The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop
Journal Issue
Volume 14 Issue 2, ICIME 2011 / Sep 2011  pp167‑281

Editor: Ken Grant

Download PDF (free)

Investigating the Factors Inhibiting SMEs from Recognizing and Measuring Losses From Cyber Crime in South Africa  pp167‑178

Gino Bougaardt, Michael Kyobe

Look inside Download PDF (free)

Assessing Information Management Competencies in Organisations  pp179‑192

Andy Bytheway

Look inside Download PDF (free)

IT Outsourcing in the Public Sector: Experiences Form Local Government  pp193‑203

Michael Cox, Martyn Roberts, John Walton

Look inside Download PDF (free)

Human Resources Transformation Beyond Boundaries in Outsourcing Business Model ‑ Expatriate Benchmarking  pp204‑215

Swathi Duppada, Rama Chandra Aryasri

Look inside Download PDF (free)

Assessing Future Value of Investments in Security‑Related IT Governance Control Objectives … Surveying IT Professionals  pp216‑227

Waldo Rocha Flores, Teodor Sommestad, Hannes Holm, Mathias Ekstedt

Look inside Download PDF (free)


Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security‑related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security. 


Keywords: IT governance, control objectives, information security, net present value


Share |
The use of RFID and Web 2.0 Technologies to Improve Inventory Management in South African Enterprises  pp228‑241

Sizakele Mathaba, Nomusa Dlodlo, Andrew Smith³, Mathew Adigun

Look inside Download PDF (free)

A Framework for Enhancing the Information Systems Innovation: Using Competitive Intelligence  pp242‑253

Phathutshedzo Nemutanzhela, Tiko Iyamu

Look inside Download PDF (free)

Mitigating the Impact of Software Test Constraints on Software Testing Effectiveness  pp254‑270

Grafton Whyte, Donovan Lindsay Mulder

Look inside Download PDF (free)

Adding Action to the Information Audit  pp271‑281

Huan Vo-Tran

Look inside Download PDF (free)