Dying of a hundred good symptoms: why good security can still fail - a literature review and analysis
View/ Open
Volume
15
Pagination
448 - 473
Publisher
DOI
10.1080/17517575.2019.1605000
Journal
Enterprise Information Systems
Issue
ISSN
1751-7575
Metadata
Show full item recordAbstract
Many organizations suffer serious information security incidents, despite having taken positive steps towards achieving good security standards. The authors hypothesize that these issues are often as a result of security arrangements not being sufficiently integrated with businesses. We believe that adopting an enterprise architecture (EA) approach to implementing information security – commonly referred to as an ‘Enterprise Information Security Architecture’ (EISA) – will deliver substantial benefits. Our paper has reviewed and analyzed literature concerning the root causes of information security incidents and describes a novel approach with 8 domains for ensuring critical factors are considered when building an EISA framework.