Stakeholder oriented information security reporting

Abstract

Organizations have to meet most different enterprise-specific stakeholders', business, standard, legal and regulatory information security requirements. They are faced with a wide range of potential security threats and socio-organizational challenges. To invest all security efforts effectively the collaborators and partners of the whole value chain must be aware how they contribute to achieve common objectives and compliance. This is scarcely supported by fragmented approaches. To bridge the gaps we analyze accordingly to a design-science approach the different requirements and present a coherent and systematic stakeholder oriented information security reporting model. The comprehensive, systemic and structured reporting approach demonstrates the value of information security and sustains informed decision making to invest security efforts pro-actively, effectively and efficiently. The stakeholder oriented focus on security reporting offer new impacts for practice and a wide range of most different research questions. © 2013 Springer Science+Business Media.