Shaping Strategic Information Systems Security Initiatives in Organizations

Author

Gurvirender Tejay, Virginia Commonwealth University

DOI

https://doi.org/10.25772/WCJ0-9N95

Defense Date

2008

Document Type

Dissertation

Degree Name

Doctor of Philosophy

Department

Information Systems

First Advisor

Gurpreet Dhillon

Abstract

Strategic information systems security initiatives have seldom been successful. The increasing complexity of the business environment in which organizational security must be operationalized presents challenges. There has also been a problem with understanding the patterns of interactions among stakeholders that lead to instituting such an initiative. The overall aim of this research is to enhance understanding of the issues and concerns in shaping strategic information systems security initiative. To be successful, a proper undertaking of the content, context and process of the formulation and institutionalization of a security initiative is essential. It is also important to align the interconnections between these three key components. In conducting the argument, this dissertation analyzes information systems security initiatives in two large government organizations – Information Technology Agency and Department of Transportation. The research methodology adopts an interpretive approach of inquiry. Findings from the case studies show that the strategic security initiative should be harmonious with the cultural continuity of an organization rather than significantly changing the existing opportunity and constraint structures. The development of security cultural resources like security policy may be used as a tool for propagating a secure view of the social world. For secure organizational transformation, one must consider the organizational security structure, knowledgeability of agents in perceiving secure organizational posture, and global security catalysts (such as establishing trust relations and security related institutional reflexivity). The inquiry indicates that strategic security change would be successful in an organization if developed and implemented in a brief yet quantum leap adopting an emergent security strategy in congruence with organizational security values.

Rights

© The Author

Is Part Of

VCU University Archives

Is Part Of

VCU Theses and Dissertations

Date of Submission

August 2008