Abstract
PurposeThe purpose of this paper is to expand current knowledge about the security organizational practices and analyze its effects on the information security management performance.Design/methodology/approachBased on the literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 111 responses from CEOs at manufacturing small- and medium-sized enterprises (SMEs) that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with EQS 6.1 software.FindingsResults validate that information security knowledge sharing, information security education and information security visibility, as well as security organizational practices, have a positive effect on the information security management performance.Research limitations/implicationsThe consideration of organizational aspects of information security should be taken into account by academics, practitioners and policymakers in SMEs. Besides, the work helps validate novel constructs used in recent research (information security knowledge sharing and information security visibility).Practical implicationsThe authors extend previous works by analyzing how security organizational practices affect the performance of information security. The results suggest that an improved performance of information security in the industrial SMEs requires innovative practices to foster knowledge sharing among employees.Originality/valueThe literature recognizes the need to develop empirical research on information security focused on SMEs. Besides the need to identify organizational practices that improve information security, this paper empirically investigates SMEs’ organizational practices in the security of information and analyzes its effects on the performance of information security.
Highlights
IntroductionDigital interrelations fostered by the Internet, IoT, Cloud computing and other technologies, in which people and companies act as interconnected and interdependent nodes, have meant that information security has a strategic importance (Doherty and Fulford, 2005; Chen et al, 2008; Cram et al, 2017), especially in business environments, where the competitiveness of organizations depends on their ability to manage the information (Drucker, 2002; Gordon andLoeb, 2006; Preston and Karahanna, 2009; Soomro et al, 2016).Global spending on IT security in 2017 has increased to $96.3 billion at a growth rate of 8 percent, which doubles the rate of IT budgets over the last two years (Gartner, 2017).Organisations are increasingly focusing on implementing information security products such as anti-virus, intrusion detection and prevention systems, database/contents security, total security systems and public key infrastructure (Venter and Eloff, 2003; Cavusoglu et al, 2009)
This paper aims to examine how companies can improve the performance of information security through organizational practices such as Information security education, Information Knowledge sharing and Information security visibility, in the specific context of industrial small and medium-sized enterprises (SMEs)
This paper investigates the effects of information security organizational practices (Information security knowledge sharing, Information security education, Information security visibility) on the performance of Information security management in industrial SMEs
Summary
Digital interrelations fostered by the Internet, IoT, Cloud computing and other technologies, in which people and companies act as interconnected and interdependent nodes, have meant that information security has a strategic importance (Doherty and Fulford, 2005; Chen et al, 2008; Cram et al, 2017), especially in business environments, where the competitiveness of organizations depends on their ability to manage the information (Drucker, 2002; Gordon andLoeb, 2006; Preston and Karahanna, 2009; Soomro et al, 2016).Global spending on IT security in 2017 has increased to $96.3 billion at a growth rate of 8 percent, which doubles the rate of IT budgets over the last two years (Gartner, 2017).Organisations are increasingly focusing on implementing information security products such as anti-virus, intrusion detection and prevention systems, database/contents security, total security systems and public key infrastructure (Venter and Eloff, 2003; Cavusoglu et al, 2009). Despite the prevalence of technical security measures, studies have reported that internal security incidents continue to happen and create more damage and losses than security incidents caused by outsiders (Baskerville et al, 2014) In this sense, experts growingly argue that the main cause for information security incidents lies mainly with employees’ behavioural and organizational factors rather than technical issues per se, which implies a turn to internal problems attributed to the organizational practices and users of information systems (Siponen et al, 2014; Soomro et al, 2016; Doherty and Tajuddin, 2018; Moody et al, 2018). Recent research indicates the need of a more holistic approach to understand information security management (Soomro et al, 2016; Cram et al, 2017; Doherty and Tajuddin, 2018)
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
