Perceived information security of internal users in Indian IT services industry

Quantified Score

Visualization

Abstract

Information security governance dominates the senior management's agenda in overall organizational informance technology (IT) governance. The globalization trends encompassing all businesses, and risks of information leakage forces organizations to institute mechanisms to protect it. In order to achieve adequate level of protection, organizations implement information security management systems (ISMS). The effectiveness of ISMS depends on the implementation strength of security controls. Several studies have detailed out the qualitative nature of information security measurements and quantitative studies have always remained a challenge. This empirical study focuses on the information security perceptions of internal users of the organization on the security controls, customer influence and the support provided by the top management. The perception of internal users referred as perceived information security is measured based on the degree of confidence expressed by the internal users towards the security objectives namely, confidentiality, integrity, availability, accountability and reliability. In an attempt to align the interest of researchers and practitioners, the study surveys major developments in the field of ISMS and proposes a construct for a holistic comprehension of `Perceived Information Security'. The survey based research methodology focuses on the perceptions of the internal users such as Security program Implementers, Business Users and Senior Management. The findings of the study in the context of Indian IT services industry have been presented. The contributions of the research paper include providing insights into perceived information security of internal users of the organization, an empirical approach for studying perceived information security and a holistic framework for information security in Indian IT organizations.