CCE Theses and Dissertations

Campus Access Only

All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.

Date of Award


Document Type

Dissertation - NSU Access Only

Degree Name

Doctor of Philosophy in Computer Information Systems (DCIS)


Graduate School of Computer and Information Sciences


Gurvirender P. Tejay

Committee Member

Maxine S Cohen

Committee Member

Ling Wang


Assimilation, Contractors, Culture, Security


Research on information security culture evolved because technical security controls and policies have failed to eliminate information security incidents. Although existing research has addressed the measurement and cultivation of an information security culture, it has not addressed how to maintain that culture. This study focused on that gap by exploring the values and assumptions that inhibit assimilation of new members into an information security culture. Contract employees represent a distinct set of new organizational members with additional challenges assimilating into an organization's information security culture. This study addressed two research questions about how and why pre-existing information security related values and assumptions of new contract employees conflicted with the prevalent information security culture that created information security risks.

This study applied an ethnographic approach to the examination of the assimilation of new contract employees based on Schein's framework of organizational culture. The findings revealed that IT contractors displayed a sense of responsibility for information security. However, the IT contractors demonstrated a detachment from the organization's information security culture through a lack of interest in the mission, goals and strategies. As a result of this detachment, information security concerns were linked to a lack of understanding of the information the organization sought to protect, the risk tolerance and the response to unforeseen security incidents. The contractors' detachment was traced to assumptions that resulted from their temporal relationship with the organization and their perception of being organizational outsiders.

In addition to identifying the risk and mechanisms behind contractors' failure to assimilate, this study extended research into professional sub-groups within an information security culture. The study offered a contribution to research in its approach to Schein's framework by focusing on the inter-relationships between assumptions. The findings identified where organizations should be cognizant of specific contractor information security assumptions and how they create risk. The findings suggest that organization should encourage the engagement of contractor in social interactions with direct staff and the avoid actions leading to the perception of inequitable treatment. However, future research will be required to confirm the extent that these actions might have in overcoming the contractor's deeply rooted assumptions.

To access this thesis/dissertation you must have a valid OR email address and create an account for NSUWorks.

Free My Thesis

If you are the author of this work and would like to grant permission to make it openly accessible to all, please click the Free My Thesis button.

  Contact Author

  Link to NovaCat