A model of component interaction between Formal, Technical and Informal components within IS/IT security governance

In most countries, corporate statutes and rules (mandatory or voluntary) about powers and responsibilities in corporations (corporate governance) place responsibility on the Board of Directors acting as a Board. However, these documents do not provide much guidance about recognizing potential problems or about preventative measures. Even so, it is apparent that knowingly tolerating dishonesty or incompetence within the corporation is likely to be regarded as negligence. Most organizations today pay little attention to the inter-relationship between the Formal component, Technical component and Informal component. The Board and senior management of organizations tend to focus more on narrow aspects such as IS/IT management rather than on a comprehensive view. Deficiencies in any of these three components may result in unbalanced IS/IT security implementation. The objective of this study is to integrate the three components simultaneously throughout the IS/IT security implementation. The model of IS/IT security governance is a comprehensive conceptual framework because it emphasizes the two-way relationship between each of the components. In this study, a triangulated approach is adopted, data were collected in three phases, phase 1 is a website analysis, phase 2 is an interview and phase 3 is a mail survey. The interactions of three components, formal, technical and informal are significant in the IS/IT security governance model.