Information system security commitment: a study of external influences on senior management
Article
Article Title | Information system security commitment: a study of external influences on senior management |
---|---|
ERA Journal ID | 17813 |
Article Category | Article |
Authors | Barton, Kevin A. (Author), Tejay, Gurvirender (Author), Lane, Michael (Author) and Terrell, Steve (Author) |
Journal Title | Computers and Security |
Journal Citation | 59, pp. 9-25 |
Number of Pages | 17 |
Year | 2016 |
Place of Publication | United Kingdom |
ISSN | 0167-4048 |
1872-6208 | |
Digital Object Identifier (DOI) | https://doi.org/10.1016/j.cose.2016.02.007 |
Web Address (URL) | https://www.sciencedirect.com/science/article/pii/S0167404816300104 |
Abstract | This paper investigated how senior management is motivated to commit to information system (IS) security. Research shows senior management participation is critical to successful IS security, but has not explained how senior managers are motivated to participate in IS security. Information systems research shows pressures external to the organization have greater influence on senior managers than internal pressures. However, research has not fully examined how external pressures motivate senior management participation in IS security. This study addressed that gap by examining how external pressures motivate senior management participation in ISS through the lens of neo-institutional theory. The research design was survey research. Data collection was through an online survey, and PLS was used for data analysis. Sample size was 167 from a study population of small- and medium-sized enterprises (SMEs) in a mix of industries in the south-central United States. Results supported three of six hypotheses. Mimetic mechanisms were found to influence senior management belief in IS security, and senior management belief in IS security was found to increase senior management participation in IS security. Greater senior management participation in IS security led to greater IS security assimilation in organizations. Three hypotheses were not supported. Correlation was not found between normative influences and senior management belief, normative influences and senior management participation, and coercive influences and senior management participation. This study shows IS security-related mimetic influences have greater impact on senior leaders of SMEs than coercive or normative influences, which may be explained by the absorptive capacity of SMEs. Absorptive capacity refers to the ability of an organization to assimilate a technology. However, absorptive capacity may affect more than just technology assimilation, and may extend to how senior management responds to external influences. |
Keywords | information security governance; senior management commitment; senior management participation; neo-institutional theory; assimilation; external influences |
ANZSRC Field of Research 2020 | 469999. Other information and computing sciences not elsewhere classified |
460908. Information systems organisation and management | |
Public Notes | Files associated with this item cannot be displayed due to copyright restrictions. |
Byline Affiliations | Nova Southeastern University, United States |
School of Management and Enterprise | |
Institution of Origin | University of Southern Queensland |
https://research.usq.edu.au/item/q364q/information-system-security-commitment-a-study-of-external-influences-on-senior-management
1720
total views11
total downloads11
views this month0
downloads this month