The impact of information security management practices on organisational agility

This study aims to determine the extent to which information security management (ISM) practices impact the organisational agility by examining the relationship between both concepts.,A quantitative method research design has been used in this study. This study was conducted throughout Malaysia with a total of 250 valid questionnaires obtained from managers and executives from the Multimedia Super Corridor (MSC)-status companies. Structural equation modelling (SEM) using partial least square was used to analyse the data and to test all nine hypotheses developed in this study.,Findings from this study indicate that operational agility (OA) is significantly related to ISM practices in MSC-status companies. The validation of the structural model of nine hypotheses developed for this study has demonstrated satisfactory results, exhibited six significant direct relationships and three insignificant relationships.,This study has addressed the needs for a comprehensive, coherent and empirically tested ISM practices and organisational agility framework. The current theoretical framework used in this study emphasised on the ISM–organisational agility dimensions that are predominantly important to ascertain high level of ISM practices and perceived agility level among the information technology (IT) business companies in Malaysia. With the application of SEM for powerful analysis, the empirical-based framework established in this study was validated by the empirical findings, thus contributing significantly to the field of information security (InfoSec).,This study has filled the research gap between different constructs of ISM practices and OA. The model put forth in this study contributes in several ways to the InfoSec research community. The recognition of InfoSec practices that could facilitate organisational agility in the IT industry in Malaysia is vital and contributes to more value creation for the organisations.

[1]  Shahram Sarkani,et al.  Impacts of Organizational Capabilities In Information Security , 2011, Inf. Manag. Comput. Secur..

[2]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[3]  Yi Wang,et al.  IT capability and organizational performance: the roles of business process agility and environmental factors , 2014, Eur. J. Inf. Syst..

[4]  Varun Grover,et al.  Investigating firm's customer agility and firm performance: The importance of aligning sense and respond capabilities , 2012 .

[5]  Linda G. Wallace,et al.  Is Information Security Under Control?: Investigating Quality in Information Security Management , 2007, IEEE Security & Privacy.

[6]  H. Winklhofer,et al.  Index Construction with Formative Indicators: An Alternative to Scale Development , 2001 .

[7]  Qingxiong Ma,et al.  Information security management objectives and practices: a parsimonious framework , 2008, Inf. Manag. Comput. Secur..

[8]  Victor E. Sower,et al.  Radio Frequency Identification Technology Utilization and Organizational Agility , 2011, J. Comput. Inf. Syst..

[9]  Adel Azar,et al.  Paving the path toward strategic agility , 2019, J. Enterp. Inf. Manag..

[10]  R. V. Krejcie,et al.  Determining Sample Size for Research Activities , 1970 .

[11]  Raduan Che Rose,et al.  The relationship between information technology acceptance and organizational agility in Malaysia , 2005, Inf. Manag..

[12]  Marko Sarstedt,et al.  PLS-SEM: Indeed a Silver Bullet , 2011 .

[13]  Varun Grover,et al.  Shaping Agility through Digital Options: Reconceptualizing the Role of Information Technology in Contemporary Firms , 2003, MIS Q..

[14]  Margaret A. Peteraf,et al.  Dynamic Capabilities and Organizational Agility: Risk, Uncertainty, and Strategy in the Innovation Economy , 2016 .

[15]  Santanu Kumar Rath,et al.  Modelling the Relationship Between Information Technology Infrastructure and Organizational Agility: A Study in the Context of India , 2018 .

[16]  Paul P. Tallon,et al.  Competing Perspectives on the Link Between Strategic Information Technology Alignment and Organizational Agility: Insights from a Mediation Model , 2011, MIS Q..

[17]  Jemal H. Abawajy,et al.  User preference of cyber security awareness delivery methods , 2014, Behav. Inf. Technol..

[18]  Y. Wei,et al.  Making sense of a market information system for superior performance: The roles of organizational responsiveness and innovation strategy , 2011 .

[19]  Angel R. Otero,et al.  An information security control assessment methodology for organizations' financial information , 2015, Int. J. Account. Inf. Syst..

[20]  Harri Oinas-Kukkonen,et al.  A review of information security issues and respective research contributions , 2007, DATB.

[21]  D. Teece,et al.  DYNAMIC CAPABILITIES AND STRATEGIC MANAGEMENT , 1997 .

[22]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[23]  Rudolf R. Sinkovics,et al.  The Use of Partial Least Squares Path Modeling in International Marketing , 2009 .

[24]  A. Gunasekaran,et al.  Agile manufacturing: The drivers, concepts and attributes , 1999 .

[25]  Rajeev Sharma,et al.  The role of IT application orchestration capability in improving agility and performance , 2017, J. Strateg. Inf. Syst..

[26]  Rajeev Sharma,et al.  Information technology and the search for organizational agility: A systematic review with future research possibilities , 2019, J. Strateg. Inf. Syst..

[27]  Robert P. Bostrom,et al.  Mis problems and failures: a socio-technical perspective , 1977 .

[28]  A. J. Gilbert Silvius,et al.  The Impact of IT Management Processes on Enterprise Agility , 2014, Communications of the IIMA.

[29]  Varun Grover,et al.  Building and leveraging information in dynamic environments: The role of IT infrastructure flexibility as enabler of organizational responsiveness and competitive advantage , 2010, Inf. Manag..

[30]  Marko Sarstedt,et al.  Editorial - Partial Least Squares Structural Equation Modeling: Rigorous Applications, Better Results and Higher Acceptance , 2013 .

[31]  Latifa Ben Arfa Rabai,et al.  Comparative Study of Information Security Risk Assessment Models for Cloud Computing systems , 2016, ANT/SEIT.

[32]  L. R. Chao,et al.  An integrated system theory of information security management , 2003, Inf. Manag. Comput. Secur..

[33]  Sean B. Maynard,et al.  SECURITY RISK MANAGEMENT : THE CONTINGENT EFFECT ON SECURITY PERFORMANCE , 2017 .

[34]  Xu Yang,et al.  Implementing international standards for Information Security Management in China and Europe: a comparative multi-case study , 2011, Technol. Anal. Strateg. Manag..

[35]  Matti Rossi,et al.  Mobile Games: Analyzing the Needs and Values of the Consumers , 2010 .

[36]  Ying Lu,et al.  Understanding the Link Between Information Technology Capability and Organizational Agility: An Empirical Examination , 2011, MIS Q..

[37]  Pankaj Setia,et al.  Realizing business value of agile IT applications: antecedents in the supply chain networks , 2008, Inf. Technol. Manag..

[38]  Lars Mathiassen,et al.  Data Breach Risks and Resolutions: A Literature Synthesis , 2019, AMCIS.

[39]  Sessika Siregar,et al.  (RIP) Cybersecurity Agility: Antecedents and Effects on Security Incident Management Effectiveness , 2019, PACIS.

[40]  Vladimir Stantchev,et al.  A process framework for information security management , 2022, International Journal of Information Systems and Project Management.

[41]  Morteza Raei Dehaghi The Relation of Information Security Management System Efficiency with Organizational Agility Case Study: Isfahan Mobarakeh Steel Company , 2016 .

[42]  Hossein Sharifi,et al.  A methodology for achieving agility in manufacturing organisations : An introduction , 1999 .

[43]  Lior Fink,et al.  Gaining Agility through IT Personnel Capabilities: The Mediating Role of IT Infrastructure Capabilities , 2007, J. Assoc. Inf. Syst..

[44]  Antònia Mas Picahaco,et al.  Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension , 2015, Comput. Secur..

[45]  Guido Schryen,et al.  A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory , 2015, ICIS.

[46]  B. Wernerfelt,et al.  A Resource-Based View of the Firm , 1984 .