Organizational practices as antecedents of the information security management performance

Author:

Pérez-González DanielORCID,Preciado Sara Trigueros,Solana-Gonzalez Pedro

Abstract

Purpose The purpose of this paper is to expand current knowledge about the security organizational practices and analyze its effects on the information security management performance. Design/methodology/approach Based on the literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 111 responses from CEOs at manufacturing small- and medium-sized enterprises (SMEs) that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with EQS 6.1 software. Findings Results validate that information security knowledge sharing, information security education and information security visibility, as well as security organizational practices, have a positive effect on the information security management performance. Research limitations/implications The consideration of organizational aspects of information security should be taken into account by academics, practitioners and policymakers in SMEs. Besides, the work helps validate novel constructs used in recent research (information security knowledge sharing and information security visibility). Practical implications The authors extend previous works by analyzing how security organizational practices affect the performance of information security. The results suggest that an improved performance of information security in the industrial SMEs requires innovative practices to foster knowledge sharing among employees. Originality/value The literature recognizes the need to develop empirical research on information security focused on SMEs. Besides the need to identify organizational practices that improve information security, this paper empirically investigates SMEs’ organizational practices in the security of information and analyzes its effects on the performance of information security.

Publisher

Emerald

Subject

Library and Information Sciences,Computer Science Applications,Information Systems

Reference66 articles.

1. Improving information security awareness and behaviour through dialogue, participation and collective reflection: an intervention study;Computers & Security,2010

2. Design and validation of information security culture framework;Computers in Human Behavior,2015

3. On the evaluation of structure equation models;Journal of the Academy of Marketing Science,1998

4. Incident-centered information security: managing a strategic balance between prevention and response;Information & Management,2014

5. Information systems security from a knowledge management perspective;Information Management & Computer Security,2005

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3