为了探讨由企业高层管理团队推动的制度化是否可以提高信息安全管理有效性这一问题,本研究以国内通过信息安全管理体系认证的企业为调研对象开展问卷调查,采用PLS-SEM进行实证检验。研究发现:信息安全意识水平越高,高管支持(包括高管信念和高管参与两个维度)的程度越高,企业信息安全管理越有效;高管信念的强化,有助于提高信息安全制度中履行和内化的水平;制度化中的履行水平越高,企业信息安全管理越有效。本研究明确了企业内部提高信息安全管理有效性的路径,对于企业如何从制度视角推动信息安全管理实践具有重要的现实意义。
高管支持、制度化与信息安全管理有效性
摘要
参考文献
6 谢宗晓. 信息安全管理体系实施指南[M]. 北京: 中国标准出版社, 2012.
12 Boss S R, Galletta D F, Lowry P B, et al. What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors[J]. MIS Quarterly, 2015, 39(4): 837–864. DOI:10.25300/MISQ
13 Bulgurcu B, Cavusoglu H, Benbasat I. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness[J]. MIS Quarterly, 2010, 34(3): 523–548. DOI:10.2307/25750690
18 Herath T, Rao H R. Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness[J]. Decision Support Systems, 2009, 47(2): 154–165. DOI:10.1016/j.dss.2009.02.005
19 Hu Q, Dinev T, Hart P, et al. Managing employee compliance with information security policies: The critical role of top management and organizational culture[J]. Decision Science, 2012, 43(4): 615–660. DOI:10.1111/deci.2012.43.issue-4
23 Liang H G, Saraf N, Hu Q, et al. Assimilation of enterprise systems: The effect of institutional pressures and the mediating role of top management[J]. MIS Quarterly, 2007, 31(1): 59–87. DOI:10.2307/25148781
24 Peng D X, Lai F J. Using partial least squares in operations management research: A practical guideline and summary of past research[J]. Journal of Operations Management, 2012, 30(6): 467–480. DOI:10.1016/j.jom.2012.06.002
26 Puhakainen P, Siponen M. Improving employees’ compliance through information systems security training: An action research study[J]. MIS Quarterly, 2010, 34(4): 757–778. DOI:10.2307/25750704
27 Reinartz W, Haenlein M, Henseler J. An empirical comparison of the efficacy of covariance-based and variance-based SEM[J]. International Journal of Research in Marketing, 2009, 26(4): 332–344. DOI:10.1016/j.ijresmar.2009.08.001
29 Scott W R. Institutions and organizations: Ideas and interests[M]. 3rd ed. Los Angeles: Sage Publications, 2008.
30 Sharma R, Yetton P. The contingent effects of management support and task interdependence on successful information systems implementation[J]. MIS Quarterly, 2003, 27(4): 533–556. DOI:10.2307/30036548
31 Smith S, Winchester D, Bunker D, et al. Circuits of power: A study of mandated compliance to an information systems security " De Jure” standard in a government organization[J]. MIS Quarterly, 2010, 34(3): 463–486. DOI:10.2307/25750687
32 Spears J L, Barki H. User participation in information systems security risk management[J]. MIS Quarterly, 2010, 34(3): 503–522. DOI:10.2307/25750689
33 Tyler T R, Blader S L. Can businesses effectively regulate employee conduct? The antecedents of rule following in work settings[J]. Academy of Management Journal, 2005, 48(6): 1143–1158. DOI:10.5465/amj.2005.19573114
35 Warkentin M, Willison R. Behavioral and policy issues in information systems security: The insider threat[J]. European Journal of Information Systems, 2009, 18(2): 101–105. DOI:10.1057/ejis.2009.12
引用本文
董坤祥, 谢宗晓, 甄杰, 等. 高管支持、制度化与信息安全管理有效性[J]. 外国经济与管理, 2018, 40(5): 113-126.
导出参考文献,格式为: