Return to search

Institutionalization of Information Security: Case of the Indonesian Banking Sector

This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. The objective is to develop an understanding of how information security governance and practices in the Indonesian banking sector become institutionalized. Such objective is built on an argument that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. Pursuing this study is necessary to conceptualize the incorporation of security governance and practices as routines, the impact of security breaches on such routines, and the effects of a central governing body on such routines altogether. Accordingly, the concept of institutionalization is developed using Barley and Tolbert’s (1997) combination of institutional theory and structuration theory to explain the internalization of security governance and practices at an organizational level. Scott’s (2008) multilevel institutional processes based on institutional theory is needed to elaborate security governance and practices in an organization-to-organization context. The research design incorporates the interpretive case-study method to capture communicative interactions among respondents. Doing so provides answers to the following research questions: (1) how institutions internalize information security governance and practices, (2) how an external governing body affects the institutionalization of information security governance and practices in institutions, and (3) how security breaches re-institutionalize information security governance and practices in institutions. Several important findings include the habitualized security routines, information stewardship, and institutional relationship in information-security context. This study provides contributions to the body of literature, such as depicting how information security becomes internalized in an organization and the interaction among organizations engaged in implementing information security.

Identiferoai:union.ndltd.org:vcu.edu/oai:scholarscompass.vcu.edu:etd-3824
Date10 May 2012
CreatorsNasution, Muhamad Faisal Fariduddin Attar
PublisherVCU Scholars Compass
Source SetsVirginia Commonwealth University
Detected LanguageEnglish
Typetext
Formatapplication/pdf
SourceTheses and Dissertations
Rights© The Author

Page generated in 0.0024 seconds