Improving Information Security Management in Nonprofit Organisations with Action Research

Information security is vital for protecting important assets of organisations, including the information resources and the organisation's reputation. In Australia, the nonprofit sector makes a significant contribution to society but is under represented in the information security literature. This paper describes research in progress that is investigating and improving information security management in some nonprofit organisations (NPOs), which incorporates a participatory action research methodology. This approach will enhance the skill set likely to be present in Australian nonprofit organisations, producing a more sustainable solution, as well as contributing to the open literature. The Technology Acceptance Model will be utilised as a referent model to aid data analysis. This research will directly benefit the nonprofit sector by highlighting the importance and relevance of effective information security management in their organisations. It will inform the policy making process of government actors when devising policy to assist NPOs.; ;

[1]  David Jones,et al.  Predicting System Success using the Technology Acceptance Model: A Case Study , 2005 .

[2]  G. Susman,et al.  An Assessment of the Scientific Merits of Action Research. , 1978 .

[3]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[4]  Susan A. Brown,et al.  Do I really have to? User acceptance of mandated technology , 2002, Eur. J. Inf. Syst..

[5]  T. M. Rajkumar,et al.  The Application Development Outsourcing Decision: An Application of the Technology Acceptance Model , 2002, J. Comput. Inf. Syst..

[6]  M. Alessandrini A fourth sector: The impact of neo-liberalism on non-profit organisations , 2002 .

[7]  John Shine,et al.  Extending the New Technology Acceptance Model to Measure the End User Information Systems Satisfaction in a Mandatory Environment: A Bank's Treasury , 2003, Technol. Anal. Strateg. Manag..

[8]  L. R. Chao,et al.  An empirical study of information security policy on information security elevation in Taiwan , 2006, Inf. Manag. Comput. Secur..

[9]  Richard Baskerville,et al.  A longitudinal study of information system threat categories: the enduring problem of human error , 2005, DATB.

[10]  Alice M. Johnson The Technology Acceptance Model and the Decision to Invest in Information Security , 2005 .

[11]  G.N. Ericsson,et al.  Management of information security for an electric power Utility-on security domains and use of ISO/IEC17799 standard , 2005, IEEE Transactions on Power Delivery.

[12]  Sebastiaan H. von Solms,et al.  Information Security governance: COBIT or ISO 17799 or both? , 2005, Comput. Secur..

[13]  Donald L. Pipkin Information Security: Protecting the Global Enterprise , 2000 .

[14]  Sari Stern Greene Security Policies and Procedures: Principles and Practices , 2005 .

[15]  H. Vos Trade and Industry , 1946 .

[16]  Hsi‐Peng Lu,et al.  An empirical study of the effect of perceived risk upon intention to use online applications , 2005, Inf. Manag. Comput. Security.

[17]  Richard Baskerville,et al.  Investigating Information Systems with Action Research , 1999, Commun. Assoc. Inf. Syst..

[18]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[19]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[20]  Steven Furnell,et al.  Approaches to IT Security in Small and Medium Enterprises , 2004, AISM.

[21]  Sharman Lichtenstein,et al.  Challenges in fostering an information security culture in Australian small and medium sized enterprises , 2006 .

[22]  Reza Barkhi,et al.  Determining the Intention to Use Biometric Devices: An Application and Extension of the Technology Acceptance Model , 2006, J. Organ. End User Comput..

[23]  D. Greenwood,et al.  Introduction to Action Research: Social Research for Social Change , 1998 .

[24]  A study of the uptake of Information Security Policies by small and medium sized businesses in Wales , 2006 .

[25]  C. Hamilton,et al.  Silencing dissent: non-government organisations and Australian democracy , 2004 .

[26]  L. Salamon,et al.  DEFINING THE NONPROFIT SECTOR , 1998 .

[27]  Lester Salamon and Helmut Anheier The International Classification of Nonprofit Organizations: ICNPO-Revision 1, 1996 , 1996 .

[28]  Shuchih Ernest Chang,et al.  Organizational factors to the effectiveness of implementing information security management , 2006, Ind. Manag. Data Syst..

[29]  Quey-Jen Yeh,et al.  On security preparations against possible IS threats across industries , 2006, Inf. Manag. Comput. Secur..