Information security governance in the electricity industry
Keywords:Information security, Electricity, IS governance
Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry.
Design/methodology/approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis.
Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable.
Limitations of the investigation: The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known.
Practical implications: To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company’s reliability in power supply.
Originality/value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.
How to Cite
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors must have a written permission from any third-party materials used in the article, such as figures and graphics. The permission must explicitly allow authors to use the materials. The permission should be submitted with the article, as a supplementary file.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after BJO&PM publishes it (See The Effect of Open Access).