What do we need to know about the Chief Information Security Officer? A literature review and research agenda

被引:1
作者
Sahin, Zeynep [1 ]
Vance, Anthony [1 ]
机构
[1] Virginia Tech, Pamplin Coll Business, Dept Business Informat Technol, Pamplin Hall 880W Campus Dr Suite, Blacksburg, VA 24061 USA
来源
COMPUTERS & SECURITY | 2025年 / 148卷
关键词
Chief information security officer (CISO); Board of directors; Executives; Cybersecurity governance; Literature review; Research agenda; UPPER ECHELONS; SYSTEMS; MANAGEMENT; WORK; ORGANIZATION; ANTECEDENTS; LEGITIMACY; CHALLENGES; LEADERSHIP; IMPACT;
D O I
10.1016/j.cose.2024.104063
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Since its establishment in the 1990s, the role of chief information security officer (CISO) has become critical to organizations in managing cybersecurity risks. However, despite widespread recognition of the importance of this role in industry, research about CISOs and the problems they face in protecting organizations is nascent. We review the academic and practitioner literature on CISOs to identify existing themes and highlight a range of challenges related to CISOs in which further research is needed, such as establishing legitimacy within C-suite executive teams, appropriate accountability for cybersecurity incidents, CISO turnover, and promoting security in the face of human factors, business realities, and budget constraints. We also propose a research agenda to address these challenges using potential theoretical lenses. In these ways, this study lays the groundwork for future research on CISOs and their essential role in ensuring the cybersecurity of organizations.
引用
收藏
页数:19
相关论文
共 50 条
[31]   What do we know about the selection of action research methodologies in primary science education? - A systematic literature review [J].
Kamarudin, Muhammad Zulfadhli ;
Mat Noor, Mohd Syafiq Aiman .
EDUCATIONAL ACTION RESEARCH, 2024, 32 (05) :825-847
[32]   WHAT DO WE KNOW ABOUT FLOSS DEVELOPERS' ATTRACTION, RETENTION, AND COMMITMENT? A LITERATURE REVIEW [J].
Schilling, Andreas .
2014 47TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS), 2014, :4003-4012
[33]   What do we know about startup-valuation drivers? A systematic literature review [J].
Berre, Max ;
Le Pendeven, Benjamin .
VENTURE CAPITAL, 2023, 25 (04) :385-429
[34]   What Do We Know About Teamwork in Chinese Hospitals? A Systematic Review [J].
Wang, Hujie ;
Buljac-Samardzic, Martina ;
Wang, Wenxing ;
van Wijngaarden, Jeroen ;
Yuan, Shasha ;
van de Klundert, Joris .
FRONTIERS IN PUBLIC HEALTH, 2021, 9
[35]   Revisiting Shadow IT research: What we already know, what we still need to know, and how do we get there? [J].
Magunduni, Joshua ;
Chigona, Wallace .
2018 CONFERENCE ON INFORMATION COMMUNICATIONS TECHNOLOGY AND SOCIETY (ICTAS), 2018,
[36]   Consumer ethnocentrism: What we learned and what we need to know? - A systematic literature review [J].
Baber, Ruturaj ;
Sankpal, Shilpa ;
Baber, Prerana ;
Gulati, Chanda .
COGENT BUSINESS & MANAGEMENT, 2024, 11 (01)
[37]   What do we need to know about sexology in our urologic practice? [J].
Hedon, F. ;
Cour, F. .
PROGRES EN UROLOGIE, 2013, 23 (09) :822-831
[38]   Retailing in times of soaring inflation: What we know, what we don't know, and a research agenda [J].
Dekimpe, Marnik G. ;
Heerde, Harald J. van .
JOURNAL OF RETAILING, 2023, 99 (03) :322-336
[39]   What do we know about business and economics research during COVID-19: a bibliometric review [J].
Alshater, Muneer M. ;
Atayah, Osama F. ;
Khan, Ashraf .
ECONOMIC RESEARCH-EKONOMSKA ISTRAZIVANJA, 2022, 35 (01) :1884-1912
[40]   What Do We Know About Giving Bad News? A Review [J].
Harrison, Mark Eldon ;
Walling, Anne .
CLINICAL PEDIATRICS, 2010, 49 (07) :619-626
12345