EFFECTIVE CORPORATE GOVERNANCE: COMBINING AN ICT SECURITY INCIDENT AND ORGANISATIONAL LEARNING

The importance of applying good governance principles has grown over the past decade and many studies have been performed to investigate the role and impact of such principles. One of the difficulties in the governance arena is to provide sufficient empirical evidence that good corporate governance and good governance of information technology is beneficial. This paper describes a framework, based on a value-focused approach, which is used to identify unique dimensions for evaluation in a large organisation. Following the evaluation a practical phishing experiment was used to show how a learning process can be initiated through security incidents and how organisational learning can be used to focus on the improvement of specific governance areas.