Embedding information security management in organisations: improving participation and engagement through intra-organisational Liaison

Effective information security management (ISM) is contingent on intra-organisational liaison (IOL) between security personnel and stakeholders in ISM processes. IOL is a set of activities undertaken by information security personnel to communicate with internal stakeholders to increase their participation and involvement in the ISM process. Unfortunately, IOL in many organisations tends to be undertaken in an ad hoc and informal manner rather than as part of a formal and systematic process. We argue that IOL activities should be planned and embedded into mainstream ISM practices. Our review of the relevant literature did not find ‘best practice’ guidelines on intra-organisational liaison (IOL) between security personnel and stakeholders in ISM. Based on findings from an in-depth exploratory study where we interviewed thirty-four information security professionals, we develop a novel framework that explains how intra-organisational liaison can be improved and specifically what IOL practices and activities are critical for effective communication with ISM stakeholders.