Conceptualizing the Relationships between Information Security Management Practices and Organizational Agility

Abstract

Inspired by the limited number of studies exploring the relationship between information security practices and organizational agility, the paper proposes a framework linking these two variables. The dependent variable which is organizational agility is operationalized using three dimensions which are operational agility, customer agility and partnering agility. The independent variable which is information security management practices is operationalized using there dimensions which are organizational, technical and physical and environment. The organizational dimension is further divided into information security policies, organization of information security, asset classification and management, compliance, human resource security, business continuity management and supplier relationships. The technical dimensions consists of access control, cryptography, operations security, communication security, system acquisition, development and maintenance, and incident management. The third dimension that is physical and environment security contains one dimension that is secure areas and equipment. The proposed framework is most suitable to be studied using survey research with firm or business organization as the unit of analysis.