The role of external and internal influences on information systems security - a neo-institutional perspective

نویسندگان

  • Qing Hu
  • Paul J. Hart
  • Donna Cooke
چکیده

This research is an attempt to better understand how external and internal organizational influences shape organizational actions for improving information systems security. A case study of a multi-national company is presented and then analyzed from the perspective of neo-institutional theory. The analysis indicates that coercive, normative, and mimetic isomorphic processes were evident, although it was difficult to distinguish normative from mimetic influences. Two internal forces related to work practices were identified representing resistance to initiatives to improve security: the institutionalization of work mobility and the institutionalization of efficiency outcomes expected with the adoption of company initiatives, especially those involving information technology. The interweaving of top–down and bottom–up influences resulted in an effort to reinforce, and perhaps reinstitutionalize the systems component of information security. The success of this effort appeared to hinge on top management championing information system security initiatives and propagating an awareness of the importance of information security among employees at all levels of the company. The case shows that while regulatory forces, such as the Sarbanes-Oxley Act, are powerful drivers for change, other institutional influences play significant roles in shaping the synthesis of organizational change. 2007 Elsevier B.V. All rights reserved. 0963-8687/$ see front matter 2007 Elsevier B.V. All rights reserved. doi:10.1016/j.jsis.2007.05.004 q An earlier version of this paper was presented at the 39th Hawaii International Conference of Systems Science on January 4–7, 2006 and published in the conference proceedings. * Corresponding author. E-mail addresses: [email protected] (Q. Hu), [email protected] (P. Hart), [email protected] (D. Cooke). 154 Q. Hu et al. / Journal of Strategic Information Systems 16 (2007) 153–172

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The Effects of Intra- and Extra-Organizational Factors on Management Accounting Practices in the Privatization Processes: Evidence from Iran

The specific aim of this academic study is to investigate the possible impacts of external and internal factors in the unique process of privatization on the changes of management accounting practices in listed companies of Tehran Stock Exchange which more than 51% of this companies' shares have been transferred to the private sector. For this purpose, a theoretical framework scientifically bas...

متن کامل

Information Security Policy Compliance in Higher Education: A Neo-Institutional Perspective

External pressures could be a powerful force that drives the institution of higher education to attain information security policy compliance. Drawing on the Neo-Institutional Theory (NIT), this study examined how the three external expectations: regulative, normative, and cognitive expectations, impel the higher education of the United States to reach information security policy compliance. Th...

متن کامل

Information system security commitment: A study of external influences on senior management

This paper investigated how senior management is motivated to commit to information system (IS) security. Research shows senior management participation is critical to successful IS security, but has not explained how senior managers are motivated to participate in IS security. Information systems research shows pressures external to the organization have greater influence on senior managers th...

متن کامل

Strategic Response to the Institutional Process on the Adoption and Assimilation of

Institutional theories have been adopted to explain and predict the process of Information Systems (IS) innovation in organisations. However, most institutional-centred frameworks overlook the significance of external economic efficiency and internal organisational capability when organisations consider strategic responses to institutional conformity pressure. Focusing on the diffusion of IS se...

متن کامل

An Institutional Lens on Cloud Computing Adoption - a Study of Institutional Factors and Adoption Strategies

This paper reports from an empirical study that focuses on cloud computing (CC) adoption in various contexts. The findings build upon 25 interviews conducted in both Norwegian and Egyptian organizations. We utilized a neo-institutional lens as a guide to understand the internal and external factors, and their various influences on shaping CC adoption strategies. We identified five external inst...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • J. Strategic Inf. Sys.

دوره 16  شماره 

صفحات  -

تاریخ انتشار 2007