Most of the time, IT and IS security governance practices fail because of poor decision making on and between the different levels of the organization. Research shows that formal structures within the governance of IT and IS do not explicitly support and address the necessity of good decision making. Often, a decision is a result that just happened because the process of decision making was not properly substantiated.
Decision making is an important topic within governance practices. Our recent Journal article describes how knowledge concerning information security can be shared in an effective way and how this knowledge can facilitate the decision-making process. We have performed multiple sessions with the use of group support system (GSS) software technology to facilitate groups in making adequate decisions. Most of the time, these group meetings are held under a time constraint and require a thorough analysis, proper interpretation and a swift decision.
GSS is an effective and pleasant way to gain mutual insight into the appropriate level of knowledge to do this analysis. GSS creates an atmosphere to have a joint interpretation on the data and collectively reach a decision. The structured way of working and documenting every step increases the transparency of the meeting. Therefore, the results gain trust in the information security and auditing communities.
We have used GSS not only in our practitioner environment, but also in our scientific research regarding the domains of safety and security. Like many other researchers , we have been making use of GSS to collect data in the field. The feedback that we got from participants was encouraging: decision making is an important topic to make IT governance practices succeed. Our recent Journal article can help make your information security toolkit more successful.
Read Yuri Bobbert and Hans Mulder’s recent Journal article:
“Boardroom Dynamics: Group Support for the Board’s Involvement in a Smart Security Decision-making Process,” ISACA Journal, volume 5, 2016.