Strategic information systems security initiatives have seldom been successful. The increasing complexity of the business environment in which organizational security must be operationalized presents challenges. There has also been a problem with understanding the patterns of interactions among stakeholders that lead to instituting such an initiative. The overall aim of this research is to enhance understanding of the issues and concerns in shaping strategic information systems security initiative. To be successful, a proper undertaking of the content, context and process of the formulation and institutionalization of a security initiative is essential. It is also important to align the interconnections between these three key components. In conducting the argument, this dissertation analyzes information systems security initiatives in two large government organizations—Information Technology Agency and Department of Transportation. The research methodology adopts an interpretive approach of inquiry. Findings from the case studies show that the strategic security initiative should be harmonious with the cultural continuity of an organization rather than significantly changing the existing opportunity and constraint structures. The development of security cultural resources like security policy may be used as a tool for propagating a secure view of the social world. For secure organizational transformation, one must consider the organizational security structure, knowledgeability of agents in perceiving secure organizational posture, and global security catalysts (such as establishing trust relations and security related institutional reflexivity). The inquiry indicates that strategic security change would be successful in an organization if developed and implemented in a brief yet quantum leap adopting an emergent security strategy in congruence with organizational security values.
Recommendations
Review: it-dependent strategic initiatives and sustained competitive advantage: a review and synthesis of the literature
The role of information systems in the creation and appropriation of economic value has a long tradition of research, within which falls the literature on the sustainability of IT-dependent competitive advantage. In this article, we formally define the ...
Institutional Influences on Information Systems Security Innovations
This research investigates information security management as an administrative innovation. Although a number of institutional theories deal with information systems (IS) innovation in organizations, most of these institutional-centered frameworks ...
Managing Security in Organizations: Adoption of Information Security Solutions
SIGMIS-CPR '17: Proceedings of the 2017 ACM SIGMIS Conference on Computers and People ResearchWe develop an integrative model grounded in two theoretical perspectives -- the diffusion of innovation theory and the technology-organization-environment framework -- to examine the diffusion of information security solutions (ISS) in organizations. We ...