Return to search

An Ethnographic Investigation of the Assimilation of New Organizational Members into an Information Security Culture

Research on information security culture evolved because technical security controls and policies have failed to eliminate information security incidents. Although existing research has addressed the measurement and cultivation of an information security culture, it has not addressed how to maintain that culture. This study focused on that gap by exploring the values and assumptions that inhibit assimilation of new members into an information security culture. Contract employees represent a distinct set of new organizational members with additional challenges assimilating into an organization's information security culture. This study addressed two research questions about how and why pre-existing information security related values and assumptions of new contract employees conflicted with the prevalent information security culture that created information security risks.
This study applied an ethnographic approach to the examination of the assimilation of new contract employees based on Schein's framework of organizational culture. The findings revealed that IT contractors displayed a sense of responsibility for information security. However, the IT contractors demonstrated a detachment from the organization's information security culture through a lack of interest in the mission, goals and strategies. As a result of this detachment, information security concerns were linked to a lack of understanding of the information the organization sought to protect, the risk tolerance and the response to unforeseen security incidents. The contractors' detachment was traced to assumptions that resulted from their temporal relationship with the organization and their perception of being organizational outsiders.
In addition to identifying the risk and mechanisms behind contractors' failure to assimilate, this study extended research into professional sub-groups within an information security culture. The study offered a contribution to research in its approach to Schein's framework by focusing on the inter-relationships between assumptions. The findings identified where organizations should be cognizant of specific contractor information security assumptions and how they create risk. The findings suggest that organization should encourage the engagement of contractor in social interactions with direct staff and the avoid actions leading to the perception of inequitable treatment. However, future research will be required to confirm the extent that these actions might have in overcoming the contractor's deeply rooted assumptions.

Identiferoai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1239
Date01 January 2011
CreatorsMcIntosh, Barry Ben
PublisherNSUWorks
Source SetsNova Southeastern University
Detected LanguageEnglish
Typetext
Formatapplication/pdf
SourceCEC Theses and Dissertations

Page generated in 0.0019 seconds