Peer-reviewed articles from leading conferences and journals

Open access articles that help educate and inform directors, executives and managers on concepts and theories relating to information security strategy.

Horne, C.A., Maynard, S.B., and Ahmad, A. 2017. "Organisational Information Security Strategy: Review, Discussion and Future Research," Australasian Journal of Information Systems (21).

Abstract: Dependence on information, including for some of the world's largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences indicate that attacks are escalating on organisations conducting these information-based activities. Organisations need to formulate strategy to secure their information, however gaps exist in knowledge. Through a thematic review of academic security literature, (1) we analyse the antecedent conditions that motivate the adoption of a comprehensive information security strategy, (2) the conceptual elements of strategy and (3) the benefits that are enjoyed post-adoption. Our contributions include a definition of information security strategy that moves from an internally-focussed protection of information towards a strategic view that considers the organisation, its resources and capabilities, and its external environment. Our findings are then used to suggest future research directions.

Horne, C.A., Ahmad, A., and Maynard, S.B. 2016. "A Theory on Information Security," The 27th Australasian Conference on Information Systems, Wollongong, Australia.

Abstract: This paper proposes a theory on information security. We argue that information security is imperfectly understood and aim to bring about an altered understanding of why efforts are made to engage in information security. The goal of information security is widely recognised as the confidentiality, integrity and availability of information however we argue that the goal is actually to simply create resources. This paper responds to calls for more theory in information systems, places the discussion in philosophical context and compares various definitions. It then identifies the key concepts of information security, describes the relationships between these concepts, as well as scope and causal explanations. The paper provides the theoretical base for understanding why information is protected, in addition to theoretical and practical implications and suggestions for future research.