Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
Dissertation - NSU Access Only
Doctor of Philosophy in Computer Information Systems (DCIS)
Graduate School of Computer and Information Sciences
Gurvirender P. Tejay
Maxine S Cohen
Research on information security culture evolved because technical security controls and policies have failed to eliminate information security incidents. Although existing research has addressed the measurement and cultivation of an information security culture, it has not addressed how to maintain that culture. This study focused on that gap by exploring the values and assumptions that inhibit assimilation of new members into an information security culture. Contract employees represent a distinct set of new organizational members with additional challenges assimilating into an organization's information security culture. This study addressed two research questions about how and why pre-existing information security related values and assumptions of new contract employees conflicted with the prevalent information security culture that created information security risks.
This study applied an ethnographic approach to the examination of the assimilation of new contract employees based on Schein's framework of organizational culture. The findings revealed that IT contractors displayed a sense of responsibility for information security. However, the IT contractors demonstrated a detachment from the organization's information security culture through a lack of interest in the mission, goals and strategies. As a result of this detachment, information security concerns were linked to a lack of understanding of the information the organization sought to protect, the risk tolerance and the response to unforeseen security incidents. The contractors' detachment was traced to assumptions that resulted from their temporal relationship with the organization and their perception of being organizational outsiders.
In addition to identifying the risk and mechanisms behind contractors' failure to assimilate, this study extended research into professional sub-groups within an information security culture. The study offered a contribution to research in its approach to Schein's framework by focusing on the inter-relationships between assumptions. The findings identified where organizations should be cognizant of specific contractor information security assumptions and how they create risk. The findings suggest that organization should encourage the engagement of contractor in social interactions with direct staff and the avoid actions leading to the perception of inequitable treatment. However, future research will be required to confirm the extent that these actions might have in overcoming the contractor's deeply rooted assumptions.
Barry Ben McIntosh. 2011. An Ethnographic Investigation of the Assimilation of New Organizational Members into an Information Security Culture. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (240)