Strategic Information Systems Security: Definition and Theoretical Model

Information systems security has become a critical topic both academically and in industry due to its importance in today’s organizational environment. But while its criticality is undeniable, information systems security continues to be viewed reactively, as a “necessary evil,” or, worse, as a black hole with little or no ROI. Researchers and practitioners alike have generally been reticent to acknowledge the strategic potential of information systems security. This paper provides a first step towards helping managers justify their investments in information systems security by identifying its strategic potential. In doing so, we address three basic questions; why is information systems security important, what is strategic information systems security, and how does the strategic potential of information system security affect firm performance. Dynamic capabilities theory is utilized to propose a theoretical framework for strategic information systems security. We propose that information systems security provides the infrastructure necessary for agility, which in turn impacts firm performance. Specifically, information systems security enables sensing and responding to customer, partner/supplier, and internal organizational opportunities to positively impact firm performance. We also propose that the trust generated by solid security and security policy can enhance relationships with both customers and partners/suppliers.

[1]  Frederik D. Wiersema,et al.  Customer intimacy and other value disciplines , 1993 .

[2]  R. Amit,et al.  Value creation in E‐business , 2001 .

[3]  Peter Weill,et al.  The Implications of Information Technology Infrastructure for Business Process Redesign , 1999, MIS Q..

[4]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[5]  Ben Shneiderman,et al.  Designing trust into online experiences , 2000, CACM.

[6]  Sundar G. Bharadwaj,et al.  Information Technology Effects on Firm Performance as Measured by Tobin's q , 1999 .

[7]  Richard L. Nolan,et al.  Sense and Respond: Capturing Value in the Network Era , 1998 .

[8]  Somendra Pant,et al.  Issues in Economic Justification for Flexible Manufacturing Systems and Some Guidelines for Managers , 1995 .

[9]  Pauline Ratnasingham,et al.  The importance of trust in electronic commerce , 1998, Internet Res..

[10]  R. Nagel,et al.  Agile Competitors and Virtual Organizations: Strategies for Enriching the Customer , 1994 .

[11]  Kevin Crowston,et al.  Tools for inventing organizations: toward a handbook of organizational processes , 1993, [1993] Proceedings Second Workshop on Enabling Technologies@m_Infrastructure for Collaborative Enterprises.

[12]  N. Doherty,et al.  Aligning the information security policy with the strategic information systems plan , 2006, Comput. Secur..

[13]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[14]  Satish Nambisan,et al.  DESIGNING VIRTUAL CUSTOMER ENVIRONMENTS FOR NEW PRODUCT DEVELOPMENT : TOWARD A THEORY , 2005 .

[15]  Eric Overby,et al.  Enterprise agility and the enabling role of information technology , 2006, Eur. J. Inf. Syst..

[16]  Keng Siau,et al.  Building customer trust in mobile commerce , 2003, CACM.

[17]  Mark J. Safferstone Leveraging the New Infrastructure: How Market Leaders Capitalize on Information Technology , 1998 .

[18]  Ingoo Han,et al.  The Impact of Customer Trust and Perception of Security Control on the Acceptance of Electronic Commerce , 2003, Int. J. Electron. Commer..

[19]  Helena Holström,et al.  Virtual Communities as Platforms for Product Development: An Interpretive Case Study of Customer Involvement in Online Game Development , 2001, ICIS.

[20]  Venkatesh Shankar,et al.  Online trust: a stakeholder perspective, concepts, implications, and future directions , 2002, J. Strateg. Inf. Syst..

[21]  Donna L. Hoffman,et al.  Building consumer trust online , 1999, CACM.

[22]  James C. Wetherbe,et al.  Key issues in information systems management , 1987 .

[23]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[24]  Clayton M. Christensen The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail , 2013 .

[25]  G. Zaltman,et al.  Factors affecting trust in market research relationships. , 1993 .

[26]  Lior Fink,et al.  Gaining Agility through IT Personnel Capabilities: The Mediating Role of IT Infrastructure Capabilities , 2007, J. Assoc. Inf. Syst..

[27]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[28]  Sinan Aral,et al.  Generating Premium Returns on Your it Investments , 2006 .

[29]  P. Weill,et al.  Leveraging the New Infrastructure: How Market Leaders Capitalize on Information Technology , 1998 .

[30]  Marios Koufaris,et al.  The development of initial trust in an online company by new customers , 2004, Inf. Manag..

[31]  Varun Grover,et al.  Shaping Agility through Digital Options: Reconceptualizing the Role of Information Technology in Contemporary Firms , 2003, MIS Q..

[32]  Scott Hamilton,et al.  Evaluating Information Systems Effectiveness - Part I: Comparing Evaluation Approaches , 1981, MIS Q..

[33]  Huseyin Cavusoglu,et al.  The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[34]  Leslie P. Willcocks,et al.  Shaping the Future. Business Design Through Information Technology , 1991, J. Inf. Technol..

[35]  Jaideep Vaidya,et al.  Information Systems Security , 2014, Lecture Notes in Computer Science.

[36]  P. Weill,et al.  Management by Maxim: How Business and IT Managers Can Create IT Infrastructures , 1997 .

[37]  Mujtaba Ahsan,et al.  The Relationship Between IT Infastructure and Strategic Agility in Organizations , 2005, AMCIS.

[38]  Kevin Crowston,et al.  Tools for Inventing Organizations: Toward a Handbook of Organizational Processes , 1999 .

[39]  Peter G.W. Keen,et al.  Shaping the Future: Business Design Through Information Technology , 1991 .

[40]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[41]  John M. Ward,et al.  Beyond strategic information systems: towards an IS capability , 2004, J. Strateg. Inf. Syst..

[42]  Sarah Sheriff,et al.  Strategic Planning Information , 2015 .

[43]  A. Zaheer,et al.  Catching the wave: alertness, responsiveness, and market influence in global electronic networks , 1997 .

[44]  Atul Gupta,et al.  Information systems security issues and decisions for small businesses: An empirical examination , 2005, Inf. Manag. Comput. Security.

[45]  K. Eisenhardt,et al.  The Art of Continuous Change : Linking Complexity Theory and Time-Paced Evolution in Relentlessly Shifting Organizations , 1997 .

[46]  D. Teece,et al.  DYNAMIC CAPABILITIES AND STRATEGIC MANAGEMENT , 1997 .

[47]  Bernard J. Jaworski,et al.  Market orientation: The construct, research propositions, and managerial implications. , 1990 .

[48]  Jeffrey H. Dyer,et al.  The Relational View: Cooperative Strategy and Sources of Interorganizational Competitive Advantage , 1998 .

[49]  Kwok Kee Wei,et al.  Trust and Power Influences in Supply Chain Collaboration , 2008 .

[50]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[51]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[52]  Tapio Reponen,et al.  Strategic information systems - a conceptual analysis , 1993, J. Strateg. Inf. Syst..

[53]  M. Venkatraman,et al.  Real Strategies for Virtual Organizing , 1998 .

[54]  Janice L. Davis Digital Capital: Harnessing the Power of Business Webs , 2004 .

[55]  R. Veliyath Hypercompetition: Managing the Dynamics of Strategic Maneuvering , 1996 .

[56]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[57]  Kathryn Graziano The innovator's dilemma: When new technologies cause great firms to fail , 1998 .

[58]  Karen A. Forcht,et al.  Computer Security Management , 1993 .

[59]  J. Ward,et al.  Strategic Planning for Information Systems , 1990 .

[60]  Blake Ives,et al.  Review: IT-Dependent Strategic Initiatives and Sustained Competitive Advantage: A Review and Synthesis of the Literature , 2005, MIS Q..

[61]  Daniel A. Levinthal,et al.  Exploration and Exploitation in Organizational Learning , 2007 .

[62]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[63]  Ajit Kambil,et al.  Co-creation : A new source of value By , 2001 .

[64]  Mary J. Cronin,et al.  Unchained value: the new logic of digital business , 2000, UBIQ.

[65]  Sirkka L. Jarvenpaa,et al.  Consumer trust in an Internet store , 2000, Inf. Technol. Manag..

[66]  P. Weill,et al.  IT Infrastructure for Strategic Agility , 2002 .