IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v23y2012i3-part-2p918-939.html
   My bibliography  Save this article

Institutional Influences on Information Systems Security Innovations

Author

Listed:
  • Carol Hsu

    (National Taiwan University, Taipei 10617, Taiwan)

  • Jae-Nam Lee

    (Korea University Business School, Seoul 136-701, Korea)

  • Detmar W. Straub

    (Georgia State University, Atlanta, Georgia 30302)

Abstract

This research investigates information security management as an administrative innovation. Although a number of institutional theories deal with information systems (IS) innovation in organizations, most of these institutional-centered frameworks overlook external economic efficiency and internal organizational capability in the presence of pressures of institutional conformity. Using Korea as the institutional setting, our research model posits that economic-based consideration will moderate the institutional conformity pressure on information security adoption while organization capability will influence the institutional confirmation of information security assimilation. The model is empirically tested using two-stage survey data from a field study of 140 organizations in Korea. The results indicate that in addition to institutional influences, our six proposed economic-based and organizational capability moderating variables all have significant influences on the degree of the adoption and assimilation of information security management. We conclude with implications for research in the area of organizational theory and the information security management literature, and for practices regarding how managers can factor into their information security planning the key implementation variables discovered in this study. The robust setting of the study in Korean firms allows us to generalize the theory to a new context and across cultures.

Suggested Citation

  • Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    • Handle: RePEc:inm:orisre:v:23:y:2012:i:3-part-2:p:918-939
    DOI: 10.1287/isre.1110.0393
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/isre.1110.0393
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.1110.0393?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Willison, Robert & Siponen, Mikko, 2007. "A Critical assesment of IS Security Research Between 1990-2004," Working Papers 2007-1, Copenhagen Business School, Department of Informatics.
    2. Karen A. Bantel & Susan E. Jackson, 1989. "Top management and innovations in banking: Does the composition of the top team make a difference?," Strategic Management Journal, Wiley Blackwell, vol. 10(S1), pages 107-124, June.
    3. Robert G. Fichman & Chris F. Kemerer, 1997. "The Assimilation of Software Process Innovations: An Organizational Learning Perspective," Management Science, INFORMS, vol. 43(10), pages 1345-1363, October.
    4. Robert W. Zmud, 1982. "Diffusion of Modern Software Practices: Influence of Centralization and Formalization," Management Science, INFORMS, vol. 28(12), pages 1421-1431, December.
    5. Sulin Ba & Jan Stallaert & Andrew B. Whinston, 2001. "Research Commentary: Introducing a Third Dimension in Information Systems Design—The Case for Incentive Alignment," Information Systems Research, INFORMS, vol. 12(3), pages 225-239, September.
    6. Huseyin Cavusoglu & Birendra Mishra & Srinivasan Raghunathan, 2005. "The Value of Intrusion Detection Systems in Information Technology Security Architecture," Information Systems Research, INFORMS, vol. 16(1), pages 28-46, March.
    7. Wynne W. Chin & Barbara L. Marcolin & Peter R. Newsted, 2003. "A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study," Information Systems Research, INFORMS, vol. 14(2), pages 189-217, June.
    8. Ryan, Michael J & Bonfield, E H, 1975. "The Fishbein Extended Model and Consumer Behavior," Journal of Consumer Research, Journal of Consumer Research Inc., vol. 2(2), pages 118-136, Se.
    9. Randolph B. Cooper & Robert W. Zmud, 1990. "Information Technology Implementation Research: A Technological Diffusion Approach," Management Science, INFORMS, vol. 36(2), pages 123-139, February.
    10. N. Venkatraman & Lawrence Loh & Jeongsuk Koh, 1994. "The Adoption of Corporate Governance Mechanisms: A Test of Competing Diffusion Models," Management Science, INFORMS, vol. 40(4), pages 496-507, April.
    11. Robert G. Fichman & Chris F. Kemerer, 1999. "The Illusory Diffusion of Innovation: An Examination of Assimilation Gaps," Information Systems Research, INFORMS, vol. 10(3), pages 255-275, September.
    12. Viswanath Venkatesh & Fred D. Davis, 2000. "A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies," Management Science, INFORMS, vol. 46(2), pages 186-204, February.
    13. Terlaak, Ann & King, Andrew A., 2006. "The effect of certification with the ISO 9000 Quality Management Standard: A signaling approach," Journal of Economic Behavior & Organization, Elsevier, vol. 60(4), pages 579-602, August.
    14. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    15. Johngseok Bae, 1997. "Beyond Seniority-Based Systems: A Paradigm Shift in Korean HRM?," Asia Pacific Business Review, Taylor & Francis Journals, vol. 3(4), pages 82-110, June.
    16. Kevin Zhu & Kenneth L. Kraemer & Sean Xu, 2006. "The Process of Innovation Assimilation by Firms in Different Countries: A Technology Diffusion Perspective on E-Business," Management Science, INFORMS, vol. 52(10), pages 1557-1576, October.
    17. David J. Teece, 1980. "The Diffusion of an Administrative Innovation," Management Science, INFORMS, vol. 26(5), pages 464-470, May.
    18. Soon Ang & Larry L. Cummings, 1997. "Strategic Response to Institutional Influences on Information Systems Outsourcing," Organization Science, INFORMS, vol. 8(3), pages 235-256, June.
    19. Gary C. Moore & Izak Benbasat, 1991. "Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation," Information Systems Research, INFORMS, vol. 2(3), pages 192-222, September.
    20. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Berlilana & Tim Noparumpa & Athapol Ruangkanjanases & Taqwa Hariguna & Sarmini, 2021. "Organization Benefit as an Outcome of Organizational Security Adoption: The Role of Cyber Security Readiness and Technology Readiness," Sustainability, MDPI, vol. 13(24), pages 1-20, December.
    2. Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.
    3. Jean, Ruey-Jer “Bryan” & Kim, Daekwan & Cavusgil, Erin, 2020. "Antecedents and outcomes of digital platform risk for international new ventures’ internationalization," Journal of World Business, Elsevier, vol. 55(1).
    4. Al-Momani, Ala'a M. & Ramayah, T. & Al-Sharafi, Mohammed A., 2024. "Exploring the impact of cybersecurity on using electronic health records and their performance among healthcare professionals: A multi-analytical SEM-ANN approach," Technology in Society, Elsevier, vol. 77(C).
    5. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    6. V. S. Prakash Attili & Saji K. Mathew & Vijayan Sugumaran, 2022. "Information Privacy Assimilation in IT Organizations," Information Systems Frontiers, Springer, vol. 24(5), pages 1497-1513, October.
    7. Uddin, Mohammad Rajib & Akter, Shahriar & Lee, Wai Jin Thomas, 2024. "Developing a data breach protection capability framework in retailing," International Journal of Production Economics, Elsevier, vol. 271(C).
    8. Basole, Rahul C. & Nowak, Maciek, 2018. "Assimilation of tracking technology in the supply chain," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 114(C), pages 350-370.
    9. Donbesuur, Francis & Zahoor, Nadia & Al-Tabbaa, Omar & Adomako, Samuel & Tarba, Shlomo Y., 2023. "On the performance of platform-based international new ventures: The roles of non-market strategies and managerial competencies," Journal of International Management, Elsevier, vol. 29(2).
    10. Hameeda A. AlMalki & Christopher M. Durugbo, 2023. "Systematic review of institutional innovation literature: towards a multi-level management model," Management Review Quarterly, Springer, vol. 73(2), pages 731-785, June.
    11. Tahereh Hasani & Norman O’Reilly & Ali Dehghantanha & Davar Rezania & Nadège Levallet, 2023. "Evaluating the adoption of cybersecurity and its influence on organizational performance," SN Business & Economics, Springer, vol. 3(5), pages 1-38, May.
    12. Hou, Ye & Gao, Ping & Nicholson, Brian, 2018. "Understanding organisational responses to regulative pressures in information security management: The case of a Chinese hospital," Technological Forecasting and Social Change, Elsevier, vol. 126(C), pages 64-75.
    13. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    14. Pigola, Angélica & Da Costa, Priscila Rezende & Ferasso, Marcos & Cavalcanti da Silva, Luís Fabio, 2024. "Enhancing cybersecurity capability investments: Evidence from an experiment," Technology in Society, Elsevier, vol. 76(C).
    15. Myeonggil Choi & Jungwoo Lee & Kumju Hwang, 2018. "Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism," Sustainability, MDPI, vol. 10(5), pages 1-25, May.
    16. Nikhil Malik & Manmohan Aseri & Param Vir Singh & Kannan Srinivasan, 2022. "Why Bitcoin Will Fail to Scale?," Management Science, INFORMS, vol. 68(10), pages 7323-7349, October.
    17. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    18. Peng, Zeyu & Sun, Yongqiang & Guo, Xitong, 2018. "Antecedents of employees’ extended use of enterprise systems: An integrative view of person, environment, and technology," International Journal of Information Management, Elsevier, vol. 39(C), pages 104-120.
    19. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    20. Syed Emad Azhar Ali & Fong-Woon Lai & Rohail Hassan & Muhammad Kashif Shad, 2021. "The Long-Run Impact of Information Security Breach Announcements on Investors’ Confidence: The Context of Efficient Market Hypothesis," Sustainability, MDPI, vol. 13(3), pages 1-27, January.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Peng, Zeyu & Sun, Yongqiang & Guo, Xitong, 2018. "Antecedents of employees’ extended use of enterprise systems: An integrative view of person, environment, and technology," International Journal of Information Management, Elsevier, vol. 39(C), pages 104-120.
    2. Sabyasachi Mitra & Sam Ransbotham, 2015. "Information Disclosure and the Diffusion of Information Security Attacks," Information Systems Research, INFORMS, vol. 26(3), pages 565-584, September.
    3. Rajiv D. Banker & Robert J. Kauffman, 2004. "50th Anniversary Article: The Evolution of Research on Information Systems: A Fiftieth-Year Survey of the Literature in Management Science," Management Science, INFORMS, vol. 50(3), pages 281-298, March.
    4. Jaklič, Jurij & Grublješič, Tanja & Popovič, Aleš, 2018. "The role of compatibility in predicting business intelligence and analytics use intentions," International Journal of Information Management, Elsevier, vol. 43(C), pages 305-318.
    5. Johnson, Devon S., 2008. "Beyond trial: Consumer assimilation of electronic channels," Journal of Interactive Marketing, Elsevier, vol. 22(2), pages 28-44.
    6. Wu, Ing-Long & Chen, Jian-Liang, 2014. "A stage-based diffusion of IT innovation and the BSC performance impact: A moderator of technology–organization–environment," Technological Forecasting and Social Change, Elsevier, vol. 88(C), pages 76-90.
    7. Seung Hyun Kim & Juhee Kwon, 2019. "How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information?," Information Systems Research, INFORMS, vol. 30(4), pages 1184-1202, December.
    8. Riffat Ara Zannat Tama & Md Mahmudul Hoque & Ying Liu & Mohammad Jahangir Alam & Mark Yu, 2023. "An Application of Partial Least Squares Structural Equation Modeling (PLS-SEM) to Examining Farmers’ Behavioral Attitude and Intention towards Conservation Agriculture in Bangladesh," Agriculture, MDPI, vol. 13(2), pages 1-22, February.
    9. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    10. Denis Dennehy & Kieran Conboy & Jaganath Babu, 2023. "Adopting Learning Analytics to Inform Postgraduate Curriculum Design: Recommendations and Research Agenda," Information Systems Frontiers, Springer, vol. 25(4), pages 1315-1331, August.
    11. V. S. Prakash Attili & Saji K. Mathew & Vijayan Sugumaran, 2022. "Information Privacy Assimilation in IT Organizations," Information Systems Frontiers, Springer, vol. 24(5), pages 1497-1513, October.
    12. Sharath Sasidharan & Radhika Santhanam & Daniel J. Brass & Vallabh Sambamurthy, 2012. "The Effects of Social Network Structure on Enterprise Systems Success: A Longitudinal Multilevel Analysis," Information Systems Research, INFORMS, vol. 23(3-part-1), pages 658-678, September.
    13. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    14. Dan J. Kim & Donald L. Ferrin & H. Raghav Rao, 2009. "Trust and Satisfaction, Two Stepping Stones for Successful E-Commerce Relationships: A Longitudinal Exploration," Information Systems Research, INFORMS, vol. 20(2), pages 237-257, June.
    15. Wasapon Thanabodypath & Achara Chandrachai & Sudkate Chaiyo & Orawon Chailapakul, 2021. "Industrial Buyer Innovation Adoption Model: A Focus on a Smartphone-Based Electrochemical Analytical Device for Toxic Heavy Metal Detection," Sustainability, MDPI, vol. 13(21), pages 1-21, October.
    16. Md Golam Rabiul Alam & Abdul Kadar Muhammad Masum & Loo-See Beh & Choong Seon Hong, 2016. "Critical Factors Influencing Decision to Adopt Human Resource Information System (HRIS) in Hospitals," PLOS ONE, Public Library of Science, vol. 11(8), pages 1-22, August.
    17. Mohammad Alamgir Hossain & Mohammed Quaddus & Nazrul Islam, 2016. "Developing and validating a model explaining the assimilation process of RFID: An empirical study," Information Systems Frontiers, Springer, vol. 18(4), pages 645-663, August.
    18. Nelson, Matthew L. & Shaw, Michael J., 2005. "Interorganizational System Standards Diffusion: The Role of Industry-Based Standards Development Organizations," Working Papers 05-0126, University of Illinois at Urbana-Champaign, College of Business.
    19. Basole, Rahul C. & Nowak, Maciek, 2018. "Assimilation of tracking technology in the supply chain," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 114(C), pages 350-370.
    20. Russell L. Purvis & V. Sambamurthy & Robert W. Zmud, 2001. "The Assimilation of Knowledge Platforms in Organizations: An Empirical Investigation," Organization Science, INFORMS, vol. 12(2), pages 117-135, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:23:y:2012:i:3-part-2:p:918-939. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.