With increasing dependence on information technology and information system, enterprises are confronting with a more and more complicated information security environment. Thus, information security has become an intractable problem for many enterprises. Generally speaking, there are two methods to improve enterprises’ information security level, that is, technology and management means. Technology means mainly settle software and hardware security of computers and networks, while management means mainly regulate and restrain the entire enterprise system including software, hardware, and employees. At present, a lot of enterprises mostly employ the technology means to solve information security problems. However, the lack or imperfection of information security institutions leads to bad enterprise information security situation. Therefore, technology and management means to solve information security are complementary to each other. As such, it is urgent and necessary to establish and improve information security institutions for many enterprises. In fact, enterprise information security is a complicated activity which needs different sectors to get involved in. More specifically, the information security departments play the very critical role in the implementation of information security institutions, and all employees should comply with the information security policy. Therefore, only the top management teams have the ability to coordinate the relationship between different departments, determine the introduction of information technology, and deploy the information systems. In response, top management support has an important impact on the construct of information security institutions and the effectiveness of information security management. So far, few studies have investigated the mechanism that how top management support affects information security legitimation, and legitimation information security management. Therefore, it has great theoretical and practical significance to the exploration of whether the legitimation supported by top management can improve the effectiveness of information security management. The objective of the current study is to explore whether legitimation prompted by top management team can improve the effectiveness of enterprise information security management. By doing so, the data was collected from the enterprises which have passed the certification of information security management system, and analyzed by using PLS-SEM. The results indicate that information security awareness can improve top management support(including top management belief and top management participation)and the effectiveness of information security management respectively. In addition, top management belief can improve implementation(the first stage of legitimation)and internalization(the second stage of legitimation). Moreover, implementation can improve the effectiveness of information security management. This paper analyzes the way to enhance effectiveness of information security management, which has a reality-oriented meaning for prompting information security management of enterprises from the standpoint of institution.
/ Journals / Foreign Economics & Management
Foreign Economics & Management
LiZengquan, Editor-in-Chief
ZhengChunrong, Vice Executive Editor-in-Chief
YinHuifang HeXiaogang LiuJianguo, Vice Editor-in-Chief
Top Management Support, Legitimation, and Effectiveness of Information Security Management
Foreign Economics & Management Vol. 40, Issue 05, pp. 113 - 126 (2018) DOI:10.16538/j.cnki.fem.2018.05.009
Summary
References
Summary
[1]Bai Haiqing, Mao Jiye. Top management support to information systems: A reconceptualization and key dimensions[J]. Management Review, 2009, 21(10): 61-69.
[2]Bai Haiqing, Mao Jiye. Triggers and enablers of CEO support for information systems[J]. Nankai Business Review, 2014, 17(6): 114-125.
[3]Li Li, Zhang Yanlin, Zhang Menghua. Top management support segmentation: Empirical test of role of trust in IT application maturity[J]. Journal of Management Science, 2010, 23(4): 68-76.
[4]Lin Runhui, Xie Zongxiao, Wang Xingqi, et al. Institution pressure, information security legitimation and organizational performance: An empirical study based on Chinese Enterprises[J]. Management World, 2016, (2): 112-127.
[5]Sun Desheng. Top management team and corporate social responsibility: Upper echelons perspective[J]. Science of Science and Management of S. & T., 2009, (4): 188-193.
[6]Xie Zongxiao, Lin Runhui, Wang Xingqi. Impact of user participation on the effectiveness of information security management: The multiple mediation approach[J]. Journal of Management Science, 2013, 26(3): 65-76.
[7]Xie Zongxiao, Lin Runhui. Information security institutionalization 3I model[J]. China Standards Review, 2016, (6): 30-33.
[8]Xie Zongxiao. Guide to implementation of information security management system[M]. Beijing: Standards Press of China, 2012.
[9]Zhou Hao, Long Lirong. Statistical remedies for common method biases[J]. Advances in Psychological Science, 2004, 12(6): 942-950.
[10]Zhang Jianjun, Li Hongwei. Entrepreneur background, diversification, and firm performance[J]. Nankai Business Review, 2007, 10(5): 12-25.
Cite this article
Dong Kunxiang, Xie Zongxiao, Zhen Jie, et al. Top Management Support, Legitimation, and Effectiveness of Information Security Management[J]. Foreign Economics & Management, 2018, 40(5): 113-126.
Export Citations as:
For