THE IMPACT OF POSITIVE ORGANISATIONAL CULTURE VALUES ON INFORMATION SECURITY MANAGEMENT IN THE COMPANY

Information explosion and pressures are leading organizations to invest heavily in information security to ensure that information technology decisions align with business goals and manage risks. Limited studies have been done using small- and-medium-sized enterprises (SMEs) in the manufacturing sector. Furthermore, a small number of parameters have been used in the previous studies. This research aims to examine and analyze the effect of security organizational practices on information security management performance with many parameters. A model has been developed together with hypotheses to evaluate the impact of organizational practices on information security management performance. The data is collected from 171 UK employees at manufacturing SMEs that had already implemented security policies. The structure equation model is employed via the SPSS Amos 22 tool for the evaluation of results. Our results state that security training, knowledge sharing, security education, and security visibility significantly impact information security performance. In addition, this study highlights a significant impact of both security training and knowledge sharing on trust in the organization. Business leaders and decision-makers can reference the proposed model and the corresponding study results to develop favourable tactics to achieve their goals regarding information security management.

Download Full-text

The impact of information security management practices on organisational agility

Information and Computer Security ◽

10.1108/ics-02-2020-0020 ◽

2020 ◽

Vol 28 (5) ◽

pp. 681-700

Author(s):

Muhamad Khairulnizam Zaini ◽

Mohamad Noorman Masrek ◽

Mad Khir Johari Abdullah Sani

Keyword(s):

Information Security ◽

Structural Equation ◽

Management Practices ◽

Security Management ◽

Partial Least Square ◽

Least Square ◽

Information Security Management ◽

Content Type ◽

The Impact ◽

Organisational Agility

Purpose This study aims to determine the extent to which information security management (ISM) practices impact the organisational agility by examining the relationship between both concepts. Design/methodology/approach A quantitative method research design has been used in this study. This study was conducted throughout Malaysia with a total of 250 valid questionnaires obtained from managers and executives from the Multimedia Super Corridor (MSC)-status companies. Structural equation modelling (SEM) using partial least square was used to analyse the data and to test all nine hypotheses developed in this study. Findings Findings from this study indicate that operational agility (OA) is significantly related to ISM practices in MSC-status companies. The validation of the structural model of nine hypotheses developed for this study has demonstrated satisfactory results, exhibited six significant direct relationships and three insignificant relationships. Research limitations/implications This study has addressed the needs for a comprehensive, coherent and empirically tested ISM practices and organisational agility framework. The current theoretical framework used in this study emphasised on the ISM–organisational agility dimensions that are predominantly important to ascertain high level of ISM practices and perceived agility level among the information technology (IT) business companies in Malaysia. With the application of SEM for powerful analysis, the empirical-based framework established in this study was validated by the empirical findings, thus contributing significantly to the field of information security (InfoSec). Originality/value This study has filled the research gap between different constructs of ISM practices and OA. The model put forth in this study contributes in several ways to the InfoSec research community. The recognition of InfoSec practices that could facilitate organisational agility in the IT industry in Malaysia is vital and contributes to more value creation for the organisations.

Download Full-text