2005). For security installation, the expenditure will be estimated comparing the risk the organization is likely to suffer from security breach against the cost of installing the security system (Ashbacher, 2005). Similarly where Information technology is used to replace human labor the return will be calculated against the cost of hiring human labor that the technology would replace across at least one year of operation (Ashbacher, 2005).
Given the above consideration, an organization would derive the benefits from investing in information technology also where risks are involved (Ashbacher, 2005). For risk associated with cyber threats; let’s take the case of JP Morgan breach of 2014. The company spent 250 Dollars per annum on information security (Nolan and McFarlan, 2018). The pilfered data obtained from this breach garnered more than 100 million Dollars before they were shut down (Nolan and McFarlan, 2018). Given that the minimum loss is 100 million dollars risk. A security system worth 1000 USD is justifiable if it covers the risk of losing more than 100 Million dollars in a financial year.
The traditional methods of calculating ROI require monetary values (Wilkin and Chenhall, 2010). However, problems surface when they are implemented in information systems (Ashbacher, 2005). IT creates intangible privileges such as improved services to the clients (Wilkin and Chenhall, 2010). Moreover, various levels of administrators and users understand the value of IT separately (Ashbacher, 2005).
The benefit of IT may also be realized through business hierarchy diagram as illustrated in the figure below (Wilkin and Chenhall, 2010).
As in the illustration, successful investments in Information Technology positively influence all the levels of business value regime (Wilkin and Chenhall, 2010). Less successful ventures are insufficient to impact the apex levels and only interfere with lower levels (Wilkin and Chenhall, 2010).
As the higher one contributes to measuring hierarchy, the further dilution is likely to occur from determinants (which include decisions on pricing and competitors) move. This dilution suggests that estimating the influence of an IT venture is less strenuous at the basis of this hierarchy than estimation at the top.
Financial Benefits
Returns for investing on IT projects ought to be on tangible benefits (Ashbacher, 2005). According to Ashbacher, (2005), financial benefits of IT investments are in five categories:
Fig 2.1 categories of financial benefits from Information technology
Revenue Enhancement
An investment enhances revenue if it provides new services which result in an increased sale (Ashbacher, 2005).
Cost Reduction
Investment in Information Technology may reduce the unnecessary cost that institution pay with technology (Ashbacher, 2005). For example, online meetings cut down cost meant for transport. Similarly, remote support cut now the cost of employing personnel to undertake on-site support. Ashbacher (2005), also suggest that technology which reduces transaction period will lower interest costs where receivables may incur fines relating to delays.
Cost Avoidance
An investment in Information Technology that reduces time spent on performing tasks increases productivity (Ashbacher, 2005).
Capital Reduction
Certain investments reduce costs that organization use for storage and servers (Ashbacher, 2005).
Capital Avoidance
• Investment in IT would sometimes cut down planned purchase on new data center (Ashbacher, 2005).
Resource Based View
The resource-based theory argues that firms develop and accumulate bundles of specific resources consisting of tangible and intangible resources (Derda, 2017). When the funds are applied appropriately, they are likely to generate returns which are above the average expectorations and create a competitive advantage for an organization (Peteraf, 1993). The resource-based perspective states that physical resources and human resource are firms’ sources of competitive advantage (Barney, 1991).
The executive, which represent top management team control all organizational resources. In one level or another, Top management is in charge of the firms’ resources which are likely to attract the investment on information technology security given the nature of such funds (Awa et al., 2011). These theories suggest a perspective on the executive team and their function in which installation of Information security system result from the value and nature of resources augmenting stock to enable a given firm to compete in the international market (Barney, 1991).
Knowledge-Based View
Knowledge is an essential dynamic capacity that any firm should consider with much importance (Awa et al., 2011). The rising turbulence in the market suggests that knowledge; mainly implied knowledge is the most critical strategic resource any firm could possess (Quinn, 1992). This kind of experience is challenging to transfer and necessary for transacting specific investment. Top management has an obligation of integrating and specifies the knowledge of all the individuals within the firm (Grant 1996). Education itself is not as important as knowledge integration within the firm (Awa et al., 2011).
Given the perception, knowledge-based theories perceive interdependence as the element of organization design and a subject to managerial choice (Hamel, 2000). Therefore the quality of decisions by the Top management team reflects collective in the knowledge of the team. In this regard Executive team only makes choices based on the subject of expertise. So if none of the executive team is knowledgeable on issues related to information Technology it unlikely that such team would make wise choices or even consider an investment on information technology (Awa et al., 2011). The board knowledge affects the decisions on investment (Hamel, 2000).
The knowledge of marketplace is a feature of the new economy which is characterized by advanced technology, globalization and consistent increasing emphasis on intangible assets (Sullivan, 2000; Neef, 1999; Pfeffer and Sutton, 1999). Strategy scholars and management researchers suggested that the current marketplace is knowledge-based. Furthermore, such knowledge and the competencies built on the executive could be the prime factor in determining the organization’s value in the present and the future (Thurow, 1999; Hamel, 2000).
Upper Echelon Theory
According to Hambrick and Mason (1984), Upper echelons theory states that the executive arm of the organization and their characteristics affect the decisions of the firm. Researchers argue that many are the methods of determining the operations of the Executive team in organizations (Pegels and Yang, 2000). Such methods include behavior and the composition of the Top Management Team (Pegels and Yang, 2000). The theory presents an argument that top management team which is the executive team is the most important in any organization (Ireland and Hitt, 1999).The senior management team could be as low as of three to ten individuals, yet it is the apex of the organization which provides leadership (Finkelstein and Hambrick, 1996). According to Syarifah et al., (2017), successful firms derive their achievements to the executives who develop strategies and direct all the resources which combine all the assets of the firm.
Conceptual Framework
From the literature review, effective and essential corporate governance is vital in all institutions. Primarily, this study examines issues relating to Board Composition and Information Security. This study also examines the relationship between board composition and IT investments, and the subsequent relationship between IT investments and bank performance and finally how IT governance structures would influence the relationship between board composition and IT investments.
-437322166977Board Composition
Experience/Role
Team Homogeneity
Gender
Education
Investment in Information Security
Information Technology Governance
Structures
Processes
Bank Performance
0Board Composition
Experience/Role
Team Homogeneity
Gender
Education
Investment in Information Security
Information Technology Governance
Structures
Processes
Bank Performance
Independent variable
Board composition
The composition of the board relates to issues of regarding board independence, and the diversity of the board members. Such factors include; Experience and role of a Board member, the Homogeneity of the Team, Gender composition of the board and academic qualifications of the board members. An efficient firm requires a structure of the Executive team that makes it decisions based on objectives views (Blackwell, 2002). A board consist of directors who have diverse sets of functional expertise, industrial experience; academic qualifications, ethnic composition, and gender are likely to be equipped with various methods of dealing with problems affecting the firm (Goodstein et al., 1994). Such board composition help in advising the executive from multiple perspectives which reduces bias in decision making (Blackwell 2002).
Control Variables
Information Technology Governance (ITG)
Information Technology governance refers to current and formal frameworks which provide structures to make sure that Investment in Information technology is in line with the objectives of an institution (Pereira and da Silva, 2012). The variable trickles down to IT structures and processes. This factor is the control variable that will determine the Behaviour of our Independent variable which also affects the outcome of Dependent variables. The likelihood of the success of Information Technology governance depends on certain principles. For example, the executive support is imperative to the success of IT governance. Ideally, any service management implementation without the help or guidance of an Executive level leadership is less likely to be successful (Allen 2005). The variable will be measured according to InfoSec standards to authenticate the minimum requirement in the organization and the level of knowledge represented by the executive team.
Dependent Variables
Investment in Information Security
Investment in IT relates to amount set aside by an organization to safeguard the organization systems from cyber threats and related issues (Pereira and da Silva, 2012). This variable will also be being measured according to InfoSec standards and principles. The Suspicion at work is that when the executive team consists of members who have the related academic background and information technology, experienced in matters relating to information technology, then the organization will employ high standards of security.
b) Bank Performance
The performance of the bank will be measured regarding profitability customer confidence in the bank efficiency of delivering services to its clients. The suspicion at work is that if banks invest on the high level of technology, it will thrive financially and grow regarding size, assets, and customer.
References
Allen, J. H. (2005). Governing for Enterprise Security (GES), Implementation Guide: Characteristics of Effective Security Governance1. USA: Carnegie Mellon University. 5-7
Ashbacher, C. (2005). Return on Software: Maximizing the Return on Your Software Investment. The Journal of Object Technology, 4(4), p.191.
Awa, H. O., Eze, S. C., Urieto, J. E., & Inyang, B. J. (2011). Upper echelon theory (UET): A major determinant of information technology (IT) adoption by SMEs in Nigeria. Journal of Systems and Information Technology, (2). 144.
Bader, M. (2007). Managing intellectual property in a collaborative environment: learning from IBM. International Journal of Intellectual Property Management, 1(3), p.206.
Barney, J. B. 1991. “Firm Resources and Sustained Competitive Advantage,” Journal of Management (17:1), pp. 99-120.
Barry, M. (2017). The Omni-Channel Effect: How Retail, Distribution, and Manufacturing Are Evolving – Aberdeen Essentials. [online] Aberdeen Essentials. Available at: http://www.aberdeenessentials.com/opspro-essentials/the-omni-channel-effect-how-retail-distribution-and-manufacturing-are-evolving/ [Accessed 7 Mar. 2018].
Barth, B. and Olenick, D. (2017). Cyber threats. [Online] Scmagazine.com. Available at: https://www.scmagazine.com/cyberthreats/topic/47239/ [Accessed 8 Mar. 2018].
Bassellier, G., Benbasat, I., and Reich, B. H. ( 2003). “The Influence of Business Managers’ IT CompetenceonCompetence on Championing IT,” Information Systems Research (14:4), December, pp. 317-336.
Blackwell, W. (2002). Corporate Governance Update. Corporate Governance, 10(3), pp.249-252.
Brisebois, R., Boyd, G., & Shadid, Z. (2007). What is IT Governance and why is it important for the IS auditor. The INTOSAI IT Journal, (25), 30–35.
Brown, L. D., and Caylor, M. L. (2006). “Corporate Governance and Firm Valuation,” Journal of Accounting and Public Policy (25), pp. 403-434.
Chenoweth, J. (2005). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Journal of Information Privacy and Security, 1(1), pp.43-44.
DeCarlo, S. (2012). The World’s Biggest Companies. Retrieved December 26, 2017, from https://www.forbes.com/sites/scottdecarlo/2012/04/18/the-worlds-biggest companies/#79454bb01486
Derda, D. (2017). International Experience in Upper Echelon Theory: Literature Review. Business Systems Research, Vol 8, Iss 2, Pp 126-142 (2017), (2), 126. doi:10.1515/bsrj-2017-0021
Evans Jr., L. L. (2015). Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information. GAO Reports, i-67.
Fama, E.F. & Jensen, M.C. (1983). Separation of ownership and control. Journal of Law andEconomics, 26(2), 301-325.
Finkelstein, S. and Hambrick, D. 1996. Strategic Leadership: Top Executive and Their Effects on Organizations. Minneapolis/St. Paul: West Pub. Co.
Fuqiang, G. (2013). Perspectives on the Relationship between IT Investment and Economic Performance. IschannelIs channel, 8(1), 12.
Goodstein, J., Gautam, K., & Boeker, W. (1994). The effects of board size and diversity on strategic change. Strategic Management Journal, 15(3) 241-250.
Grant, R. M. 1996. Toward a knowledge-based theory of the organization. StrategicManagement Journal, 17 (Winter Special Issue), 108-122.
Hambrick, D. C. & Mason, P. A. 1984. Upper echelons: the organization as a reflection of its top managers. Academy of Management Review, 92: 193-206.
Hamel, G. 2000. Reinvent your company. Fortune; Jun 12, 2000; 141(12): pg. 98-110.
Honan, B. (2017). An Overview of Information Security Standards – BH Consulting. [online] BH Consulting. Available at: http://bhconsulting.ie/an-overview-of-information-security-standards/ [Accessed 8 Mar. 2018].
Icaew.org. (2017). What is corporate governance? [online] Available at: https://www.icaew.com/technical/corporate-governance/overview/does-corporate-governance-matter [Accessed 5 Mar. 2018].
Ireland, R. D. and Hitt, M. A. 1999. Achieving and maintaining strategic competitiveness in the 21st century: The role of strategic leadership The Academy of ManagementExecutive;13(1):43-57.
Moore, S. (2017). Business Impact of Security Incidents and Evolving Regulations Driving Market Growth. [online] Gartner.com. Available at: https://www.gartner.com/newsroom/id/3784965 [Accessed 8 Mar. 2018].
Neef, D. 1999. Making the case for knowledge management: the bigger picture. Management Decision. 37(1): 72-85.
Nolan, R. and McFarlan, W. (2018). Information Technology and the Board of Directors. [online] Harvard Business Review. Available at: https://hbr.org/2005/10/information-technology-and-the-board-of-directors [Accessed 5 Mar. 2018].
Organization for Economic Cooperation & Development (2004). Principles of CorporateGovernance. France: OECD Publications Service.
Pegels, CC. Yang, B. 2000. Top management team impact on strategic assets accumulation capabilities. Management Decision. 38(10): 694-708.
Pereira, R., & da Silva, M. M. (2012). Designing a new integrated IT Governance and IT Management framework based on both scientific and practitioner viewpoint. International Journal Of Enterprise Information Systems, (4), 1
Peteraf, M. A. 1993. The Cornerstones of Competitive Advantage: A Resource based views, Strategic Management Journal, 14: 179-191.
Pfeffer, J. and Sutton, R. I. 1999. Knowing “what” to do is not enough: Turning knowledge into action California Management Review. 42: PP. 83-108.
Quinn, J. B. 1992. The Intelligent Enterprise a New Paradigm. The Executive, 6(4): 48- 64.
Rastogi, R & Von Solms, R. (2006). Information Security Governance a Redefinition. IFIP International Federation for Information Processing, Volume 193/2006, Springer Boston.
Sullivan, D. P. 2000. Cultural cognition in international business research. Management International Review, 40(3): pp. 269-298.
Syarifah Saffa’ Najwa Tuan, B., Mazurina Mohd, A., & Erlane K, G. (2017). Examining upper echelons managers’ characteristics on financial restatements. Journal Of International Studies, Vol 10, Iss 4 (2017), (4), doi:10.14254/2071-8330.2017/10-4/14
Thurow, L. C. 1999. The future of capitalism : how today’s economic forces shapetomorrow’s world 1st ed. New York : W. Morrow.
Weill, P. 2004. “Don’t Just Lead, Govern: How Top-Performing Firms Govern IT,” MIS Quarterly Executive (3:1), pp. 1-17.
Wilkin, C. L., and Chenhall, R. H. ( 2010). “A Review of IT Governance: A Taxonomy to Inform Accounting Information Systems,” Journal of Information Systems (24:2), Fall, pp. 107-146.
Subscribe and get the full version of the document name
Use our writing tools and essay examples to get your paper started AND finished.