Please use this identifier to cite or link to this item:
標題: Exploring organizational culture for information security management
作者: Chang, S.E.
Lin, C.S.
關鍵字: data security;information systems;organizational culture;environments;industry;systems;policy;model
Project: Industrial Management & Data Systems
期刊/報告no:: Industrial Management & Data Systems, Volume 107, Issue 3-4, Page(s) 438-458.
Purpose - This paper aims to examine the influence of organization culture on the effectiveness of implementing information security management (ISM). Design/methodology/approach - Based on a literature review, a model of the relationship between organizational culture and ISM was formulated, and both organizational culture characteristics and ISM effectiveness were measured empirically to investigate how various organizational culture traits influenced ISM principles, by administrating questionnaires to respondents in organizations with significant use of information systems. Findings - Four regression models were derived to quantify the impacts of organizational culture traits on the effectiveness of implementing ISM. Whilst the control-oriented organizational culture traits, effectiveness and consistency, have strong effect on the ISM principles of confidentiality, integrity, availability and accountability, the flexibility-oriented organizational culture traits, cooperativeness and innovativeness, are not significantly associated with the ISM principles with one exception that cooperativeness is negatively related to confidentiality. Research limitations/implications; - The sample is limited to the organizational factors in Taiwan. It is suggested to replicate this study in other countries to reconfirm the result before adopting its general implications. Owing to the highly intrusive nature of ISM surveys, a cautious approach with rapport and trust is a key success factor in conducting empirical studies on ISM. Practical implications - A culture conducive to information security practice is extremely important for organizations since the human dimension of information security cannot totally be solved by technical and management measures. For understanding and improving the organization behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. Originality/value - A research model was proposed to study the impacts of organizational factors on ISM, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by enterprise managers and decision makers to make favorable tactics for achieving their goals of ISM - mitigating information security risks.
ISSN: 0263-5577
DOI: 10.1108/02635570710734316
Appears in Collections:科技管理研究所

Show full item record

Google ScholarTM




Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.