The role of external and internal influences on information systems security - a neo-institutional perspective

Authors:
Qing Hu;Paul Hart;Donna Cooke
Affiliations:
Department of Information Technology and Operations Management, College of Business, Florida Atlantic University, Florida, United States;Department of Information Technology and Operations Management, College of Business, Florida Atlantic University, Florida, United States;Department of Management, International Business and Entrepreneurship, College of Business, Florida Atlantic University, Florida, United States
Venue:
The Journal of Strategic Information Systems
Year:
2007

Citing 11
Cited 4

The case research strategy in studies of information systems

MIS Quarterly
Security concerns of system users: a study of perceptions of the adequacy of security

Information and Management
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Organizational mechanisms for enhancing user innovation in information technology

MIS Quarterly
The Assimilation of Knowledge Platforms in Organizations: An Empirical Investigation

Organization Science
Analyzing security costs

Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
PFIRES: a policy framework for information security

Communications of the ACM - A game experience in every application
A model for evaluating IT security investments

Communications of the ACM - Has the Internet become indispensable?
Is spyware an Internet nuisance or public menace?

Communications of the ACM - Spyware
Rigor in information systems positivist case research: current practices, trends, and recommendations

MIS Quarterly
Assimilation of enterprise systems: the effect of institutional pressures and the mediating role of top management

MIS Quarterly

Competitive advantage from mandatory investments: An empirical study of Australian firms

The Journal of Strategic Information Systems
HIPAA compliance in home health: a neo-institutional theoretic perspective

Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Value conflicts for information security management

The Journal of Strategic Information Systems
Institutional Influences on Information Systems Security Innovations

Information Systems Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

This research is an attempt to better understand how external and internal organizational influences shape organizational actions for improving information systems security. A case study of a multi-national company is presented and then analyzed from the perspective of neo-institutional theory. The analysis indicates that coercive, normative, and mimetic isomorphic processes were evident, although it was difficult to distinguish normative from mimetic influences. Two internal forces related to work practices were identified representing resistance to initiatives to improve security: the institutionalization of work mobility and the institutionalization of efficiency outcomes expected with the adoption of company initiatives, especially those involving information technology. The interweaving of top-down and bottom-up influences resulted in an effort to reinforce, and perhaps reinstitutionalize the systems component of information security. The success of this effort appeared to hinge on top management championing information system security initiatives and propagating an awareness of the importance of information security among employees at all levels of the company. The case shows that while regulatory forces, such as the Sarbanes-Oxley Act, are powerful drivers for change, other institutional influences play significant roles in shaping the synthesis of organizational change.