Search results

This paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.

An empirical survey, using a self‐administered questionnaire, is conducted to explore and evaluate the current status and the main features of ISG in the Saudi environment. The questionnaire is developed based on ISG guidelines for boards of directors and executive management issued by the Information Technology (IT) Governance Institute and other related materials available in the literature. A total of 167 valid questionnaires are collected and processed using the Statistical Package for Social Sciences, version 16.

The results of the study reveal that although the majority of Saudi organizations recognize the importance of ISG as an integrant factor for the success of IT and corporate governance, most of them have no clear information security strategies or written information security policy statements. The majority of Saudi organizations have no disaster recovery plans to deal with information security incidents and emergencies; information security roles and responsibilities are not clearly defined and communicated. The results also show that alignment between ISG and the organization's overall business strategy is relatively poor and not adequately implemented. The results also show that risk assessment procedures are not adequately and effectively implemented, ISG is not a regular item in the board's agenda, and there are no properly functioning ISG processes or performance‐measuring systems in the majority of Saudi organizations. Accordingly, appropriate actions should be taken to improve implementing and measuring the ISG performance in Saudi organizations.

From a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The results of the paper enable them to better understand and evaluate ISG and to champion IT development for business success in Saudi organizations.

Modern day business is beset with changing operating paradigms. Economies with efficient economic policies and stable political systems are a big draw among the investors. Countries that have opened themselves to world markets and that have good legal systems in place, providing protection to investors have attracted more capital in the process of globalization. As the demand for capital is growing in both the developed and the developing economies, the need to establish good governance practices has gained momentum. Governance practices however, are not uniform across nations. This diversity may be particularly because of the different legal structures and cultural settings adopted by different nations. This paper tries to explore the arguments on convergence and divergence of corporate best practices, keeping in view the various governance models currently in practice. Explaining the rationale behind the emergence of corporate governance as a movement, this paper attempts at discussing the various prevalent systems of governance. In the end an attempt is made to address the challenges to corporate governance in the context of globalization of best practices. Given the cultural settings of different nations it is argued that it would never be possible for corporate laws to converge universally. New models of corporate governance are likely to emerge given the large‐scale experimentation done by transition economies.

The aim of this study is to advance research on the position of the CISO by investigating the role that CISOs play before and after an IT security breach. There is a dearth of academic research literature on the role of a chief information security officer (CISO) in the management of Information Technology (IT) security. The limited research literature exists despite the increasing number and complexity of IT security breaches that lead to significant erosions in business value.

The study makes use of content analysis and agency theory to explore a sample of US firms that experienced IT security breaches between 2009 and 2015 and how these firms reacted to the IT security breaches.

The results indicate that following the IT security breaches, a number of the impacted firms adopted a reactive plan that entailed a re-organization of the existing IT security strategy and the hiring of a CISO. Also, there is no consensus on the CISO reporting structure since most of the firms that hired a CISO for the first time had the CISO report either to the Chief Executive Officer or Chief Information Officer.

The findings will inform researchers, IT educators and industry practitioners on the roles of CISOs as well as advance research on how to mitigate IT security vulnerabilities.

The need for research that advances an understanding of how to effectively manage the security of IT resources is timely and is driven by the growing frequency and sophistication of the IT security breaches as well as the significant direct and indirect costs incurred by both the affected firms and their stakeholders.

The purpose of this paper is to apply Faff’s (2015) pitch template to a regulatory financial accounting research topic. The author describes her personal reflections on completing the pitch template for this project by investigating corporate boards, monitoring and securities class actions (SCAs) in Australia. The author builds on prior research in this area (Chapple et al., 2014). This study is set within prior literature examining capital markets, corporate governance, continuous disclosure regime and regulatory changes. The market reaction to corporate board changes pre- and post-SCAs is the focus of the examination within the pitch template. The pitch letter contributes to prior literature, as it demonstrates a team with established researchers using the pitch template, while prior papers have documented PhD student usage of the pitch template.

The author uses the Faff (2015) pitch template to focus the research team’s ideas into a concisely focused research idea. An earlier version of this pitch was presented at the Centre for International Finance and Regulation Pitching Research Symposium on 29 May 2015 in Sydney to a panel of distinguished professors and participants from market regulators including the Australian Securities and Investments Commission, Reserve Bank of Australia, Australian Prudential Regulation Authority and the financial sector including Colonial First State.

It was found that there are benefits to using the pitch template for both established and emerging researchers. Prior pitch papers have primarily been authored by PhD students. This paper’s aim was to provide evidence that established as well as emerging scholars can benefit from completing the Faff pitch template.

This pitch letter contributes to the research community, as it shows the process and personal reflections on undertaking the pitch exercise by a team including established and emerging researchers. Within this pitch letter there is a documentation of how the research team for the underlying project was formed and the prior experiences of the team.

The authors investigate the adoption of nomination committees in Australia and identify the managerial power perspective as one explanation for firms not establishing nomination committees. A positive outcome of establishing a nomination committee from the perspective of board diversity is also examined.

The authors adopt an archival approach by collecting data for firms listed on the Australian Securities Exchange (ASX) during the period 2010 to 2018. The authors establish the prevalence of nomination committees for small medium and large Australian firms. Regression analyses are used to determine whether the power of the chief executive officer (CEO) influences the adoption of a nomination committee. The association between having nomination committee and board diversity is also analyzed using regression analyses.

Less than half of firms adopt a nomination committee. Larger firms are more likely to adopt a nomination committee than medium and smaller sized firms. Firms with less powerful CEOs are more likely to adopt a nomination committee. Adoption of a nomination committee is also associated with greater board tenure dispersion and board gender diversity in medium and smaller sized firms.

Evidence on nomination committees provides original research that extends previous research focusing on the audit, risk and remuneration committees and samples restricted to large firms. The nomination committee has an important role to play in the appointment of directors yet limited evidence exists of the adoption rate, explanation for non-adoption and benefits of adoption. The authors add to this evidence.

This paper examines how the board of directors' attributes in terms of educational and professional backgrounds –that is board capital-, and demographics influence institutional ownership across listed companies in Latin America.

Based on unique hand-collected information of directors' educational and professional attributes across 427 firms in Latin America, the authors analyze the effects of directors' educational attainment, professional experience and demographic diversification on institutional investors' holdings.

Results show that grey investor ownership favors directors with graduate studies and diverse boards regarding gender and nationality. Independent investors value the directors' professional experience like former founders of a firm. Grey investors are more concerned with firm corporate governance mechanisms, consistent with the agency view. In contrast, independent institutional investors focus on business opportunities following the board of directors' resource-based view.

This study shows that board capital becomes a key determinant for institutional ownership in emerging markets.

This study extends previous literature on institutional investor preferences by providing empirical evidence that firm board capital becomes a collective asset that is central for institutional investors' investment choices for an emerging market case.

Today, multilateral institutions and governments of industrial countries seem to agree on the need to reorient macroeconomic and structural policies in order to achieve a more balanced growth of the global economy. At the same time, developing countries and civil society organizations have raised questions about the effectiveness of the current multilateral system. As well, new social and political concerns are reshaping our views about globalization processes. This paper looks at the ongoing process of global economic integration and demonstrates that new forces are reshaping the economies of the world and raising challenging questions about ethics, governance and security that will require corporations to respond with new strategies.

Based on agency theory, the purpose of this paper is to investigate the determinants on the dissemination level of corporate governance disclosure (CGD).

The sample of the study incorporates listed companies in Nifty 500 Index for the period 2009-2014. The Governance Disclosure Score calculated by Bloomberg is used as a proxy for the dissemination level of corporate governance information. In total, eight explanatory variables are uses, namely, board’s size, number of board meetings, CEO duality, presence of women on the board, company’s size, financial performance, Tobin’s Q ratio and financial leverage.

The results of study suggest a need for improvement in CGDs by Indian companies, as they fail to comply the majority of the proposed disclosure items. Furthermore, it is revealed that the number of board director, the value of company, the financial leverage and the presence of women affect negatively the dissemination level of corporate governance information. While, the size of company is the only determinant that positively affects the extent of CGD.

The results are valuable because they reveal the attributes that determines which companies needs less or extra monitoring by shareholders and investors regarding the applied corporate governance practices. In addition, the study can be valuable to policy makers responsible for the regulation of company’s accountability in relation to corporate governance practices.

The study extents previous studies by incorporating for the first time Bloomberg’s rating approach regarding the dissemination level of CGD in Indian context.

To explain the implications of a March 2014 Delaware Court of Chancery decision that found RBC Capital Markets liable for damages for aiding and abetting breaches of fiduciary duty by the directors of Rural/Metro Corporation in connection with the company’s 2011 sale to an affiliate of Warburg PIncus.

Explains the court’s findings and decision, offers procedural lessons for sell-side financial advisors, and recommends what sell-side advisors can do to limit exposure to aiding and abetting claims.

The Rural/Metro decision opens the door to additional litigation risk for sell-side advisors. However, Vice Chancellor Laster’s opinion also provides a roadmap for how an advisor can limit that risk.

Director and financial advisor liability most often results from process failures.

Practical guidance from experienced mergers and acquisitions and securities and corporate governance lawyers.

The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes an empirical analysis which was conducted to identify the antecedents of the information security maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and technical factors identified.

This study uses quantitative approach, convenience sampling and the required data collected from 970 key players' managers in information security, in a total of 722 government agencies, through a self‐administrated survey. Research adopted the Wallace et al. process to develop and validate the study's instrument.

The paper provides empirical insights and reveals a number of underlying dimensions of social factors and one technical factor. The risk management was found to be the formal coping mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors have the most influence on MPS organizations' ISM. Findings demonstrate that two independent variables, risk management and individual perception, discriminate between those organizations that have high and low ISM.

The research results may lack generalization; therefore, researchers are encouraged to test the proposed propositions further in a different context.

The paper includes implications for the development of a powerful instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to formulate a more appropriate policy or give a more effective focus on issues that are really relevant to MPS information security management.

This paper fulfils the identified need to explore determinants of information security maturity.