A Conceptual Hybrid Approach for Information Security Governance

Despite the technological advancements in information system security (ISS) and the availability of relevant IT frameworks, standards, and mechanisms of control and security, statistical trends in data breach reveals a growing threat to organization's security system. This is mainly due to the independent and separate use of these approaches. To address this, a vision of governance based on an integrated and holistic ISS perspective required. The research findings lead to design a new integrated model of ISS-GOV, including three essential dimensions: IT governance (IT-GOV), IT security management (ITSecM) and IT service management (ITSM). To this end, we are going to use approaches proven successful for these 3 disciplines around the world, most notably ITIL, COBIT and ISO27001, as well as ensuring continuous improvement through the quality approach of PDCA.