Information Security Governance

Despite the existence of referential and standards of security governance, the research literature remains limited regarding the practices of organizations and, on the other hand, the lack of a strategy and practical model to follow in adopting an effective information security governance (ISG). This study explores the engagement processes and the practices of organizations involved in a strategy of ISG. The statistical and econometric analysis of data from a survey of 1,000 participants (with a participation rate of (83.67%)) from large and medium companies belonging to various industries such as retail/wholesale, banking, services, telecom, private, and governmental organizations provides a record of current practices in information security governance. The findings allowed us to propose a practical framework to evaluate the ISG in organizations