NotesFAQContact Us
Search Tips
ERIC Number: ED527977
Record Type: Non-Journal
Publication Date: 2011
Pages: 205
Abstractor: As Provided
Reference Count: 0
ISBN: ISBN-978-1-1245-6115-8
Examining Impacts of Organizational Capabilities in Information Security: A Structural Equation Modeling Analysis
Hall, Jacqueline Huynh
ProQuest LLC, Ph.D. Dissertation, The George Washington University
In today's modern business world, most organizations use information as a critical business asset to gain competitive advantage and create market value. Increasingly, an organization's ability to protect information assets plays a critical role in its ability to meet regulatory compliance requirements, increase customer trust, preserve brand strength or company reputation, maintain business resiliency, and thereby enhance organizational performance. As information technologies, global connectedness, and business requirements continue to evolve at a fast pace, organizations must recognize the importance of implementing an overall information security strategy to protect business information assets from increasingly sophisticated threats. Given the dynamic pace of business environments, the identification and understanding of the required capabilities to deliver an information security strategy becomes a key success factor. At the strategic level, organizations must be able to answer the question, "What are the minimum essential organizational capabilities required to support effective planning and execution of an overall information security strategy that best achieves organizational objectives and gains competitive advantage?" This research identifies a set of essential organizational capabilities in the context of information security and examines the impacts of these organizational capabilities on information security strategy implementation success and organization performance. Organizational capabilities in this study include four factors: sense-making, decision making, asset availability, and operations management. Based on existing literature in strategic management and information security, an original theoretical model was proposed and validated. A self-administered survey instrument was developed to collect empirical data from Certified Information Systems Security Professionals. Structural equation modeling techniques were used to test hypotheses and to fit the theoretical model. Evidence from this research suggested that organizational capabilities encompassing sense-making, asset availability, and operations management are positively associated with successful implementation of information security strategy, which in turn positively affects organization performance. In addition, this research also demonstrated the indirect effects of the respective organizational capabilities on organization performance. However, significant effects of decision-making on information security strategy implementation success and organization performance respectively were not evidenced. This research provides the first empirical research examining the impacts of organizational capabilities that can be used as the roadmap for further research explorations in information security from an organizational perspective. Additionally, this study contributes to the research community an original survey instrument that can be applied or built upon to collect data that furthers existing knowledge on the impacts of intangible assets in information security. Research findings yield practical values for organizations in the private and public sectors by providing their decision and policy makers a better understanding of the viable predisposition of organizational capabilities in the context of information security, thus enabling firms to focus on acquiring the ones indispensable for improving organization performance. This research also provides insights into the challenges information security professionals continue to face concerning organizational governance. Awareness of these shortcomings allows business leaders opportunities to make necessary changes in direction that enables information security professionals to succeed in their missions of protecting information and information assets. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A