کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
553814 | 873542 | 2015 | 16 صفحه PDF | دانلود رایگان |
• Organizations invest in three types of information security control resources (ISCR).
• Internal security needs assessment (ISNA) affects the level of ISCR in organizations.
• Key activities of ISNA are security investment rationale and risk analysis.
• Institutional pressures affect ISCR directly and indirectly through ISNA.
• Coercive and normative pressures are two critical institutional pressures.
To offer theoretical explanations of why differences exist in the level of information security control resources (ISCR) among organizations, we develop a research model by applying insights obtained from resource-based theory of the firm and institutional theory. The results, based on data collected through a survey of 241 organizations, generally support our research model. Institutional pressures and internal security needs assessment (ISNA) significantly explain the variation in organizational investment in ISCR. Specifically, coercive and normative pressures are found to have not only a direct impact but also an indirect impact through ISNA on organizational investment in ISCR.
Journal: Information & Management - Volume 52, Issue 4, June 2015, Pages 385–400