Information Security in Higher Education: A Neo-Institutional Perspective

Kam, Hwee‐Joo; Katerattanakul, Pairin

doi:10.1080/15536548.2014.912482

“…Therefore, information security should be treated based on theories that help to understand it from a social perspective, as proposed by Dhillon and Backhouse (2001), Björck (2004Björck ( , 2005, Marciano and Lima-Marques (2006) Albrechtsen (2008) and Coles-Kemp (2009). Besides, the adoption of Information Security measures must be addressed by a theory that considers the influence of external factors, which is consistent with the Institutional Theory (Kam, Katerattanakul, Gogolin, & Hong, 2013), a theoretical approach that is common in studies of social sciences and suggested for studies on Information Security by different authors, such as Björck (2004), Kam et al (2013) and .…”

Section: Information Security Governancementioning

confidence: 99%

“…According to Luesebrink (2011), Information Security management structures are influenced by normative and coercive mechanisms of institutional change. Kam et al (2013) observed that regulatory and normative external pressures influence compliance with Information Security Policies. Finally, Spears, Barki and Barton (2013) concluded that external factors encourage the adoption of measures in a regulatory context, and that ensuring Information Security is supported more in its symbolic representation, and less in the effectiveness of the measures.…”

Section: Institutional Theory and Information Securitymentioning

confidence: 99%

“…As postulated by Institutional Theory, these measures are not adopted because Information Security Governance structure rationally decides about it, but because the organization is exposed to external pressure, which may be coercive, mimetic or normative. For this reason, Kam et al (2013) argue for Institutional Theory as a theoretical approach to research phenomena related to Information Security. Nevertheless, Björck (2004) notes that the institutional approach is rarely used in Information Security studies, despite being common in Information Systems and IT researches.…”

Section: Institutional Theory and Information Securitymentioning

confidence: 99%

See 1 more Smart Citation

Adoption of Information Security Measures in Public Research Institutes

Junior

¹

,

Santos

²

2015

JISTEM

View full text Add to dashboard Cite

There are several Information Security measures recommended by international standards and literature, but the adoption by the organizations should be designated by specific needs identified by Information Security Governance structure of each organization, although it may be influenced by forces of the institutional environment in which organizations are inserted. In public research institutes, measures may be adopted as a result of pressure from Government and other agencies that regulate their activities, or by the influence of Information Security professionals, or simply adopting the same measures of leading organizations in the organizational field. This study aimed to investigate whether in public research institutes the adoption of Information Security measures is influenced by organizational factors relating to Information Security Governance, and by external factors relating to its institutional environment. The results show that these organizations are subject to institutional influences more than organizational influences.Keywords: information security, governance, adoption, measures, research institutes RESUMOAs organizações dispõem de uma série de medidas de Segurança da Informação recomendadas por normas internacionais e pela literatura, mas a adoção deve ser balizada pelas necessidades específicas identificadas pela Governança da Segurança da Informação de cada organização, embora possa ser influenciada por pressões do ambiente institucional em que as organizações estão inseridas. Em institutos de pesquisa públicos, as medidas podem ser adotadas como resultado de pressões exercidas pelo Governo e outros órgãos que regulam suas atividades, ou por influência de profissionais de Segurança da Informação, ou simplesmente por serem adotadas por outras

show abstract

“…The author noted that management structures of Information Security are influenced by normative and coercive mechanisms of institutional change. Kam et al (2013) studied how academic organizations in the United States are influenced by institutional expectations to comply with Information Security Policies and the influence of these expectations in the awareness of their members. The authors concluded that external pressures influence significantly compliance of these organizations with Information Security Policies, particularly coercive and normative pressures.…”

Section: Alexandria (2012) Researched How Information Security Managementioning

confidence: 99%

“…Thus, these organizations may adopt measures that do not meet the needs identified after a risk analysis, but that are responses to external forces to which they are subject. Kam, Katerattanakul, Gogolin and Hong (2013) note that external pressures influence Information Security in academic organizations and that this influence may be understood from the perspective of Institutional Theory, approach suggested by Björck (2004) and for research on Information Security.…”

Section: Introductionmentioning

confidence: 99%

Adoption of Information Security Measures in Public Research Institutes

Junior¹,

Santos²

2015

Proceedings of the 12th CONTECSI International Conference on Information Systems and Technology Management

1

0

View full text Add to dashboard Cite

There are several Information Security measures recommended by international standards and literature, but the adoption by the organizations should be designated by specific needs identified by Information Security Governance structure of each organization, although it may be influenced by forces of the institutional environment in which organizations are inserted. In public research institutes, measures may be adopted as a result of pressure from Government and other agencies that regulate their activities, or by the influence of Information Security professionals, or simply adopting the same measures of leading organizations in the organizational field. This study aimed to investigate whether in public research institutes the adoption of Information Security measures is influenced by organizational factors relating to Information Security Governance, and by external factors relating to its institutional environment. The results show that these organizations are subject to institutional influences more than organizational influences.Keywords: information security, governance, adoption, measures, research institutes RESUMOAs organizações dispõem de uma série de medidas de Segurança da Informação recomendadas por normas internacionais e pela literatura, mas a adoção deve ser balizada pelas necessidades específicas identificadas pela Governança da Segurança da Informação de cada organização, embora possa ser influenciada por pressões do ambiente institucional em que as organizações estão inseridas. Em institutos de pesquisa públicos, as medidas podem ser adotadas como resultado de pressões exercidas pelo Governo e outros órgãos que regulam suas atividades, ou por influência de profissionais de Segurança da Informação, ou simplesmente por serem adotadas por outras

show abstract