Exploring Organizational Culture for Information Security Effectiveness

• Main Authors: YUAN-CHENG CHEN, 簡元正
• Other Authors: S. Ernest Chang
• Format: Others
• Language: en_US
• Published: 2005
• Online Access: http://ndltd.ncl.edu.tw/handle/79184769285376610062

碩士 === 國立中興大學 === 電子商務研究所 === 93 === While culture is an important factor accounting for success or failure in an organization, and information security is a major concern in every organization, engaging security practice in the organizational culture proactively and automatically for day-to-day operations could positively affect the success of the organization (Deal & Kennedy 1982, Vroom & Solms 2004). As many organizations have technically constructed and implemented information security systems, the issue of ensuring employee’s commitment and understanding of the importance of information security strategies and practice is becoming increasingly important. Although the staff may be just one of several factors in achieving the goals of information security practice, human factor is very difficult to control. The purpose of this project is to study the influence of organizational cultures on information security management, by conducting research on various organizational cultures (including cooperative culture, innovative culture, effective culture, hierarchical culture, and others), and their relationships with information security management principles including confidentiality, integrity and availability. The research result can be used not only to identify key organizational culture factors upon information security management, but to derive guidelines and best practices for mitigating information security risks especially related to human factors.