A Contingency View of CISO–Board Interactions in Information Security Governance

Sara Nodehi; Tim Huygh; Laury Bollen; Remko Helms

doi:10.5220/0013743700004000

A Contingency View of CISO–Board Interactions in Information Security Governance

Sara Nodehi, Tim Huygh, Laury Bollen, Remko Helms

2025

Abstract

This study investigates how Chief Information Security Officers (CISOs) work together with board members to attain Information Security Governance (ISG). Based on a qualitative exploratory workshop involving CISOs, this study examines CISO–board relationships and governance decision-making. Five governance classes—board involvement, communication strategy, influence mechanisms, reporting structures, and information security budgeting—were established through thematic analysis and were discovered to vary considerably across organizational contexts. CISOs, rather than applying a uniform approach, adopt context-specific and even contradictory governance strategies contingent upon organization culture, leadership, and structural attributes. These strategic trade-offs are viewed as deliberate adaptive responses to diffuse authority, asymmetrical information, and incongruent expectations. By analyzing ISG as a relational and contingent practice, the research contributes theoretical understanding by illustrating how the application of contingency thinking can explain differences in ISG arrangements between contexts, highlighting the value of adaptive, context-sensitive governance approaches. Additionally, this paper provides practitioner-useful guidance to improve board engagement, strategic communication, and organizational alignment in security governance.

Download

Paper Citation

in Harvard Style

Nodehi S., Huygh T., Bollen L. and Helms R. (2025). A Contingency View of CISO–Board Interactions in Information Security Governance. In Proceedings of the 17th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - Volume 2: KMIS; ISBN 978-989-758-769-6, SciTePress, pages 278-289. DOI: 10.5220/0013743700004000

in Bibtex Style

@conference{kmis25,
author={Sara Nodehi and Tim Huygh and Laury Bollen and Remko Helms},
title={A Contingency View of CISO–Board Interactions in Information Security Governance},
booktitle={Proceedings of the 17th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - Volume 2: KMIS},
year={2025},
pages={278-289},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013743700004000},
isbn={978-989-758-769-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 17th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - Volume 2: KMIS
TI - A Contingency View of CISO–Board Interactions in Information Security Governance
SN - 978-989-758-769-6
AU - Nodehi S.
AU - Huygh T.
AU - Bollen L.
AU - Helms R.
PY - 2025
SP - 278
EP - 289
DO - 10.5220/0013743700004000
PB - SciTePress