An Information Security Governance Framework

  • Veiga A
  • Eloff J
  • 230


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.


Information security culture develops in an organization due to certain actions taken by the organization. Management implements information security components, such as policies and technical security measures with which employees interact and that they include in their working procedures. Employees develop certain perceptions and exhibit behavior, such as the reporting of security incidents or sharing of passwords, which could either contribute or be a threat to the securing of information assets. To inculcate an acceptable level of information security culture, the organization must govern information security effectively by implementing all the required information security components. This article evaluates four approaches towards information security governance frameworks in order to arrive at a complete list of information security components. The information security components are used to compile a new comprehensive Information security Governance framework. The proposed governance framework can be used by organizations to ensure they are governing information security from a holistic perspective, thereby minimising risk and cultivating an acceptable level of information security culture. [PUBLICATION ABSTRACT]

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Get full text


  • A. Da Veiga

  • J. H. P. Eloff

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free