To read this content please select one of the options below:

Information security: management's effect on culture and policy

Kenneth J. Knapp (US Air Force Academy, Colorado Springs, Colorado, USA)
Thomas E. Marshall (Department of Management, College of Business, Auburn University, Auburn, Alabama, USA)
R. Kelly Rainer (Department of Management, College of Business, Auburn University, Auburn, Alabama, USA)
F. Nelson Ford (Department of Management, College of Business, Auburn University, Auburn, Alabama, USA)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 January 2006

8152

Abstract

Purpose

This study proposes to put forward and test a theoretical model that demonstrates the influence of top management support on an organization's security culture and level of security policy enforcement.

Design/methodology/approach

The project used a combination of qualitative and quantitative techniques. The grounded theory approach was used to analyze responses to open‐ended questions answered by 220 certified information system security professionals. Using these responses, a survey instrument was developed. Survey results were analyzed using structural equation modeling.

Findings

Evidence suggests that top management support is a significant predictor of an organization's security culture and level of policy enforcement.

Research limitations/implications

During instrument validation, a special effort removed survey items that appeared overly intrusive to the respondents. In this endeavor, an expert panel of security practitioners evaluated all candidate items on a willingness‐to‐answer scale. While especially helpful in security, this scale may be used in other research domains.

Practical implications

Practitioners should understand the impact of top management support on achieving security effectiveness. Based on the findings of this study, low levels of executive support will produce an organizational culture less tolerant of good security practices. Low levels of support will diminish the level of enforcement of existing security policies.

Originality/value

Researchers developed original scales to measure levels of top management support, policy enforcement, and organizational culture. The scales demonstrated acceptable reliability and validity scores.

Keywords

Citation

Knapp, K.J., Marshall, T.E., Kelly Rainer, R. and Nelson Ford, F. (2006), "Information security: management's effect on culture and policy", Information Management & Computer Security, Vol. 14 No. 1, pp. 24-36. https://doi.org/10.1108/09685220610648355

Publisher

:

Emerald Group Publishing Limited

Copyright © 2006, Emerald Group Publishing Limited

Related articles