A Framework for the Governance of Information Security

Edwards, Charles Kumar

01 January 2013

Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant interest in the recent past on how human compliance to information security policy can be achieved in an organization. Various models have been proposed by these researchers. However, there are very few models that have tried to link human commitment attributes with information security governance of an organization. The research problem of this study was to identify the security controls and mechanisms to govern information security effectively. The proposed model was based on agency theory and comprises a relationship between human commitment variables (ethics, integrity and trust) with security governance variables (structural, relational and process) referred as systemic variables in the research. The resulting correlation is further related with governance objectives (goal congruence and reducing information asymmetry) to hypothesize an effective information security in an organization. The research model proposed was tested employing confirmatory factor analysis (CFA) and structural equation modeling (SEM). There were four models tested in this research. The first model (initial measurement model) comprised human variables linked with relational and the systemic variables linked with goal congruence and information asymmetry. This model could not get through the CFA tests. A modified model comprising human and systemic attributes related with goal congruence and information asymmetry, separately, was taken forward to SEM. This model returned low model fitment scores and hence two alternate models were tested. In the first alternative, the human attributes were related with goal congruence and systemic attributes were linked with information asymmetry. In the second alternative, the relationships of the first alternatives were retained and two alternate relationships were introduced - integrity was linked with information asymmetry and structural was linked with goal congruence. Both models are very close to good model fitment scores. However, the second alternative returned better results and hence, was chosen as the final outcome of the research. The model reflects that human attributes and systemic attributes are fairly independent in an effective information security framework, and drive goal congruence and information asymmetry, respectively. However, integrity is an important human commitment for ensuring information asymmetry and the right organizational structure and roles are important for ensuring goal congruence.

Ethics

Trust

Integrity

Governance

Information Security

Process Mechanism

Relational Mechanism

Structural Mechanism

Computer Sciences

Pour une relecture du processus d'articulation entre la GRH et l'innovation en PME : une approche par la théorie du don/contre-don / Towards a re-reading of the process of articulation between HRM and innovation in SMEs : an approach based on the gift exchange theory

Adla, Ludivine

18 September 2018

L’objectif de cette thèse est de comprendre le processus d’articulation entre la GRH et l’innovation en PME. Nous faisons le choix de rompre avec l’approche traditionnelle qui consiste à souligner les enjeux de l’alignement stratégique entre ces deux éléments. A partir des enseignements tirés de la pré-étude exploratoire menée auprès de quatre PME innovantes, nousnous inscrivons dans une perspective relationnelle au travers du don. L’analyse se fonde donc sur la théorie du don/contre-don, couplée à une grille de lecture sur la GRH en PME.Une étude de cas multiples, s’appuyant sur 52 entretiens semi-directifs, des observations ainsi que des analyses documentaires, a été conduite auprès de trois PME innovantes. Nous aboutissons à une structuration des données et à une modélisation processuelle selon la méthode dite « à la Gioia ». Les résultats de la recherche montrent que l’articulation entre la GRH et l’innovation en PME, au travers des relations de don/contre-don entre acteurs, repose sur un processus composé de trois étapes : libérer les dons, mobiliser les dons et repenser les dons. Enfin, nous sensibilisons les dirigeants et les relais RH aux trois éléments suivants : l’évolution du contexte organisationnel, le rôle des liens sociaux intenses et les pratiques de GRHmobilisées. / This thesis aims to understand the process of articulation between HRM and innovation in SMEs. We choose to break with the traditional approach of highlighting the issues of strategic alignment between these two elements. Based on the lessons learned from the exploratory prestudy carried out in four innovative SMEs, we opt for a relational perspective through gift. The analysis is therefore based on the theory of gift exchange, combined with an interpretative framework on HRM in SMEs.A multi-case study, based on 52 semi-structured interviews, observations and documentary analysis, was conducted on three innovative SMEs. We lead to a data structuring and a processual modeling according to the ‘Gioia’ method. The results show that the articulation between HRM and innovation in SMEs, through gift exchange relationships between actors, is based on a process consisting of three stages: unleashing gifts, mobilizing gifts and rethinking gifts. Finally, we raise the awareness of owner-managers and HR relays to the following three elements: the evolution of the organizational context, the role of the intense social ties and the mobilized HRM practices.

GRH

Innovations

PME

Don/Contre-don

Mécanisme relationnel

Processus

HRM

Innovation

SMEs

Gift exchange

Relational mechanism

Process

650