What do we need to know about the Chief Information Security Officer? A literature review and research agenda

被引：1

作者：

Sahin, Zeynep ^{[1
]}

Vance, Anthony ^{[1
]}

机构：

[1] Virginia Tech, Pamplin Coll Business, Dept Business Informat Technol, Pamplin Hall 880W Campus Dr Suite, Blacksburg, VA 24061 USA

来源：

COMPUTERS & SECURITY | 2025年 / 148卷

关键词：

Chief information security officer (CISO); Board of directors; Executives; Cybersecurity governance; Literature review; Research agenda; UPPER ECHELONS; SYSTEMS; MANAGEMENT; WORK; ORGANIZATION; ANTECEDENTS; LEGITIMACY; CHALLENGES; LEADERSHIP; IMPACT;

D O I：

10.1016/j.cose.2024.104063

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Since its establishment in the 1990s, the role of chief information security officer (CISO) has become critical to organizations in managing cybersecurity risks. However, despite widespread recognition of the importance of this role in industry, research about CISOs and the problems they face in protecting organizations is nascent. We review the academic and practitioner literature on CISOs to identify existing themes and highlight a range of challenges related to CISOs in which further research is needed, such as establishing legitimacy within C-suite executive teams, appropriate accountability for cybersecurity incidents, CISO turnover, and promoting security in the face of human factors, business realities, and budget constraints. We also propose a research agenda to address these challenges using potential theoretical lenses. In these ways, this study lays the groundwork for future research on CISOs and their essential role in ensuring the cybersecurity of organizations.

引用

页数：19

共 50 条

[11] What do we know about the needs and challenges of health systems? A scoping review of the international literature [J].

Roncarolo, Federico ;

Boivin, Antoine ;

Denis, Jean-Louis ;

Hebert, Rejean ;

Lehoux, Pascale .

BMC HEALTH SERVICES RESEARCH, 2017, 17

[12] What do we know about the internationalization of Asian business groups? A systematic review and future research agenda [J].

Lee, Jeoung Yul ;

Colpan, Asli M. ;

Ryu, Yeon-Sik ;

Sekiguchi, Tomoki .

ASIAN BUSINESS & MANAGEMENT, 2022, 21 (05) :802-830

[13] Management matters: what do we need to know about the motivation and job satisfaction of humanitarian logisticians? [J].

Abikova, Jana .

JOURNAL OF HUMANITARIAN LOGISTICS AND SUPPLY CHAIN MANAGEMENT, 2025, 15 (03) :238-255

[14] What do we know and what should we research about employer brand? A bibliometric analysis [J].

Cam-Tu Tran ;

Collin-Lachaud, Isabelle ;

Hiep Hung Pham .

PERSONNEL REVIEW, 2024, 53 (07) :1612-1631

[15] What We Know and What We Need to Know about Peer Platforms - Airbnb and Uber Completed Research [J].

Sadhya, Harshali ;

Sadhya, Vikram .

AMCIS 2018 PROCEEDINGS, 2018,

[16] What Do You Need to Know? A Systematic Review and Research Agenda on Neuromarketing Discipline [J].

Singh, Prakash ;

Alhassan, Ibrahim ;

Khoshaim, Lama .

JOURNAL OF THEORETICAL AND APPLIED ELECTRONIC COMMERCE RESEARCH, 2023, 18 (04) :2007-2032

[17] What do we know about KIBS? Results of a systematic literature review [J].

Scarso, Enrico .

IFKAD 2015: 10TH INTERNATIONAL FORUM ON KNOWLEDGE ASSET DYNAMICS: CULTURE, INNOVATION AND ENTREPRENEURSHIP: CONNECTING THE KNOWLEDGE DOTS, 2015, :1159-1172

[18] What do we know about information security governance? "From the basement to the boardroom": towards digital security governance [J].

Schinagl, Stef ;

Shahim, Abbas .

INFORMATION AND COMPUTER SECURITY, 2020, 28 (02) :261-292

[19] What do we know about university academics' mental health? A systematic literature review [J].

Urbina-Garcia, Angel .

STRESS AND HEALTH, 2020, 36 (05) :563-585

[20] What We Know and Don't Know About Corporate Social Responsibility: A Review and Research Agenda [J].

Aguinis, Herman ;

Glavas, Ante .

JOURNAL OF MANAGEMENT, 2012, 38 (04) :932-968

← 1 2 3 4 5 →