University of Central Lancashire
Through an empirical study, the authors examined the dimensions of information security objectives and practices. Specifically, they explored the inter-relationships between information security objectives and practices and developed a parsimonious framework for ISM. Practitioners should use the proposed framework as a starting point to develop particular information security objectives, which reflects their business environment and business goals. Based on the information security objectives selected, organizations should implement the most effective practices. They can use the eight information security practices as a guideline or checklist to enhance this implementation.