Information Security and National Culture Comparison between Erp System Security Implementations in Singapore and Sweden

SUMMARY IT security, national culture and enterprise resource planning systems that seem to be three distinctive concepts have been merged in this explorative study. Several factors have contributed to the conception of this converging thesis idea; (1) the growing importance of IT security within organizations, (2) the globalization trend that is " shrinking " the world and bringing varying national cultures more interconnected to each other, and (3) the majority of computer software, not the least Enterprise Resource Planning (ERP) systems, are designed and produced in one country under the influence of one culture, then marketed and used worldwide. The key question that arises from all these factors is how national cultures impact IT security implementation within ERP systems. The empirical study focused on two countries; Singapore in Southeast Asia and Sweden in Northern Europe. Both countries share similar characteristics on a macro perspective, yet culturally contrasting, enabling a comparison on a corporate level. Four companies – two in respective country – were included in the study. The IT or Finance Managers of these companies were interviewed in order to extract basic company and system information, as well as specifically to examine how the authorization process within the ERP system is implemented, communicated, and enforced. The results were then linked to Hofstede's four national culture dimensions for analysis. A significant linkage could be established in the analysis; noticeable variations in IT security implementation existed along Hofstede's dimensions where Singapore and Sweden differed the most culturally (power distance & individualism and collectivism), less or no differences were detected along the other two dimensions (uncertainty avoidance & masculinity and femininity) where Singapore and Sweden were relatively similar culturally. The human factor was identified as essential to the effectiveness of IT security implementation, concurring with previous studies in this field. A general lack of enforcement and sense of priority from the highest-ranking executives was also discovered. In terms of product and managerial implications, national culture-specific solutions to security problems can be designed and implemented, which was demonstrated and applied in a II comprehensive case study based on the company IBS's ERP software and a password security issue uncovered during the interviews. There are also solutions that can be employed universally, yet these measures are general and broad in both purpose and scope, making them expensive to utilize and complex to maintain.