Return to search

Developing an Information Systems Security Success Model for Organizational Context

In spite of the wealth of research in IS security, there is very little understanding of what actually makes an IS security program successful within an organization. Success has been treated generally as a separate entity from IS security altogether; a great deal of research has been conducted on the "means to the end", while limited research has been focused on truly understanding what the end actually is. The problem compelling this research is that previous studies within the IS security domain do not adequately consider what factors contribute towards IS security success within the organizational context, and how the factors interact.
This study built upon Shannon and Weaver (1949) and Mason (1978) to develop a model for predicting IS security success within an organization. A considerable body of information systems security literature was organized based on their findings. Core dimensions of information system security success were identified and operationalized within a model for predicting success with IS security initiatives. The model was empirically validated in a three-phase approach using survey methodology. First, the survey was tested for validity and reliability using an expert panel and pilot study. Next, the survey was administered to a sample, with the results analyzed using Confirmatory Factor Analysis and Structural Equation Modeling techniques.
Initial analysis of the measurement model generated through Confirmatory Factor Analysis showed mixed fit. Factor loadings and average variance extracted calculations resulted in the selection of low performing items for removal; after revision, the revised measurement model showed improved fit for all measures. Structural Equation Modeling analysis was conducted on three structural models with varying levels of mediation. Based on the analysis of fit and comparison indices, the model depicting partial mediation was determined to be the best variation of the IS security success model. This study is the first known instance of an empirically tested IS security success model and should provide many avenues for future study, as well as providing practitioners a fundamental roadmap for success within their organizational IS security programs.

Identiferoai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1140
Date01 January 2011
CreatorsDunkerley, Kimberley
PublisherNSUWorks
Source SetsNova Southeastern University
Detected LanguageEnglish
Typetext
Formatapplication/pdf
SourceCEC Theses and Dissertations

Page generated in 0.0151 seconds