Security concerns of system users: a study of perceptions of the adequacy of security
Information and Management
The Assimilation of Knowledge Platforms in Organizations: An Empirical Investigation
Organization Science
Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
PFIRES: a policy framework for information security
Communications of the ACM - A game experience in every application
A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
Is spyware an Internet nuisance or public menace?
Communications of the ACM - Spyware
Competitive advantage from mandatory investments: An empirical study of Australian firms
The Journal of Strategic Information Systems
HIPAA compliance in home health: a neo-institutional theoretic perspective
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Value conflicts for information security management
The Journal of Strategic Information Systems
Institutional Influences on Information Systems Security Innovations
Information Systems Research
Hi-index | 0.00 |
This research is an attempt to better understand how external and internal organizational influences shape organizational actions for improving information systems security. A case study of a multi-national company is presented and then analyzed from the perspective of neo-institutional theory. The analysis indicates that coercive, normative, and mimetic isomorphic processes were evident, although it was difficult to distinguish normative from mimetic influences. Two internal forces related to work practices were identified representing resistance to initiatives to improve security: the institutionalization of work mobility and the institutionalization of efficiency outcomes expected with the adoption of company initiatives, especially those involving information technology. The interweaving of top-down and bottom-up influences resulted in an effort to reinforce, and perhaps reinstitutionalize the systems component of information security. The success of this effort appeared to hinge on top management championing information system security initiatives and propagating an awareness of the importance of information security among employees at all levels of the company. The case shows that while regulatory forces, such as the Sarbanes-Oxley Act, are powerful drivers for change, other institutional influences play significant roles in shaping the synthesis of organizational change.