The impact of relational leadership and social alignment on information security system effectiveness in Korean governmental organizations

Empirical data collected from 102 government organizations in the Republic of Korea.Chief Security Officer (CSO) relational leadership positively influenced social alignment between the CSO and business executives.Social alignment between CSO and business executives positively influenced integrated knowledge.Integrated knowledge positively influenced ISS effectiveness, which, in turn positively influenced organizational performance.Contrary to expectations, the technical knowledge of the CSO negatively moderated the integrated knowledge ISS effectiveness relationship. While information technology has increasingly created various innovation opportunities in organizations, these opportunities have caused serious risks associated with information. Due to these potential risks, information security has become a major concern in organizations, and the role of the chief security officer has begun to attract research attention. Using a social capital theory perspective, this study aims to explore how the level of relational leadership of the chief security officer drives the social alignment between business and IT executives. Specifically, we study how social alignment influences integrated knowledge, information security system (ISS) effectiveness, and organizational performance. Empirical data from one hundred and two government organizations in the Republic of Korea confirms the impact of relational leadership, social alignment, and ISS effectiveness on organizational performance.

[1]  Qing Hu,et al.  Assimilation of Enterprise Systems: The Effect of Institutional Pressures and the Mediating Role of Top Management , 2007, MIS Q..

[2]  Wilfred H. Drath,et al.  The Deep Blue Sea: Rethinking the Source of Leadership , 2001 .

[3]  F. Nelson Ford,et al.  Information Security Effectiveness: Conceptualization and Validation of a Theory , 2007, Int. J. Inf. Secur. Priv..

[4]  Gi Mun Kim,et al.  Investigating the Value of Sociomaterialism in Conceptualizing IT Capability of a Firm , 2012, J. Manag. Inf. Syst..

[5]  John W. Meyer,et al.  Institutionalized Organizations: Formal Structure as Myth and Ceremony , 1977, American Journal of Sociology.

[6]  Jody Hoffer Gittell,et al.  Relational Bureaucracy: Structuring Reciprocal Relationships into Roles , 2012 .

[7]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[8]  Ruey-Shun Chen,et al.  Aligning information technology and business strategy with a dynamic capabilities perspective: A longitudinal study of a Taiwanese Semiconductor Company , 2008, Int. J. Inf. Manag..

[9]  Kuheli Roy Sarkar Assessing insider threats to information security using technical, behavioural and organisational measures , 2010, Inf. Secur. Tech. Rep..

[10]  Jacob Cohen Statistical Power Analysis , 1992 .

[11]  Terry Anthony Byrd,et al.  Measuring the Flexibility of Information Technology Infrastructure: Exploratory Analysis of a Construct , 2000, J. Manag. Inf. Syst..

[12]  G. Labianca,et al.  A Multilevel Model of Group Social Capital , 2006 .

[13]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[14]  Robert W. Zmud,et al.  The Influence of a Convergence in Understanding Between Technology Providers and Users on Information Technology Innovativeness , 1991 .

[15]  M. Boisot Information space : a framework for learning in organizations, institutions and culture , 2013 .

[16]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[17]  Yolande E. Chan Why Haven't We Mastered Alignment? The Importance of the Informal Organization Structure , 2002, MIS Q. Executive.

[18]  B. Kogut,et al.  What Firms Do? Coordination, Identity, and Learning , 1996 .

[19]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[20]  Izak Benbasat,et al.  Factors That Influence the Social Dimension of Alignment Between Business and Information Technology Objectives , 2000, MIS Q..

[21]  Jason Bennett Thatcher,et al.  An Empirical Examination of Individual Traits as Antecedents to Computer Anxiety and Computer Self-Efficacy , 2002, MIS Q..

[22]  Manish Gupta Three essays on information technology security management in organizations , 2011 .

[23]  F. Schoorman,et al.  A model of relational leadership: The integration of trust and leader–member exchange , 2000 .

[24]  Straub,et al.  Editor's Comments: An Update and Extension to SEM Guidelines for Administrative and Social Science Research , 2011 .

[25]  Ryan T. Wright,et al.  Assessing Common Method Bias: Problems with the ULMC Technique , 2012, MIS Q..

[26]  D. Whitten,et al.  The Chief Information Security Officer: An Analysis of the Skills Required for Success , 2008, J. Comput. Inf. Syst..

[27]  Ranjay Gulati,et al.  Renewal Through Reorganization: The Value of Inconsistencies between Formal and Informal Organization , 2009, Organ. Sci..

[28]  Yolande E. Chan,et al.  Business Strategic Orientation, Information Systems Strategic Orientation, and Strategic Alignment , 1997, Inf. Syst. Res..

[29]  R. Sohi,et al.  IT competency and firm performance: is organizational learning a missing link? , 2003 .

[30]  Mahmood Hussain Shah,et al.  Information security management needs more holistic approach: A literature review , 2016, Int. J. Inf. Manag..

[31]  Vallabh Sambamurthy,et al.  The antecedents of CIO role effectiveness in Organizations:An empirical study in the healthcare sector , 2006, IEEE Transactions on Engineering Management.

[32]  R. Kahn,et al.  The Social Psychology of Organizations , 1966 .

[33]  R. Burt The contingent value of social capital. , 1997 .

[34]  R. Kelly Rainer,et al.  The Top Information Security Issues Facing Organizations: What Can Government do to Help? , 2006 .

[35]  A. Zaheer,et al.  A network perspective on organizational architecture: performance effects of the interplay of formal and informal organization , 2012 .

[36]  R. Bagozzi,et al.  On the evaluation of structural equation models , 1988 .

[37]  Dwayne Whitten,et al.  Effective Information Security Requires a Balance of Social and Technology Factors , 2012, MIS Q. Executive.

[38]  Rajiv Sabherwal,et al.  Alignment Between Business and IS Strategies: A Study of Prospectors, Analyzers, and Defenders , 2001, Inf. Syst. Res..

[39]  D. Day,et al.  Collective Enactment of Leadership Roles and Team Effectiveness: A Field Study , 2006 .

[40]  Izak Benbasat,et al.  An Empirical Investigation of Factors Influencing the Success of Customer-Oriented Strategic Systems , 1990, Inf. Syst. Res..

[41]  Alain Yee-Loong Chong,et al.  Does Employee Alignment Affect Business-it Alignment? an Empirical Analysis , 2011, J. Comput. Inf. Syst..

[42]  Merrill Warkentin,et al.  Behavioral and policy issues in information systems security: the insider threat , 2009, Eur. J. Inf. Syst..

[43]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[44]  Jai-Yeol Son,et al.  Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies , 2011, Inf. Manag..

[45]  Hoon Park,et al.  Sources and consequences of communication problems in foreign subsidiaries: The case of United States firms in South Korea , 1996 .

[46]  Pascale Carayon,et al.  Human and organizational factors in computer and information security: Pathways to vulnerabilities , 2009, Comput. Secur..

[47]  Mark W. Baldwin,et al.  Relational Schemas as a Source of If–Then Self-Inference Procedures , 1997 .

[48]  T. C. Powell,et al.  Information technology as competitive advantage: the role of human , 1997 .

[49]  Daniel Beimborn,et al.  How Social Capital Among Information Technology and Business Units Drives Operational Alignment and IT Business Value , 2014, J. Manag. Inf. Syst..

[50]  Tejaswini Herath,et al.  A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings , 2011, Eur. J. Inf. Syst..

[51]  J. Gibbs Crime, punishment, and deterrence , 1975 .

[52]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[53]  Elena Karahanna,et al.  The Effect of Social Capital of the Relationship Between the CIO and Top Management Team on Firm Performance , 2013, J. Manag. Inf. Syst..

[54]  Myeonggil Choi,et al.  Effects of innovation-supportive culture and organizational citizenship behavior on e-government information system security stemming from mimetic isomorphism , 2017, Gov. Inf. Q..

[55]  Kuang-Wei Wen,et al.  Organizations' Information Security Policy Compliance: Stick or Carrot Approach? , 2012, J. Manag. Inf. Syst..

[56]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[57]  M. Uhl‐Bien,et al.  Relational Leadership Theory: Exploring the social processes of leadership and organizing , 2006 .

[58]  Gareth R. Jones,et al.  The experience and evolution of trust: Implications for cooperation and teamwork , 1998 .

[59]  Myeonggil Choi Leadership of Information Security Manager on the Effectiveness of Information Systems Security for Secure Sustainable Computing , 2016 .

[60]  J. H. Gittell,et al.  High‐quality relationships, psychological safety, and learning from failures in work organizations , 2009 .

[61]  Detmar W. Straub,et al.  A Practical Guide To Factorial Validity Using PLS-Graph: Tutorial And Annotated Example , 2005, Commun. Assoc. Inf. Syst..

[62]  Joo-yup Kim,et al.  The Concept and Dynamics of Face: Implications for Organizational Behavior in Asia , 1998 .

[63]  Jung-Duk Kim National Information Security Agenda and Policies , 2012 .

[64]  Rajiv Sabherwal,et al.  Strategic Alignment Between Business and Information Technology: A Knowledge-Based View of Behaviors, Outcome, and Consequences , 2006, J. Manag. Inf. Syst..

[65]  Kathleen M. Eisenhardt,et al.  Integrating Knowledge in Groups: How Formal Interventions Enable Flexibility , 2002, Organ. Sci..

[66]  Blaize Horner Reich,et al.  IT alignment: what have we learned? , 2007, J. Inf. Technol..

[67]  P. Adler,et al.  Social Capital: Prospects for a New Concept , 2002 .

[68]  R. Grant,et al.  Environments: Organizational Capability as Knowledge Integration , 2022 .

[69]  Bor-Shiuan Cheng,et al.  Effects of relational schema congruence on leader-member exchange , 2017 .

[70]  Paul Benjamin Lowry,et al.  Using Accountability to Reduce Access Policy Violations in Information Systems , 2013, J. Manag. Inf. Syst..

[71]  Louis Raymond,et al.  Ideal patterns of strategic alignment and business performance , 2004, Inf. Manag..

[72]  Detmar W. Straub,et al.  Security concerns of system users: A study of perceptions of the adequacy of security , 1991, Inf. Manag..

[73]  Detmar W. Straub,et al.  Validation Guidelines for IS Positivist Research , 2004, Commun. Assoc. Inf. Syst..

[74]  S. Ghoshal,et al.  Social Capital, Intellectual Capital, and the Organizational Advantage , 1998 .

[75]  Eileen M. Trauth,et al.  Critical Skills and Knowledge Requirements of IS Professionals: A Joint Academic/Industry Investigation , 1995, MIS Q..

[76]  Robert W. Zmud,et al.  The Influence of IT Management Practice on IT Use in Large Organizations , 1994, MIS Q..

[77]  Gregory B. White,et al.  Dark Screen: An Exercise in Cyber Security , 2005, MIS Q. Executive.

[78]  Kenneth D. Strang,et al.  Examining effective technology project leadership traits and behaviors , 2007, Comput. Hum. Behav..