Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model

Kevin P Gallagher; Xiaoni Zhang; Vickie Coleman Gallagher

doi:10.1109/HICSS.2015.559

Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model

Kevin P Gallagher
, Xiaoni Zhang
, Vickie Coleman Gallagher

Northern Kentucky University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Information security-related policies are important for organizations to safeguard against threats and plan for adverse events. However, adoption of policies (devised to insure security, privacy and acceptable use in organization, as well as to outline audit processes, disaster recovery and business continuance planning) are equally important for organizations to insure legitimacy in the eyes of stakeholders. This paper presents findings from a study that examines the degree to which institutional pressures effect the assimilation of security-related policies and procedures, i.e. The level of adoption. We examine the forces that influence assimilation of policies. Consistent with prior research, we measure mimetic, normative, and coercive forces, as perceived by managers in our sample organizations, and the current level of security-related policy assimilation. We find that the strength and significance of all three forces are confirmed.

Original language	English
Title of host publication	Proceedings of the Annual Hawaii International Conference on System Sciences
Editors	Tung X. Bui, Ralph H. Sprague
Place of Publication	usa
Publisher	IEEE Computer Society
Pages	4700-4709
Number of pages	10
Volume	2015-March
ISBN (Electronic)	9781479973675
DOIs	https://doi.org/10.1109/HICSS.2015.559
State	Published - Mar 26 2015
Event	48th Annual Hawaii International Conference on System Sciences, HICSS 2015 - Kauai, United States Duration: Jan 5 2015 → Jan 8 2015

Conference

Conference	48th Annual Hawaii International Conference on System Sciences, HICSS 2015
Country/Territory	United States
City	Kauai
Period	01/5/15 → 01/8/15

Keywords

Institutional theory
Security policy
Technology assimilation

Access to Document

10.1109/HICSS.2015.559

Cite this

Gallagher, K. P., Zhang, X., & Gallagher, V. C. (2015). Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model. In T. X. Bui, & R. H. Sprague (Eds.), Proceedings of the Annual Hawaii International Conference on System Sciences (Vol. 2015-March, pp. 4700-4709). Article 7070379 IEEE Computer Society. https://doi.org/10.1109/HICSS.2015.559

Gallagher, Kevin P ; Zhang, Xiaoni ; Gallagher, Vickie Coleman. / Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model. Proceedings of the Annual Hawaii International Conference on System Sciences. editor / Tung X. Bui ; Ralph H. Sprague. Vol. 2015-March usa : IEEE Computer Society, 2015. pp. 4700-4709

@inproceedings{c84da29ae20c4e46938aef5b48cfc929,

title = "Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model",

abstract = "Information security-related policies are important for organizations to safeguard against threats and plan for adverse events. However, adoption of policies (devised to insure security, privacy and acceptable use in organization, as well as to outline audit processes, disaster recovery and business continuance planning) are equally important for organizations to insure legitimacy in the eyes of stakeholders. This paper presents findings from a study that examines the degree to which institutional pressures effect the assimilation of security-related policies and procedures, i.e. The level of adoption. We examine the forces that influence assimilation of policies. Consistent with prior research, we measure mimetic, normative, and coercive forces, as perceived by managers in our sample organizations, and the current level of security-related policy assimilation. We find that the strength and significance of all three forces are confirmed.",

keywords = "Institutional theory, Security policy, Technology assimilation",

author = "Gallagher, \{Kevin P\} and Xiaoni Zhang and Gallagher, \{Vickie Coleman\}",

year = "2015",

month = mar,

day = "26",

doi = "10.1109/HICSS.2015.559",

language = "English",

volume = "2015-March",

pages = "4700--4709",

editor = "Bui, \{Tung X.\} and Sprague, \{Ralph H.\}",

booktitle = "Proceedings of the Annual Hawaii International Conference on System Sciences",

publisher = "IEEE Computer Society",

note = "48th Annual Hawaii International Conference on System Sciences, HICSS 2015 ; Conference date: 05-01-2015 Through 08-01-2015",

}

Gallagher, KP, Zhang, X & Gallagher, VC 2015, Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model. in TX Bui & RH Sprague (eds), Proceedings of the Annual Hawaii International Conference on System Sciences. vol. 2015-March, 7070379, IEEE Computer Society, usa, pp. 4700-4709, 48th Annual Hawaii International Conference on System Sciences, HICSS 2015, Kauai, United States, 01/5/15. https://doi.org/10.1109/HICSS.2015.559

Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model. / Gallagher, Kevin P; Zhang, Xiaoni; Gallagher, Vickie Coleman.
Proceedings of the Annual Hawaii International Conference on System Sciences. ed. / Tung X. Bui; Ralph H. Sprague. Vol. 2015-March usa: IEEE Computer Society, 2015. p. 4700-4709 7070379.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model

AU - Gallagher, Kevin P

AU - Zhang, Xiaoni

AU - Gallagher, Vickie Coleman

PY - 2015/3/26

Y1 - 2015/3/26

N2 - Information security-related policies are important for organizations to safeguard against threats and plan for adverse events. However, adoption of policies (devised to insure security, privacy and acceptable use in organization, as well as to outline audit processes, disaster recovery and business continuance planning) are equally important for organizations to insure legitimacy in the eyes of stakeholders. This paper presents findings from a study that examines the degree to which institutional pressures effect the assimilation of security-related policies and procedures, i.e. The level of adoption. We examine the forces that influence assimilation of policies. Consistent with prior research, we measure mimetic, normative, and coercive forces, as perceived by managers in our sample organizations, and the current level of security-related policy assimilation. We find that the strength and significance of all three forces are confirmed.

AB - Information security-related policies are important for organizations to safeguard against threats and plan for adverse events. However, adoption of policies (devised to insure security, privacy and acceptable use in organization, as well as to outline audit processes, disaster recovery and business continuance planning) are equally important for organizations to insure legitimacy in the eyes of stakeholders. This paper presents findings from a study that examines the degree to which institutional pressures effect the assimilation of security-related policies and procedures, i.e. The level of adoption. We examine the forces that influence assimilation of policies. Consistent with prior research, we measure mimetic, normative, and coercive forces, as perceived by managers in our sample organizations, and the current level of security-related policy assimilation. We find that the strength and significance of all three forces are confirmed.

KW - Institutional theory

KW - Security policy

KW - Technology assimilation

UR - https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84944257101&origin=inward

UR - https://www.scopus.com/inward/citedby.uri?partnerID=HzOxMe3b&scp=84944257101&origin=inward

U2 - 10.1109/HICSS.2015.559

DO - 10.1109/HICSS.2015.559

M3 - Conference contribution

VL - 2015-March

SP - 4700

EP - 4709

BT - Proceedings of the Annual Hawaii International Conference on System Sciences

A2 - Bui, Tung X.

A2 - Sprague, Ralph H.

PB - IEEE Computer Society

CY - usa

T2 - 48th Annual Hawaii International Conference on System Sciences, HICSS 2015

Y2 - 5 January 2015 through 8 January 2015

ER -

Gallagher KP, Zhang X, Gallagher VC. Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model. In Bui TX, Sprague RH, editors, Proceedings of the Annual Hawaii International Conference on System Sciences. Vol. 2015-March. usa: IEEE Computer Society. 2015. p. 4700-4709. 7070379 doi: 10.1109/HICSS.2015.559

Institutional drivers of assimilation of information security policies and procedures in U.S. firms: Test of an empirical model

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this