Abstract:

The ongoing reports of information security breaches and the size of global losses annually indicate that too little focus is being given to enterprise information security by businesses both small and large around the world. In this paper a renewed emphasis on approaches to improve enterprise information security performance and governance is discussed and suggested strategies for growth in these areas are highlighted. The importance of both technology-related models and business-oriented models being aligned, the need for enterprises to embrace the principles of systems thinking, and the requirement to view enterprise governance in a holistic manner is emphasised.