Embedding organizational culture values towards successful business continuity management (BCM) implementation

Today's increased reliance on Information and Communications Technology (ICT) has raised the expectations for service quality, reliability and availability. Such expectations have introduced BCM as a crucial requirement for organizations. BCM is a management process that helps in improving the organization's resilience to interruptions caused by information security threats. The implementation of BCM not only involves the information technology (IT) department, but also business areas that use IT services. BCM however, only receives attention with the support and direction from top management whenever it is required for regulatory compliance. Therefore this paper aims to explore and identify the effects of organizational culture on the successful implementation of BCM in Malaysian organizations. Quantitative surveys have been distributed to 300 participants with varying roles within the organizational hierarchy. 22 Malaysian IT organizations and departments have been selected to participate in the survey. The survey explores the organization employee's view on the importance and effect of organizational culture on BCM implementation. The results indicate that cultural factors greatly impact and play an important role to the organization in terms of BCM readiness and implementation. The results are useful as a guidance for organizations in Malaysia specifically to monitor security incidents or threats which may arise not only from technicalities but also human complexity. The results may also aid in the preparation of organizational guidelines regarding readiness towards BCM implementation.

[1]  J. Eloff,et al.  Information security management: a new paradigm , 2003 .

[2]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[3]  Manik Dey Business Continuity Planning (BCP) methodology — Essential for every business , 2011, 2011 IEEE GCC Conference and Exhibition (GCC).

[4]  Shijie Zhou,et al.  Information Security Journal : A Global Perspective , 2015 .

[5]  Rebecca Kay,et al.  Introduction to Human Resource Management , 2008 .

[6]  David Kaye Managing Risk and Resilience in the Supply Chain , 2008 .

[7]  H. Tohidi,et al.  Organizational culture and leadership , 2012 .

[8]  Richard Baskerville,et al.  Managing culture creep: Toward a strategic model of user IT culture , 2010, J. Strateg. Inf. Syst..

[9]  Kasim Randeree,et al.  A business continuity management maturity model for the UAE banking sector , 2012, Bus. Process. Manag. J..

[10]  Hana Urbancová,et al.  Advantages and Disadvantages of Business Continuity Management , 2013 .

[11]  S. Robbins Organizational Behavior: Concepts, Controversies, Applications , 1979 .

[12]  Andrew Hiles,et al.  The Definitive Handbook of Business Continuity Management , 2010 .

[13]  Brahim Herbane The evolution of business continuity management: A historical review of practices and drivers , 2010 .

[14]  M. Moon Organizational Commitment Revisited in New Public Management: Motivation, Organizational Culture, Sector, and Managerial Level , 2000 .

[15]  M. J. Moon,et al.  Advancing E‐Government at the Grassroots: Tortoise or Hare? , 2005 .

[16]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[17]  Kathleen Shearer,et al.  Understanding knowledge management and information management: the need for an empirical perspective , 2002, Inf. Res..

[18]  Heru Susanto,et al.  A cultural transferability on IT business application: iReservation system , 2013 .

[19]  Michael Blyth Business Continuity Management: Building an Effective Incident Management Plan , 2009 .

[20]  Rama Lingeswara Tammineedi Business Continuity Management: A Standards-Based Approach , 2010, Inf. Secur. J. A Glob. Perspect..

[21]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[22]  Gurpreet Dhillon,et al.  Managing and controlling computer misuse , 1999, Inf. Manag. Comput. Secur..