CCE Theses and Dissertations

Date of Award

2014

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Information Systems (DISS)

Department

Graduate School of Computer and Information Sciences

Advisor

Gurvirender P. Tejay

Committee Member

Steven R. Terrell

Committee Member

Michael Lane

Keywords

Information technology, Information system security, Institutionalism, Senior management

Abstract

This dissertation investigated how senior management is motivated to commit to information system security (ISS). Research shows senior management participation is critical to successful ISS, but has not explained how senior managers are motivated to participate in ISS. Information systems research shows pressures external to the organization have greater influence on senior managers than internal pressures. However, research has not fully examined how external pressures motivate senior management participation in ISS. This study addressed that gap by examining how external pressures motivate senior management participation in ISS through the lens of neo-institutional theory. The research design was survey research. Data collection was through an online survey, and PLS was used for data analysis. Sample size was 167 from a study population of small- and medium-sized organizations in a mix of industries in the south-central United States. Results supported three of six hypotheses. Mimetic mechanisms were found to influence senior management belief in ISS, and senior management belief in ISS was found to increase senior management participation in ISS. Greater senior management participation in ISS led to greater ISS assimilation in organizations. Three hypotheses were not supported. Correlation was not found between normative influences and senior management belief, normative influences and senior management participation, and coercive influences and senior management participation. Limitations with the study included a high occurrence of weak effect sizes on relationships within the model and heterogeneity based on industry, organization size, and regulatory requirements in the sample. This study contributes to ISS research by providing a theoretical model to explain how external influences contribute to senior management belief and participation in ISS, and ultimately ISS assimilation in organizations. Empirical evidence supports the mediating role by senior management between external influences and ISS assimilation. The findings also suggest some limitations that may exist with survey research in this area. This study benefits practitioners in three ways. First, it reinforces the argument that senior management support is critical to ISS success. Second, it extends understanding of senior management's role with ISS by explaining how IS and ISS management might nurture senior management belief and participation in ISS through industry groups and business partnerships. Third, the results inform government regulators and industry groups how they can supplement regulatory pressures with educational and awareness campaigns targeted at senior management to improve senior management commitment to ISS.

Share

COinS