Herbert Gomez, Tarleton State University

It’s all Greek to me: Aligning Business, Information Technology, and Information Security


  1. Business, technology, and security all speak different languages.
  2. Evidence?
  3. Business models, technology models, security models
  4. All have common ideas (systems concepts) but all have different goals and objectives
  5. We need to ground our discussions in common frameworks lest we talk past one another.
  6. NIST Terminology that may give trouble
  7. Asset Management
  8. Business environment

iii. Governance

  1. Risk Assessment
  2. Risk Management Strategy
  3. Maintenance

vii. Communications (used twice in two different contexts

viii. Analysis

  1. Improvements (used twice in two different contexts
  2. Common theoretical grounding?
  3. RBV
  4. DCT

iii. VC

  1. When talking with these different parties, we should also recognize that the security capabilitiesare different between organizations based upon not only industry, and markets, but also organizational size.
  2. What we’ve done – created a survey that will validate security ideas in a business context – this will verify that we have commonalities that can be expressed to

5. How did we create the survey? We coded 23 security articles by the same practitioner to identify specific ideas from those articles. We then grouped those ideas into commonly accepted business

constructs. We surveying security practitioners to confirm that the constructs are not only acknowledged as valid

Presentation Author(s):
Herbert Gomez*, Dr. Delmer Nagy, Dr. Joseph Schuessler, and Mr. Art Dearing


Judging Forms Official judges only