Information system security commitment: a study of external influences on senior management

Barton, Kevin A. and Tejay, Gurvirender and Lane, Michael ORCID: https://orcid.org/0000-0001-6534-4902 and Terrell, Steve (2016) Information system security commitment: a study of external influences on senior management. Computers and Security, 59. pp. 9-25. ISSN 0167-4048


Abstract

This paper investigated how senior management is motivated to commit to information system (IS) security. Research shows senior management participation is critical to successful IS security, but has not explained how senior managers are motivated to participate in IS security. Information systems research shows pressures external to the organization have greater influence on senior managers than internal pressures. However, research has not fully examined how external pressures motivate senior management participation in IS security. This study addressed that gap by examining how external pressures motivate senior management participation in ISS through the lens of neo-institutional theory. The research design was survey research. Data collection was through an online survey, and PLS was used for data analysis. Sample size was 167 from a study population of small- and medium-sized enterprises (SMEs) in a mix of industries in the south-central United States. Results supported three of six hypotheses. Mimetic mechanisms were found to influence senior management belief in IS security, and senior management belief in IS security was found to increase senior management participation in IS security. Greater senior management participation in IS security led to greater IS security assimilation in organizations. Three hypotheses were not supported. Correlation was not found between normative influences and senior management belief, normative influences and senior management participation, and coercive influences and senior management participation. This study shows IS security-related mimetic influences have greater impact on senior leaders of SMEs than coercive or normative influences, which may be explained by the absorptive capacity of SMEs. Absorptive capacity refers to the ability of an organization to assimilate a technology. However, absorptive capacity may affect more than just technology assimilation, and may extend to how senior management responds to external influences.


Statistics for USQ ePrint 28942
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to Published version in accordance with the copyright policy of the publisher.
Faculty/School / Institute/Centre: Historic - Faculty of Business, Education, Law and Arts - School of Management and Enterprise (1 Jul 2013 - 17 Jan 2021)
Faculty/School / Institute/Centre: Historic - Faculty of Business, Education, Law and Arts - School of Management and Enterprise (1 Jul 2013 - 17 Jan 2021)
Date Deposited: 29 Mar 2016 05:54
Last Modified: 29 Sep 2021 01:58
Uncontrolled Keywords: information security governance; senior management commitment; senior management participation; neo-institutional theory; assimilation; external influences
Fields of Research (2008): 08 Information and Computing Sciences > 0899 Other Information and Computing Sciences > 089999 Information and Computing Sciences not elsewhere classified
08 Information and Computing Sciences > 0806 Information Systems > 080609 Information Systems Management
Fields of Research (2020): 46 INFORMATION AND COMPUTING SCIENCES > 4699 Other information and computing sciences > 469999 Other information and computing sciences not elsewhere classified
46 INFORMATION AND COMPUTING SCIENCES > 4609 Information systems > 460908 Information systems organisation and management
Socio-Economic Objectives (2008): E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Identification Number or DOI: https://doi.org/10.1016/j.cose.2016.02.007
URI: http://eprints.usq.edu.au/id/eprint/28942

Actions (login required)

View Item Archive Repository Staff Only