Organizational factors to the effectiveness of implementing information security management

Purpose - This paper aims to examine the influence of organization factors on the effectiveness of implementing BS7799, an information security management (ISM) standard.Design methodology approach - Based on literature review, a research model was formulated by extracting the antecedents of ISM, an...

Full description

Saved in:
Bibliographic Details
Published in:Industrial management + data systems 2006-03, Vol.106 (3), p.345-361
Main Authors: Ernest Chang, Shuchih, Ho, Chienta Bruce
Format: Article
Language:English
Subjects:
Computer information security
Confidentiality
Cybercrime
Cybersecurity
Data security
Empirical analysis
Information management
Information systems
Information technology
Management
Mathematical models
Network security
Organization theory
Organizational effectiveness
Organizations
Security
Security management
Software
Studies
Surveys
Uncertainty
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Purpose - This paper aims to examine the influence of organization factors on the effectiveness of implementing BS7799, an information security management (ISM) standard.Design methodology approach - Based on literature review, a research model was formulated by extracting the antecedents of ISM, and an empirical study was conducted to show how the organizational factors influence organizations in carrying out BS7799.Findings - The study result revealed that there were significant impacts of organizational factors, including IT competence of business managers, environment uncertainty, industry type, and organization size, on the effectiveness of implementing ISM.Research limitations implications - The sample is limited to the organizational factors in Taiwan. It is suggested to replicate this study in other countries to reconfirm the result before adopting its general implications. Owing to the highly intrusive nature of ISM surveys, a cautious approach with rapport and trust is a key success factor in conducting empirical studies on ISM.Practical implications - IT competence is conducive to ISM implementation through subjective norms, leadership, belief, and behavior of ISM activities. Environmental uncertainty positively influences the need for greater innovation, which increases the dependence on IT, and therefore makes the effectiveness of ISM more desirable. Companies in an industry sensitive to security threats should pay more attentions to ISM practice. Corporate executives should also realize the size difference for adopting appropriate ISM strategies.Originality value - A research model was proposed to study the impacts of organizational factors on ISM, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by enterprise managers and decision makers to make favorable tactics for achieving their goals of ISM.
ISSN:0263-5577
1758-5783
DOI:10.1108/02635570610653498