Critical success factors analysis on effective information security management: A literature review

Information security has been a crucial strategic issue in organizational management. Information security management is a systematic process of effectively coping with information security threats and risks in an organization. With the pressure of high implementation and maintenance cost, organizations need to distinguish between controls they need and those that are less critical. Applying critical success factors approach, this study proposes a theoretical model to investigate main factors that contribute to successful information security management. By reviewing the information security standards and literature in IS field, six critical success factors are identified and the relationship among these factors are proposed. The results reveal that with business alignment, organizational support, IT competences, and organizational awareness of security risks and controls, information security controls can be effectively developed, resulting in success of information security management.