CEC Theses and Dissertations

Date of Award

2015

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Information Systems (DISS)

Department

Graduate School of Computer and Information Sciences

Advisor

Gurvirender P. Tejay

Committee Member

Steven R. Terrell

Committee Member

Barry McIntosh

Abstract

A fundamental understanding of the complexities comprising an information security strategy (ISS) in an organization is lacking. Most ISS implementations in government organizations equate anti-virus or installing a firewall to that of an ISS. While use of hardware and software forms a good defense; neither comprises the essence of an ISS. The ISS best integrates with business and information system strategies from the start, forming and shaping the direction of overall strategy synergistically within large government organizations. The researcher used grounded theory and investigated what a large government organization’s choices were with the differing roles an information security professional (ISP) chooses to operate with and to develop an information security program. Analysis of the data collected from interviewing 32 chief information security officers (CISOs) revealed how CISOs viewed their programs, aligned their goals in the organization, and selected role(s) to execute strategy. Use of grounded theory coding practices of the interviews showed a deficit in complexities of an ISS and a lack of an ISS in the majority of organizations. The participants came from multiple organizations in the National Capital Region on the east coast of the United States. This study advances the body of knowledge in a qualitative understanding of actions taken by CISOs to select a direction towards ISS implementation, role selection, and development of information security programs. It provides a theory for further testing of strategy development and role maturity.

Share

COinS