An Empirical Examination of the Relationship Between Information Security/Business Strategic Alignment and Information Security Governance Domain Areas

Abstract

The purpose of this study was to examine empirically the extent of the relationships between information security governance (ISG) strategic alignment and other individual information security domain areas consisting of risk management, value delivery, performance measurement, and resource management in order to ascertain whether the domain areas were integrated for ISG success in Ghanaian organizations. Corporate governance theories, including agency theory, stakeholder theory, and organizational theory, were employed to explore the literature. These theories were mapped to strategic alignment, risk management, resource management, performance measurement, and value delivery domains of information security governance. Random sampling strategy was used and data were collected via web survey. The data analysis employed a linear regression analysis to determine the degree of correlation among the domain areas. The study found that relationships between information security governance strategic alignment and other ISG domains were positively statistically significant. Strategic alignment was related to risk management (R² = .836); to value delivery (R² = .718), to performance measurement (R² = .722), and to resource management (R² = .747). The results highlighted consistent importance of strategic alignment practices as a predictor of organizational information security risk management, performance measurement, resource management, and value delivery. This implies that effective information security governance strategic alignment greatly improves organizations’ risk management, resource management, performance measurement, and delivers business value. Therefore, organizations should improve strategic alignment attributes in order to attain effective information security governance.