On Exploring Research Methods for Business Information Security Alignment and Artefact Engineering

Abstract

This paper examines research methods for designing and engineering a Business Information Security (BIS) artefact. Preventing and responding to cybercrime is becoming an integral part of management practices which are supervised by the Board of Directors (BoD), and it can no longer be perceived as just traditional IT. In order to improve the maturity of business information security a transformation is needed and this requires adequate reporting and dashboarding. Dashboard functions such as the current versus the desired state of the Maturity of Business Information Security (MBIS) reflect certain parameters that boards can influence. Determining the key dashboard functions that reflect these parameters of control was the main motivation for this research paper and the ultimate goal was to engineer a BIS artefact. We propose a research and design method that could be used to establish an experimental dashboard with initial parameters of control based on a Group Support System (GSS) approach. Finally, GSS is evaluated as a method for a) examining which parameters are effective for BIS, from multiple perspectives and b) helping to implement the artefact (make it fit the purpose) as well as the associated business alignment and decision-making.