Exploring organizational culture for information security management

Purpose – This paper aims to examine the influence of organization culture on the effectiveness of implementing information security management (ISM).Design/methodology/approach – Based on a literature review, a model of the relationship between organizational culture and ISM was formulated, and both organizational culture characteristics and ISM effectiveness were measured empirically to investigate how various organizational culture traits influenced ISM principles, by administrating questionnaires to respondents in organizations with significant use of information systems.Findings – Four regression models were derived to quantify the impacts of organizational culture traits on the effectiveness of implementing ISM. Whilst the control‐oriented organizational culture traits, effectiveness and consistency, have strong effect on the ISM principles of confidentiality, integrity, availability and accountability, the flexibility‐oriented organizational culture traits, cooperativeness and innovativeness, are n...

[1]  Ruey‐Kei Chiu,et al.  A generic service model for secure data interchange , 2005, Ind. Manag. Data Syst..

[2]  Sebastiaan H. von Solms,et al.  Information Security Management: An Approach to Combine Process Certification And Product Evaluation , 2000, Comput. Secur..

[3]  Sangkyun Kim,et al.  Enterprise security architecture in business convergence environments , 2005, Ind. Manag. Data Syst..

[4]  Bijoy Bordoloi,et al.  Evaluating security threats in mainframe and client/server environments , 1997, Inf. Manag..

[5]  Timothy Paul Cronan,et al.  Have you met your organization's computer usage policy? , 2005, Ind. Manag. Data Syst..

[6]  Barry Schwartz,et al.  Vertical classification : a study in structuralism and the sociology of knowledge , 1983 .

[7]  Rex B. Kline,et al.  Principles and Practice of Structural Equation Modeling , 1998 .

[8]  Efstathios D. Sykas,et al.  Secure PKI-enabled e-government infrastructures implementation: the SYZEFXIS-PKI case , 2006, Electron. Gov. an Int. J..

[9]  Chin-Tsang Ho,et al.  Knowledge management enablers: a case study , 2006, Ind. Manag. Data Syst..

[10]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[11]  Randolph B. Cooper,et al.  The inertial impact of culture on IT implementation , 1994, Inf. Manag..

[12]  M. J. Kenning Security Management Standard — ISO 17799/BS 7799 , 2001 .

[13]  Ian Owens,et al.  Information and business performance: a study of information systems and services in high-performing companies , 1996, Inf. Res..

[14]  Andrew D Szilagyi,et al.  Organizational behavior and performance , 1977 .

[15]  Marcus W. Dickson,et al.  Variables associated with environmental scanning among clinicians at substance abuse treatment clinics , 2005, Inf. Res..

[16]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[17]  Karen A. Forcht,et al.  Information security in business environments , 1996, Inf. Manag. Comput. Secur..

[18]  Erik A. M. Borglund Operational use of electronic records in police work , 2005, Inf. Res..

[19]  D. Denison,et al.  Corporate Culture and Organizational Effectiveness. , 1991 .

[20]  H. Kaiser An index of factorial simplicity , 1974 .

[21]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[22]  Randolph B. Cooper,et al.  Information Technology Development Creativity: A Case Study of Attempted Radical Change , 2000, MIS Q..

[23]  Adrienne Curry,et al.  Assessing information culture - an exploratory model , 2003, Int. J. Inf. Manag..

[24]  Shi‐Ming Huang,et al.  Balancing performance measures for information security management: A balanced scorecard framework , 2006, Ind. Manag. Data Syst..

[25]  Rossouw von Solms,et al.  The 10 deadly sins of information security management , 2004, Comput. Secur..

[26]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[27]  Jonathan L. Gross,et al.  Measuring Culture: A Paradigm for the Analysis of Social Organization , 1986 .

[28]  Francisco Javier Lloréns Montes,et al.  Antecedents and consequences of organizational innovation and organizational learning in entrepreneurship , 2006, Ind. Manag. Data Syst..

[29]  Sebastiaan H. von Solms,et al.  Information Security - The Third Wave? , 2000, Comput. Secur..

[30]  Shuchih Ernest Chang,et al.  Organizational factors to the effectiveness of implementing information security management , 2006, Ind. Manag. Data Syst..

[31]  Bih-Huang Jin,et al.  Measuring satisfaction with business-to-employee systems , 2004, Comput. Hum. Behav..

[32]  Huong Ngo Higgins,et al.  Corporate system security: towards an integrated management approach , 1999, Inf. Manag. Comput. Secur..

[33]  Binshan Lin,et al.  Securing industry-wide EPCglobal Network with WS-Security , 2005, Ind. Manag. Data Syst..

[34]  D. K. Allen,et al.  Re-engineering change in higher education , 1999, Inf. Res..

[35]  L. R. Chao,et al.  An integrated system theory of information security management , 2003, Inf. Manag. Comput. Secur..

[36]  Nicholas Gaunt,et al.  Practical approaches to creating a security culture , 2000, Int. J. Medical Informatics.

[37]  Amitava Dutta,et al.  Management's Role in Information Security in a Cyber Economy , 2002 .

[38]  Gurpreet Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[39]  G. Cockerham,et al.  MISCO: a conceptual model for MIS implementation in SMEs , 1999, Inf. Res..

[40]  Carlos Flavián,et al.  Consumer trust, perceived security and privacy policy: Three basic elements of loyalty to a web site , 2006, Ind. Manag. Data Syst..

[41]  Holtjona Galanxhi-Janaqi,et al.  U-commerce: emerging trends and research issues , 2004, Ind. Manag. Data Syst..

[42]  David C. Yen,et al.  Cyberspace security management , 1999 .

[43]  Cameron E. Melton,et al.  Organisational knowledge and learning: leveraging it to accelerate the creation of competitive advantages , 2006 .

[44]  W. Brady Boggs,et al.  TQM and Organizational Culture: A Case Study , 2004 .

[45]  Shi-Ming Huang,et al.  Critical factors in adopting a knowledge management system for the pharmaceutical industry , 2005, Ind. Manag. Data Syst..