Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
Dissertation - NSU Access Only
Doctor of Philosophy in Information Systems (DISS)
Graduate School of Computer and Information Sciences
Gurvirender P. Tejay
Laurie P Dringus
In spite of the wealth of research in IS security, there is very little understanding of what actually makes an IS security program successful within an organization. Success has been treated generally as a separate entity from IS security altogether; a great deal of research has been conducted on the "means to the end", while limited research has been focused on truly understanding what the end actually is. The problem compelling this research is that previous studies within the IS security domain do not adequately consider what factors contribute towards IS security success within the organizational context, and how the factors interact.
This study built upon Shannon and Weaver (1949) and Mason (1978) to develop a model for predicting IS security success within an organization. A considerable body of information systems security literature was organized based on their findings. Core dimensions of information system security success were identified and operationalized within a model for predicting success with IS security initiatives. The model was empirically validated in a three-phase approach using survey methodology. First, the survey was tested for validity and reliability using an expert panel and pilot study. Next, the survey was administered to a sample, with the results analyzed using Confirmatory Factor Analysis and Structural Equation Modeling techniques.
Initial analysis of the measurement model generated through Confirmatory Factor Analysis showed mixed fit. Factor loadings and average variance extracted calculations resulted in the selection of low performing items for removal; after revision, the revised measurement model showed improved fit for all measures. Structural Equation Modeling analysis was conducted on three structural models with varying levels of mediation. Based on the analysis of fit and comparison indices, the model depicting partial mediation was determined to be the best variation of the IS security success model. This study is the first known instance of an empirically tested IS security success model and should provide many avenues for future study, as well as providing practitioners a fundamental roadmap for success within their organizational IS security programs.
Kimberley Dunkerley. 2011. Developing an Information Systems Security Success Model for Organizational Context. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (141)