Organizational factors to the effectiveness of implementing information security management

Industrial Management and Data Systems

Volumn 106, Issue 3, 2006, Pages 345-361

  Chang, Shuchih Ernest ^a   Ho, Chienta Bruce ^a  

^a NATIONAL CHUNG HSING UNIVERSITY   (Taiwan)

Author keywords

Data security; Information management; Information systems; Organizational effectiveness

Indexed keywords

INFORMATION SYSTEMS; ORGANIZATIONAL EFFECTIVENESS;

COMPUTER SIMULATION; INFORMATION TECHNOLOGY; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS;

INFORMATION MANAGEMENT;

EID: 33645031405     PISSN: 02635577     EISSN: None     Source Type: Journal    
DOI: 10.1108/02635570610653498     Document Type: Article

References (70)

1. Alshawaf, A.H., Ali, J.M.H. and Hasan, M.H. (2005), "A benchmarking framework for information systems management issues in Kuwait", Benchmarking: An International Journal, Vol. 12 No. 1, pp. 30-44.
2. Bassellier, G., Benbasat, I. and Reich, B.H. (2003), "The influence of business managers' IT competence on championing IT", Information Systems Research, Vol. 14 No. 4, pp. 317-36.
3. Bassellier, G., Reich, B.H. and Benbasat, I. (2001), "Information technology competence of business managers: a definition and research model", Journal of Management Information Systems, Vol. 17 No. 4, pp. 159-82.
4. Bishop, M. (2003), "What is computer security?", IEEE Security and Privacy, Vol. 1 No. 1, pp. 67-9.
5. Brancheau, J.C., Janz, B.D. and Wetherbe, J.C. (1996), "Key issues in information systems management: 1994-95 SIM Delphi results", MIS Quarterly, Vol. 20 No. 2, pp. 225-42.
6. BS7799-1 (1999), Information Security Management - Part 1: Code of Practice for Information Security Management, British Standards Institute, London.
7. BS7799-2 (1999), Information Security Management - Part 2: Specification for Information Security Management System, British Standards Institute, London.
8. Chellappa, R.K. and Pavlou, P.A. (2002), "Perceived information security, financial liability and consumer trust in electronic commerce transactions", Logistics Information Management, Vol. 15 Nos 5/6, pp. 358-68.
9. Chiu, R-K. and Chen, J.C.H. (2005), "A generic service model for secure data interchange", Industrial Management & Data Systems, Vol. 105 No. 5, pp. 662-81.
10. Chou, H-W. and Jou, S-B. (1999), "MIS key issues in Taiwan's enterprises", International Journal of Information Management, Vol. 19 No. 5, pp. 369-87.
11. Chou, D.C., Yen, D.C., Lin, B. and Cheng, P.H-L. (1999), "Cyberspace security management", Industrial Management & Data Systems, Vol. 99 No. 8, pp. 353-61.
12. Croteau, A-M. and Raymond, L. (2004), "Performance outcomes of strategic and IT competencies alignment", Journal of Information Technology, Vol. 19, pp. 178-90.
13. CSI/FBI (2004), 2004 CSI/FBI Computer Crime and Security Survey, Computer Security Institute, San Francisco, CA, available at: www.gocsi.com/.
14. Daft, R., Sormunem, J. and Parks, D. (1988), "Chief executive scanning, environmental characteristics, and company performance: an empirical study", Strategic Management Journal, Vol. 9 No. 2, pp. 123-39.
15. David, J. (2002), "Policy enforcement in the workplace", Computers & Security, Vol. 21 No. 6, pp. 506-13.
16. Department of Trade and Industry (1991), Information Technology Security Evaluation Criteria (ITSEC), Harmonized Criteria, Version 1.2, Department of Trade and Industry, London.
17. Dhillon, G. and Backhouse, J. (2000), "Information system security management in the new millennium", Communications of the ACM, Vol. 43 No. 7, pp. 125-8.
18. Dill, W.R. (1958), "Environment as an influence on managerial autonomy", Administrative Science Quarterly, Vol. 2 No. 4, pp. 409-43.
19. Doddrell, G.R. (1996), "Information security and the internet", Internet Research, Vol. 6 No. 1, pp. 5-9.
20. Duncan, R. (1972), "Characteristics of organizational environments and perceived environmental uncertainties", Administrative Science Quarterly, Vol. 17 No. 3, pp. 313-27.
21. Dutta, A. and McCrohan, K. (2002), "Management's role in information security in a cyber economy", California Management Review, Vol. 45 No. 1, pp. 67-87.
22. Eloff, M.M. and von Solms, S.H. (2000), "Information security management: an approach to combine process certification and product evaluation", Computers & Security, Vol. 19 No. 3, pp. 698-709.
23. Farmer, D. and Warburg, S.G. (1997), "A management view of internet electronic commerce security", Computers & Security, Vol. 16 No. 4, pp. 316-20.
24. Foltz, C.B., Cronan, T.P. and Jones, T.W. (2005), "Have you met your organization's computer usage policy?", Industrial Management & Data Systems, Vol. 105 No. 2, pp. 137-46.
25. Friedman, B., Kahn, P. Jr and Howe, D. (2000), "Trust online", Communications of the ACM, Vol. 43 No. 12, pp. 34-40.
26. Fung, A.R-W., Farn, K-J. and Lin, A.C. (2003), "Paper: a study on the certification of the information security management systems", Computer Standards & Interfaces, Vol. 25 No. 5, pp. 447-61.
27. Galanxhi-Janaqi, H. and Nah, F.F-H. (2004), "U-commerce: emerging trends and research issues", Industrial Management & Data Systems, Vol. 104 No. 9, pp. 744-55.
28. Ghobadian, A. and Gallear, D. (1997), "TQM and organization size", International Journal of Operations & Production Management, Vol. 17 No. 2, pp. 121-63.
29. Goes, J.B. and Park, S.H. (1997), "Interorganizational links and innovation: the case of hospital services", Academy of Management Journal, Vol. 40 No. 3, pp. 673-96.
30. Goodhue, D.L. and Straub, D.W. (1991), "Security concerns of system users: a study of perceptions of the adequacy of security", Information & Management, Vol. 20 No. 1, pp. 13-27.
31. Grant, R. (2004), Contemporary Strategy Analysis, 5th ed., Blackwell, Oxford.
32. Helo, P. (2004), "Managing agility and productivity in the electronics industry", Industrial Management & Data Systems, Vol. 104 No. 7, pp. 567-77.
33. Henderson, J.C. (1990), "Plugging into strategic partnerships: the critical IS connection", Sloan Management Review, Vol. 31 No. 3, pp. 7-18.
34. Hoffer, J.A. and Straub, D.W. (1989), "The 9 to 5 underground: are you policing computer crimes?", Sloan Management Review, Vol. 30 No. 4, pp. 35-43.
35. Holzinger, A. (2000), "Information security management and assurance", Information Systems Security, Vol. 9 No. 2, pp. 32-9.
36. Hong, K-S., Chi, Y-P., Chao, L.R. and Tang, J-H. (2003), "An integrated system theory of information security management", Information Management & Computer Security, Vol. 11 No. 5, pp. 243-8.
37. Huang, S-M., Chang, I-C., Li, S-H. and Lin, M-T. (2004), "Assessing risk in ERP projects: identify and prioritize the factors", Industrial Management & Data Systems, Vol. 104 No. 8, pp. 681-8.
38. Hung, Y-C., Huang, S-M., Lin, Q-P. and Tsai, M-L. (2005), "Critical factors in adopting a knowledge management system for the pharmaceutical industry", Industrial Management & Data Systems, Vol. 105 No. 2, pp. 164-83.
39. Information Security Magazine (2002), "2002 ISM survey: does size matter?", Information Security, September, available at: http://infosecuritymag.techtarget.com/2002/sep/2002survey.pdf.
40. Ju, T., Chen, S-H., Li, C-Y. and Lee, T-S. (2005), "A strategic contingency model for technology alliance", Industrial Management & Data Systems, Vol. 105 No. 5, pp. 623-44.
41. Kaiser, H. (1974), "An index of factorial simplicity", Psychometrika, Vol. 39, pp. 31-6.
42. Kankanhalli, A., Teo, H-H., Tan, B.C.Y. and Wei, K.K. (2003), "An integrative study of information systems security effectiveness", International Journal of Information Management, Vol. 23 No. 2, pp. 139-54.
43. Kearns, G.S. and Lederer, A.L. (2004), "The impact of industry contextual factors on IT focus and the use of IT for competitive advantage", Information & Management, Vol. 41 No. 7, pp. 899-919.
44. Kotulic, A.G. and Clark, J.G. (2004), "Why there aren't more information security research studies", Information & Management, Vol. 41 No. 5, pp. 597-607.
45. Kritchanchai, D. (2004), "Assessing responsiveness of the food industry in Thailand", Industrial Management & Data Systems, Vol. 104 No. 5, pp. 384-95.
46. Leonard-Barton, D. (1998), Wellsprings of Knowledge: Building and Sustaining the Sources of Innovation, Harvard Business School Press, Boston, MA.
47. Markus, M.L. (2004), "Technochange management: using IT to drive organizational change", Journal of Information Technology, Vol. 19, pp. 4-20.
48. Nunnally, J. (1978), Psychometric Theory, 2nd ed., McGraw-Hill, New York, NY.
49. Olnes, J. (1994), "Development of security policies", Computers & Security, Vol. 13 No. 8, pp. 628-36.
50. Peltier, T.R. (2003), "Preparing for ISO17799", Information Systems Security, Vol. 11 No. 6, pp. 21-8.
51. Raymond, L. (1990), "Organizational context and information systems success: a contingency approach", Journal of Management Information Systems, Vol. 6 No. 4, pp. 5-20.
52. Reich, B.H. and Benbasat, I. (2000), "Factors that influence the social dimension of alignment between business and information technology objectives", MIS Quarterly, Vol. 24 No. 1, pp. 81-111.
53. Rockart, J.F., Earl, M.J. and Ross, J.W. (1996), "Eight imperatives for the new IT organization", Sloan Management Review, Vol. 38 No. 1, pp. 43-55.
54. Sabherwal, R. and Chan, Y.E. (2001), "Alignment between business and IS strategies: a study of prospectors, analyzers and defenders", Information Systems Research, Vol. 12 No. 1, pp. 11-33.
55. Salisbury, W.D., Pearson, R.A., Pearson, A.W. and Miller, D.W. (2001), "Perceived security and world wide web purchase intention", Industrial Management & Data Systems, Vol. 101 No. 4, pp. 165-76.
56. Sanderson, E. and Forcht, K.A. (1996), "Information security in business environments", Information Management & Computer Security, Vol. 4 No. 1, pp. 32-7.
57. Sawyerr, O.O., McGee, J. and Peterson, M. (2003), "Perceived uncertainty and firm performance in SMEs", International Small Business Journal, Vol. 21 No. 3, pp. 269-88.
58. Sharratt, J. and McMurdo, A. (1992), "Managing the information explosion", Journal of Information Resource Management, Vol. 3 No. 3, pp. 5-64.
59. So, M. and Sculli, D. (2002), "The role of trust, quality, value and risk in conducting e-business", Industrial Management & Data Systems, Vol. 102 No. 9, pp. 503-12.
60. Stanton, J.M., Stam, K.R., Mastrangelo, P. and Jolton, J. (2005), "Analysis of end user security behaviors", Computers & Security, Vol. 24 No. 2, pp. 124-33.
61. Taylor, W.A. (1995), "Organizational differences in ISO 9000 implementation practices", International Journal of Quality & Reliability Management, Vol. 12 No. 7, pp. 10-17.
62. Taylor, T. and McGraw, P. (2004), "Succession management practices in Australian organizations", International Journal of Manpower, Vol. 25 No. 8, pp. 741-58.
63. Tong, C.K.S., Fung, K.H., Huang, H.Y.H. and Chan, K.K. (2003), "Implementation of ISO17799 and BS7799 in picture archiving and communication system: local experience in implementation of BS7799 standard", International Congress Series, Vol. 1256, pp. 311-8.
64. van den Hoven, J. (1999), "Information resource management: stewards of data", Information Systems Management, Vol. 16 No. 1, pp. 88-90.
65. Vermeulen, C. and von Solms, R. (2002), "The information security management toolbox - taking the pain out of security management", Information Management & Computer Security, Vol. 10 Nos 2/3, pp. 119-25.
66. von Solms, R. (1996), "Information security management: the second generation", Computers & Security, Vol. 15 No. 4, pp. 281-8.
67. von Solms, B. and von Solms, R. (2004), "The 10 deadly sins of information security management", Computers & Security, Vol. 23 No. 5, pp. 371-6.
68. Whitman, M. (2004), "In defense of the realm: understanding the threats to information security", International Journal of Information Management, Vol. 24 No. 1, pp. 43-57.
69. Yang, S-M., Yang, M-H. and Wu, J-T.B. (2005), "The impacts of establishing enterprise information portals on e-business performance", Industrial Management & Data Systems, Vol. 105 No. 3, pp. 349-68.
70. Zhao, F. (2004), "Management of information technology and business process re-engineering: a case study", Industrial Management & Data Systems, Vol. 104 No. 8, pp. 674-80.