Information system security commitment: a study of external influences on senior management

Barton, Kevin A. and Tejay, Gurvirender and Lane, Michael and Terrell, Steve (2016) Information system security commitment: a study of external influences on senior management. Computers and Security, 59. pp. 9-25. ISSN 0167-4048

Abstract

This paper investigated how senior management is motivated to commit to information system (IS) security. Research shows senior management participation is critical to successful IS security, but has not explained how senior managers are motivated to participate in IS security. Information systems research shows pressures external to the organization have greater influence on senior managers than internal pressures. However, research has not fully examined how external pressures motivate senior management participation in IS security. This study addressed that gap by examining how external pressures motivate senior management participation in ISS through the lens of neo-institutional theory. The
research design was survey research. Data collection was through an online survey, and PLS was used for data analysis. Sample size was 167 from a study population of small- and medium-sized enterprises (SMEs) in a mix of industries in the south-central United States.
Results supported three of six hypotheses. Mimetic mechanisms were found to influence senior management belief in IS security, and senior management belief in IS security was found to increase senior management participation in IS security. Greater senior management
participation in IS security led to greater IS security assimilation in organizations. Three hypotheses were not supported. Correlation was not found between normative influences and senior management belief, normative influences and senior management participation, and coercive influences and senior management participation. This study shows IS security-related mimetic influences have greater impact on senior leaders of SMEs than coercive or normative influences, which may be explained by the absorptive capacity of SMEs. Absorptive capacity refers to the ability of an organization to assimilate a technology. However, absorptive capacity may affect more than just technology assimilation, and may extend to
how senior management responds to external influences


Statistics for USQ ePrint 28942
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to Published version in accordance with the copyright policy of the publisher.
Faculty / Department / School: Current - Faculty of Business, Education, Law and Arts - School of Management and Enterprise
Date Deposited: 29 Mar 2016 05:54
Last Modified: 29 Mar 2016 05:54
Uncontrolled Keywords: information security governance; senior management commitment; senior management participation; neo-institutional theory; assimilation; external influences
Fields of Research : 08 Information and Computing Sciences > 0899 Other Information and Computing Sciences > 089999 Information and Computing Sciences not elsewhere classified
08 Information and Computing Sciences > 0806 Information Systems > 080609 Information Systems Management
Socio-Economic Objective: E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Identification Number or DOI: 10.1016/j.cose.2016.02.007
URI: http://eprints.usq.edu.au/id/eprint/28942

Actions (login required)

View Item Archive Repository Staff Only