Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of…
Abstract
With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.
Details
Keywords
Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang
With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been…
Abstract
Purpose
With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been assumed to be an effective managerial measure to elevate an organization's security level. This paper attempts to investigate the dominant factors for an organization to build an ISP, and whether an ISP may elevate an organization's security level?
Design/methodology/approach
A survey was designed and the data were collected from 165 chief information officers in Taiwan.
Findings
The empirical results show that some organizational characteristics (business type and MIS/IS department size) might be good predictors for the ISP adoption and that the functions, contents, implementation and procedures of an ISP may significantly contribute to managers' perceived elevation of information security.
Practical implications
Building or adopting an ISP is examined empirically to be an effective managerial measure to elevate its security level in Taiwan, and that the building of an information security should focus on the comprehensiveness of its contents, procedures and implementation items, rather than on the documents only.
Originality/value
Few empirical studies have been conducted so far to examine the effectiveness of an ISP, thus the value of this paper is high.
Details
Keywords
The premise of this paper is that coordination between market‐related diversification strategies and supply chain management (SCM) strategies will lead to better performance than…
Abstract
The premise of this paper is that coordination between market‐related diversification strategies and supply chain management (SCM) strategies will lead to better performance than when the two strategies are pursued independently. Viewed in this perspective, this research proposes that (supply chain) SC integration plays an intermediate role in influencing the relationship between diversification and performance. In order to confirm the validity of the above proposition, structural equation model was used to analyze the interrelationships among SC integration level, diversification level, SCM performance, and firm performance. The results of this study suggest that in small firms in which the direct effect of diversification on firm performance is absent relatively, the level of SC integration may be a critical intervening variable that could lead to successful diversification, while in case of large firms, SC integration may play an important infrastructural role for direct effects of diversification level on firm performance. This is helpful in developing a framework for linking a firm's SC integration strategy to its market/product diversification strategy, and also in identifying how SCM function can play a role in developing and supporting corporate competitive strategy to improve organizational performance.