Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture

Computers and Security

Volumn 43, Issue , 2014, Pages 90-110

  Rocha Flores, Waldo ^a   Antonsen, Egil ^a   Ekstedt, Mathias ^a  

^a ROYAL INSTITUTE OF TECHNOLOGY   (Sweden)

Author keywords

Cultural differences; Information security; Knowledge sharing; Mixed methods research; Multigroup analysis; Partial least squares structural equation modeling

Indexed keywords

CULTURAL DIFFERENCE; KNOWLEDGE-SHARING; MIXED-METHODS RESEARCH; MULTI-GROUP; STRUCTURAL EQUATION MODELING;

DIGITAL STORAGE; HUMAN RESOURCE MANAGEMENT; INDUSTRIAL MANAGEMENT; LEAST SQUARES APPROXIMATIONS; MANAGERS; RESEARCH; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS;

KNOWLEDGE MANAGEMENT;

EID: 84898078970     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2014.03.004     Document Type: Article

References (110)

1. E. Albrechtsen A qualitative study of users' view on information security Comput Secur 26 4 2007 Jun 276 289
2. J.C. Anderson, and D.W. Gerbing Predicting the performance of measures in a confirmatory factor analysis with a pretest assessment of their substantive validities J Appl Psychol 76 5 1991 732 740
3. S.D. Applegate Social engineering: hacking the wetware! Inf Secur J Glob Perspect 18 1 2009 Feb 6 40 46 Taylor & Francis
4. J.S. Armstrong, and T.S. Overton Estimating nonresponse bias in mail surveys J Mark Res 14 1977 396 402
5. R.P. Bagozzi, Y. Yi, and L.W. Phillips Assessing construct validity in organizational research Adm Sci Q 36 3 1991 421 458
6. K. Bandyopadhyay, and S. Bandyopadhyay User acceptance of information technology across cultures Int J Intercult Inf Manag 2 3 2010 218 Inderscience Publishers
7. D. Barclay, C. Higgins, and R. Thompson The partial least squares (PLS) approach to causal modeling: personal computer adoption and use as an illustration Technol Stud 2 2 1995 285 309
8. R.M. Baron, and D.A. Kenny The moderator-mediator variable distinction in social psychological research - conceptual, strategic, and statistical considerations J Pers Soc Psychol 51 6 1986 1173 1182
9. P. Belsis, S. Kokolakis, and E. Kiountouzis Information systems security from a knowledge management perspective Inf Manag Comput Secur 13 3 2005 Jan 7 189 202 Emerald Group Publishing Limited
10. N.A. Boyacigiller, and N.J. Adler The parochial dinosaur: organizational science in a global context Acad Manag Rev 16 2 1991 Apr 1 262 290 Academy of Management
11. K. Brotby Information security governance 2009 John Wiley & Sons, Inc.
12. B. Bulgurcu, H. Cavusoglu, and I. Benbasat Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness MIS Q 34 3 2010 Sep 1 523 548
13. A. Calder, and S. Watkins IT governance: a manager's guide to data security and ISO 27001/ISO 27002 4th ed. 2008 Kogan Page
14. S. Chang, and C. Ho Organizational factors to the effectiveness of implementing information security management Ind Manag Data Syst 106 3 2006 345 361
15. K. Chang, and C. Wang Information systems resources and information security Inf Syst Front 13 4 2010 Apr 27 579 593
16. J. Child Organization: a guide to problems and practice 2nd ed. 1984 Paul Chapman Publishing Ltd London
17. W.W. Chin The partial least squares approach to structural equation modeling G.A. Marcoulides, Modern methods for business research 1988 Lawrence Erlbaum Associates Mahwah, NJ 295 358
18. W. Chin, and J. Dibbern An introduction to a permutation based procedure for multi-group PLS analysis: results of tests of differences on simulated data and a cross cultural analysis of the sourcing of information system services between Germany and the USA V.E. Vinzi, W.W. Chin, J. Henseler, H. Wang, Handbook of partial least squares 2010 Springer Berlin Heidelberg 171 193
19. L. Coles-Kemp, and M. Theoharidou Insider threat and information security management C.W. Probst, J. Hunker, M. Bishop, D. Gollmann, Insider threats in cyber security Advances in information security 2010 Springer US 45 71
20. J. Cox Information systems user security: a structured model of the knowing-doing gap Comput Hum Behav 28 5 2012 Sep 1849 1858
21. J.W. Creswell, and V.L. Plano Clark Designing and conducting mixed methods research 2nd ed. 2011 SAGE Thousand Oaks, CA
22. R.E. Crossler, A.C. Johnston, P.B. Lowry, Q. Hu, M. Warkentin, and R. Baskerville Future directions for behavioral information security research Comput Secur 32 null 2013 Feb 90 101
23. J.N. Cummings Work groups, structural diversity, and knowledge sharing in a global organization Manag Sci 50 3 2004 Mar 1 352 364 INFORMS
24. T.H. Davenport, and L. Prusak Working knowledge: how organizations manage what they know 1998 Harvard Business School Press Boston
25. R.F. DeVellis Scale development: theory and applications 1991 Sage Newbury Park, CA
26. G. Dhillon, and J. Backhouse Current directions in IS security research: towards socio-organizational perspectives Inf Syst J 11 2 2001 127 153
27. T. Dinev, J. Goo, Q. Hu, and K. Nam User behaviour towards protective information technologies: the role of national cultural differences Inf Syst J 19 4 2009 Jul 391 412
28. D.H. Doty, and W.H. Glick Common methods bias: does common methods variance really bias results? Organ Res Methods 1 4 1998 Oct 1 374 406
29. S. Dzazali, and A.H. Zolait Assessment of information security maturity: an exploration study of Malaysian public service organizations J Syst Inf Technol 14 1 2012 Mar 17 23 57 Emerald Group Publishing Limited
30. J. D'Arcy, and T. Herath A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings Eur J Inf Syst 20 6 2011 Jun 14 643 658 Nature Publishing Group
31. J. D'Arcy, A. Hovav, and D. Galletta User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach Inf Syst Res 20 1 2008 Jun 20 79 98
32. M. Eberl An application of PLS in multi-group analysis: the need for differentiated corporate-level marketing in the mobile communications industry V.E. Vinzi, W.W. Chin, J. Henseler, H. Wang, Handbook of partial least squares 2010 Springer Berlin Heidelberg 487 514
33. I.J. Fagnot Behavioral information security L. Janczewski, A. Colarik, Encyclopedia of cyber warfare and cyber terrorism 2008 199 205 Hershey, PA, USA
34. D. Feledi, and S. Fenz Challenges of web-based information security knowledge sharing Seventh international conference on availability, reliability and security 2012 IEEE 514 521
35. E. Gal-Or, and A. Ghose The economic incentives for sharing security information Inf Syst Res 16 2 2005 Jun 1 186 208 INFORMS
36. L.A. Gordon, M.P. Loeb, and W. Lucyshyn Sharing information on computer systems security: an economic analysis 22 6 2003
37. H. Guo Knowledge for managing information system security: review and future research directions CONF-IRM 2008 proceedings 2008 Paper 37
38. J. Hair, C. Ringle, and M. Sarstedt PLS-SEM: indeed a silver bullet J Mark Theory Pract 19 2 2011 139 152
39. J.C. Henderson, and N. Venkatraman Strategic alignment: leveraging information technology for transforming organizations IBM Syst J 32 1 1993 Jan 1 4 16
40. T.R. Hinkin, and J.B. Tracey An analysis of variance approach to content validation Organ Res Methods 2 2 1999 Apr 175 186
41. G. Hofstede Culture's consequences: international differences in work related values 1980 SAGE Beverly Hills, CA
42. G. Hofstede Cultural constraints in management theories Acad Manag Perspect 7 1 1993 Feb 1 81 94 Academy of Management
43. G. Hofstede National cultural dimensions [Internet]. Available from: http://geert-hofstede.com/dimensions.html 2013 [cited 13.06.13]
44. Q. Hu, T. Dinev, P. Hart, and D. Cooke Managing employee compliance with information security policies: the critical role of top management and organizational culture Decis Sci 43 4 2012 Aug 28 615 660
45. IBM Corporation SPSS statistics 2010 IBM Corporation
46. P. Ifinedo Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory Comput Secur 31 1 2012 Feb 83 95
47. ISACA Information security governance guidance for boards of directors and executive management 2nd ed. 2006 Rolling Meadows, Illinois
48. T. Jackson Management ethics and corporate policy: A cross-cultural comparison J Manag Stud 37 3 2000 May 349 369
49. C.B. Jarvis, S.B. MacKenzie, and P.M. Podsakoff A critical review of construct indicators and measurement model misspecification in marketing and consumer research J Consum Res 30 2 2003 Sep 21 199 218 The University of Chicago Press
50. K.G. Joreskog, and M. van Thillo LISREL: a general computer program for estimating a linear structural equation system involving multiple indicators of unmeasured variables 1972 Nov 30
51. M. Kandias, A. Mylonas, N. Virvilis, M. Theoharidou, and D. Gritzalis An insider threat prediction model S. Katsikas, J. Lopez, M. Soriano, Trust, privacy and security in digital business Lecture notes in computer science 2010 Springer Berlin Heidelberg 26 37
52. M. Kandias, V. Stavrou, N. Bozovic, and D. Gritzalis Proactive insider threat detection through social media Proceedings of the 12th ACM workshop on privacy in the electronic society - WPES'13 2013 ACM Press New York, NY, USA 261 266 [Internet]. Available from: http://dl.acm.org/citation.cfm?id=2517840. 2517865 [cited 05.03.14]
53. A. Kankanhalli An integrative study of information systems security effectiveness Int J Inf Manag 23 2 2003 Apr 139 154
54. M. Karjalainen, M. Siponen, P. Petri, and S. Suprateek One size does not fit all: different cultures require different information systems security interventions PACIS 2013 proceedings 2013 Paper 98
55. T. Kayworth, and D. Whitten Effective information security requires a balance of social and technology factors MIS Q Exec 9 3 2010 303 315
56. M. Keil, B.C.Y. Tan, K.-K. Wei, T. Saarinen, V. Tuunainen, and A. Wassenaar A cross-cultural study on escalation of commitment behavior in software projects MIS Q 24 2 2000 Jun 1 299 Society for Information Management and The Management Information Systems Research Center
57. P. Klarner, M. Sarstedt, M. Hoeck, and C.M. Ringle Disentangling the effects of team competences, team adaptability, and client communication on the performance of management consulting teams Long Range Plann 46 3 2013 Jun 258 286
58. Knapp KJ, Marshall TE, Rainer RK, Ford FN. Information security effectiveness: conceptualization and validation of a theory. In: Eyob E, editor. Int J Inf Secur Priv. IGI Global; 2007 Jan 31;1(2):37-60.
59. R. Kolodziej-Smith, D. Friesen, and A. Yaprak Does culture affect how people receive and resist persuasive messages? Research proposals about resistance to Persuasion in cultural groups 2013 Glob Adv Bus Commun Antwerp Article 5
60. S. Kvale Interviews. An introduction to qualitative research interviewing 1986 Sage Publications Thousand Oaks, CA
61. C.C. Langlois, and B.B. Schlegelmilch Do corporate codes of ethics reflect national character? Evidence from Europe and the United States J Int Bus Stud 21 4 1990 Dec 1 519 539 Nature Publishing Group
62. A.S. Lee Integrating positivist and interpretive approaches to organizational research Organ Sci 2 4 1991 Nov 1 342 365
63. D. Liu, Y. Ji, and V. Mookerjee Knowledge sharing and investment decisions in information security Decis Support Syst 52 1 2011 95 107
64. M.R. Lynn Determination and quantification of content validity Nurs Res 35 6 2006 382 386
65. S.B. MacKenzie, P.M. Podsakoff, and N.P. Podsakoff Construct measurement and validation procedures in MIS and behavioral research: integrating new and existing techniques MIS Q 35 2 2011 Jun 1 293 334
66. H.R. Markus, and S. Kitayama Culture and the self: implications for cognition, emotion, and motivation Psychol Rev 98 2 1991 224 253
67. S. Mishra, and G. Dhillon Information systems security governance research: a behavioral perspective 2nd Annual symposium on information assurance 2006 New York State
68. A. Navarro, F. Acedo, F. Losada, and E. Ruzo Integrated model of export activity: analysis of heterogeneity in managers' orientations and perceptions on strategic marketing management in foreign markets J Mark Theory Pract 19 2 2011 187 204
69. J.C. Nunnally, and I. Bernstein Psychometric theory 3rd ed. 1994 McGraw Hill New York
70. J.-C. Pai An empirical study of the relationship between knowledge sharing and IS/IT strategic planning (ISSP) Manag Decis 44 1 2006 Jan 1 105 122 Emerald Group Publishing Limited
71. R. Paternoster, and S. Simpson Sanction threats and appeals to morality: testing a rational choice model of corporate crime Law Soc Rev 30 3 1996 549 584
72. P.A. Pavlou, and L. Chai What drives electronic commerce across cultures? A cross-cultural empirical investigation of the theory of planned behavior J Electron Commer Res 3 4 2002 240 253
73. P.A. Pavlou, H. Liang, and Y. Xue Understanding and mitigating uncertainty in online exchange relationships: a principal-agent perspective MIS Q 31 1 2007 Mar 1 105 136
74. S. Petter, D. Straub, and A. Rai Specifying formative constructs in information systems research MIS Q 31 4 2007 623 656
75. P.M. Podsakoff Self-reports in organizational research: problems and prospects J Manag 12 4 1986 Dec 1 531 544
76. P.M. Podsakoff, S.B. MacKenzie, J.-Y. Lee, and N.P. Podsakoff Common method biases in behavioral research: a critical review of the literature and recommended remedies J Appl Psychol 88 5 2003 Oct 879 903
77. P. Puhakainen, and M. Siponen Improving employees' compliance through information systems security training: an action research study MIS Q 34 4 2010 Dec 1 757 778
78. ® Survey 2013 [Internet]. Available from: http://www.pwc.com/gx/en/consulting-services/information-security-survey/index. jhtml 2013
79. W. Reinartz, M. Haenlein, and J. Henseler An empirical comparison of the efficacy of covariance-based and variance-based SEM Int J Res Mark 26 4 2009 Dec 332 344
80. J. Rhodes, R. Hung, P. Lok, B.Y.-H. Lien, and C.-M. Wu Factors influencing organizational knowledge transfer: implication for corporate performance J Knowl Manag 12 3 2008 May 30 84 100 Emerald Group Publishing Limited
81. C.M. Ringle, S. Wende, and A. Will SmartPLS 2005 University of Hamburg Hamburg
82. W. Rocha Flores, and E. Antonsen The development of an instrument for assessing information security in organizations: examining the content validity using quantitative methods Proceedings of the 2013 international conference on information resources management 2013 Natal, Brazil, May 22-24
83. W. Rocha Flores, and M. Korman Conceptualization of constructs for shaping information security behavior: towards a measurement instrument Proceedings of the 7th annual workshop on information security and privacy 2012 Orlando, Florida, USA, December 16
84. W. Rocha Flores, H. Holm, G. Svensson, and G. Ericsson Using phishing experiments and scenario-based surveys to understand security behaviours in practice Inf Manag Comput Secur 2014 [To be available]
85. S.G. Rogelberg, and J.M. Stanton Introduction: understanding and dealing with organizational survey nonresponse Organ Res Methods 10 2 2007 Apr 1 195 209
86. SANS gpwn-list [Internet]. Available from: https://lists.sans.org/ mailman/listinfo/gpwn-list 2013 [cited 01.11.12]
87. A. Sarmento Knowledge management: at a cross-way of perspectives and approaches Inf Resour Manag J 18 1 2005 1 7
88. M. Sarstedt, and C.M. Ringle Treating unobserved heterogeneity in PLS path modeling: a comparison of FIMIX-PLS with different data analysis strategies J Appl Stat 37 8 2010 Aug 1299 1318 Taylor & Francis
89. A.H. Segars, and V. Grover Profiles of strategic information systems planning Inf Syst Res 10 3 1999 Sep 1 199 232 INFORMS
90. M.T. Siponen An analysis of the traditional IS security approaches: implications for research and practice Eur J Inf Syst 14 3 2005 Sep 1 303 315
91. M. Siponen, and A. Vance Neutralization: new insights into the problem of employee systems security policy violations MIS Q 34 3 2010 Sep 1 487 502
92. M. Siponen, and R. Willison Information security management standards: problems and solutions Inf Manag 46 5 2009 267 270
93. T. Sobh, and K. Elleithy Information management for holistic, collaborative information security management Emerging trends in computing, informatics, systems sciences, and engineering 2013 Springer New York New York, NY 211 224
94. T. Sommestad, J. Hallberg, K. Lundholm, and J. Bengtsson Variables influencing information security policy compliance: a systematic review of quantitative studies Inf Manag Comput Secur 22 1 2013 Nov 19 3 Emerald Group Publishing Limited
95. S. Song An internet knowledge sharing system J Comput Inf Syst 42 3 2002 25 30
96. JL Spears, and H Barki User participation in information systems security risk management MIS Q 34 3 2010 503 522
97. M. Srite, and E. Karahanna The role of espoused national cultural values in technology acceptance MIS Q 30 3 2006 Sep 1 679 704 Society for Information Management and The Management Information Systems Research Center
98. G.L. Stewart, and M.R. Barrick Team structure and performance: assessing the mediating role of intrateam process and the moderating role of task type Acad Manag J Acad Manag 43 2 2000 Apr 1 135 148
99. D.W. Straub Effective is security: an empirical study Inf Syst Res 1 3 1990 Sep 1 255 276 INFORMS
100. D. Straub, M.-C. Boudreau, and D. Gefen Validation guidelines for is positivist research Commun Assoc Inf Syst 13 1 2004 380 427
101. L. Sun, R.P. Ivastave, and T.J. Mock An information systems security risk assessment model under the Dempster-Shafer theory of belief functions J Manag Inf Syst 22 4 2006 Apr 109 142
102. F.B. Tan, C. Urquhart, and S. Yan A conceptual model for online shopping behaviour: trust and national culture Proceedings of the 5th international business research forum 2004 Temple University Philadelphia, PA, USA
103. W.M.K. Trochim, and J.P. Donnelly The research methods knowledge base 3rd ed. 2006 Atomic Dog 362
104. A Da Veiga, and J.H.P. Eloff An information security governance framework Inf Syst Manag 24 4 2007 Oct 2 361 372 ACM Press
105. S. Wang, and R.A. Noe Knowledge sharing: a review and directions for future research Hum Resour Manag Rev 20 2 2010 115 131
106. M. Warkentin, and A.C. Johnston It governance and organizational design for security management D.W. Straub, S. Goodman, R.L. Baskerville, Information security: policy, processes, and practice 2007 46 68
107. M. Warkentin, and R. Willison Behavioral and policy issues in information systems security: the insider threat Eur J Inf Syst 18 2 2009 Apr 1 101 105 Nature Publishing Group
108. M. Warkentin, A.C. Johnston, and J. Shropshire The influence of the informal social learning environment on information privacy policy compliance efficacy and intention Eur J Inf Syst 20 3 2011 Jan 25 267 284 Nature Publishing Group
109. R. Werlinger, K. Hawkey, and K. Beznosov An integrated view of human, organizational, and technological challenges of IT security management Inf Manag Comput Secur 17 1 2009 Mar 20 4 19 Emerald Group Publishing Limited
110. O. Zakaria Internalisation of information security culture amongst employees through basic security knowledge S. Fischer-Hübner, K. Rannenberg, L. Yngström, S. Lindskog, Security and privacy in dynamic environments 2006 Kluwer Academic Publishers Boston 437 441