In the digital age, the protection of information resources is critical to the viability of organizations. Information Security Management (ISM) is a protective function that preserves the confidentiality, integrity and availability of information resources in organizations operating in a complex and evolving security threat landscape. This paper analyses ISM research themes, methods, and theories in high quality IS journals over a period of 30 years (up to the end of 2017). Although our review found that less than 1 percent of papers to be in the area of ISM, there has been a dramatic increase in the number of ISM publications as well as new emerging themes in the past decade. Further, past trends towards subjective-argumentative papers have reversed in favour of empirically validated research. Our analysis of research methods and approaches found ISM studies to be dominated by one-time surveys rather than case studies and action research. The findings suggest that although ISM research has improved its empirical backing over the years, it remains relatively disengaged from organisational practice.
翻译:在数字时代,保护信息资源对各组织的生存能力至关重要;信息安全管理(ISM)是一项保护性职能,在复杂和不断变化的安全威胁环境中运作的组织中维护信息资源的保密性、完整性和可用性;本文件分析了30年来(至2017年底)高品质IS期刊中的ISM研究主题、方法和理论;虽然我们的审查发现,在ISM领域,不到1%的文件在ISM领域,但在过去十年里,ISM出版物的数量和新出现的主题急剧增加;此外,过去对主观论论论文的趋势已出现逆转,倾向于经经验验证的研究;我们对研究方法和办法的分析发现,ISM研究以一次性调查而不是案例研究和行动研究为主;研究结果表明,尽管ISM研究多年来改进了经验支持,但它仍然相对脱离了组织做法。