Abstract:

Information security is no longer an add-on function to an information systems department role, but rather a responsibility for all personnel in an enterprise, particularly in the information-rich industries. This paper acknowledges the robustness of the knowledge base about information security technologies and practices, and proposes the elevation of the importance of strategic thinking about enterprise information security to all members of an organisation, but particularly to the senior and executive management personnel. It describes the major issues and discusses the factors that appear to make information security strategies less effective than they should be. An added benefit is that demonstrating the ability to be a driver for governance and organisational cultural change may be a tool for IT professionals to break into the executive ranks of enterprise management from a non-traditional background.