IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v23y2012i3-part-2p918-939.html
   My bibliography  Save this article

Institutional Influences on Information Systems Security Innovations

Author

Listed:
  • Carol Hsu

    (National Taiwan University, Taipei 10617, Taiwan)

  • Jae-Nam Lee

    (Korea University Business School, Seoul 136-701, Korea)

  • Detmar W. Straub

    (Georgia State University, Atlanta, Georgia 30302)

Abstract

This research investigates information security management as an administrative innovation. Although a number of institutional theories deal with information systems (IS) innovation in organizations, most of these institutional-centered frameworks overlook external economic efficiency and internal organizational capability in the presence of pressures of institutional conformity. Using Korea as the institutional setting, our research model posits that economic-based consideration will moderate the institutional conformity pressure on information security adoption while organization capability will influence the institutional confirmation of information security assimilation. The model is empirically tested using two-stage survey data from a field study of 140 organizations in Korea. The results indicate that in addition to institutional influences, our six proposed economic-based and organizational capability moderating variables all have significant influences on the degree of the adoption and assimilation of information security management. We conclude with implications for research in the area of organizational theory and the information security management literature, and for practices regarding how managers can factor into their information security planning the key implementation variables discovered in this study. The robust setting of the study in Korean firms allows us to generalize the theory to a new context and across cultures.

Suggested Citation

  • Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    • Handle: RePEc:inm:orisre:v:23:y:2012:i:3-part-2:p:918-939
    DOI: 10.1287/isre.1110.0393
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/isre.1110.0393
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.1110.0393?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Robert G. Fichman & Chris F. Kemerer, 1997. "The Assimilation of Software Process Innovations: An Organizational Learning Perspective," Management Science, INFORMS, vol. 43(10), pages 1345-1363, October.
    2. Huseyin Cavusoglu & Birendra Mishra & Srinivasan Raghunathan, 2005. "The Value of Intrusion Detection Systems in Information Technology Security Architecture," Information Systems Research, INFORMS, vol. 16(1), pages 28-46, March.
    3. Ryan, Michael J & Bonfield, E H, 1975. "The Fishbein Extended Model and Consumer Behavior," Journal of Consumer Research, Journal of Consumer Research Inc., vol. 2(2), pages 118-136, Se.
    4. Robert G. Fichman & Chris F. Kemerer, 1999. "The Illusory Diffusion of Innovation: An Examination of Assimilation Gaps," Information Systems Research, INFORMS, vol. 10(3), pages 255-275, September.
    5. Terlaak, Ann & King, Andrew A., 2006. "The effect of certification with the ISO 9000 Quality Management Standard: A signaling approach," Journal of Economic Behavior & Organization, Elsevier, vol. 60(4), pages 579-602, August.
    6. Johngseok Bae, 1997. "Beyond Seniority-Based Systems: A Paradigm Shift in Korean HRM?," Asia Pacific Business Review, Taylor & Francis Journals, vol. 3(4), pages 82-110, June.
    7. Soon Ang & Larry L. Cummings, 1997. "Strategic Response to Institutional Influences on Information Systems Outsourcing," Organization Science, INFORMS, vol. 8(3), pages 235-256, June.
    8. Gary C. Moore & Izak Benbasat, 1991. "Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation," Information Systems Research, INFORMS, vol. 2(3), pages 192-222, September.
    9. Willison, Robert & Siponen, Mikko, 2007. "A Critical assesment of IS Security Research Between 1990-2004," Working Papers 2007-1, Copenhagen Business School, Department of Informatics.
    10. Karen A. Bantel & Susan E. Jackson, 1989. "Top management and innovations in banking: Does the composition of the top team make a difference?," Strategic Management Journal, Wiley Blackwell, vol. 10(S1), pages 107-124, June.
    11. Robert W. Zmud, 1982. "Diffusion of Modern Software Practices: Influence of Centralization and Formalization," Management Science, INFORMS, vol. 28(12), pages 1421-1431, December.
    12. Sulin Ba & Jan Stallaert & Andrew B. Whinston, 2001. "Research Commentary: Introducing a Third Dimension in Information Systems Design—The Case for Incentive Alignment," Information Systems Research, INFORMS, vol. 12(3), pages 225-239, September.
    13. Wynne W. Chin & Barbara L. Marcolin & Peter R. Newsted, 2003. "A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study," Information Systems Research, INFORMS, vol. 14(2), pages 189-217, June.
    14. Randolph B. Cooper & Robert W. Zmud, 1990. "Information Technology Implementation Research: A Technological Diffusion Approach," Management Science, INFORMS, vol. 36(2), pages 123-139, February.
    15. N. Venkatraman & Lawrence Loh & Jeongsuk Koh, 1994. "The Adoption of Corporate Governance Mechanisms: A Test of Competing Diffusion Models," Management Science, INFORMS, vol. 40(4), pages 496-507, April.
    16. Viswanath Venkatesh & Fred D. Davis, 2000. "A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies," Management Science, INFORMS, vol. 46(2), pages 186-204, February.
    17. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    18. Kevin Zhu & Kenneth L. Kraemer & Sean Xu, 2006. "The Process of Innovation Assimilation by Firms in Different Countries: A Technology Diffusion Perspective on E-Business," Management Science, INFORMS, vol. 52(10), pages 1557-1576, October.
    19. David J. Teece, 1980. "The Diffusion of an Administrative Innovation," Management Science, INFORMS, vol. 26(5), pages 464-470, May.
    20. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.
    2. Jean, Ruey-Jer “Bryan” & Kim, Daekwan & Cavusgil, Erin, 2020. "Antecedents and outcomes of digital platform risk for international new ventures’ internationalization," Journal of World Business, Elsevier, vol. 55(1).
    3. Uddin, Mohammad Rajib & Akter, Shahriar & Lee, Wai Jin Thomas, 2024. "Developing a data breach protection capability framework in retailing," International Journal of Production Economics, Elsevier, vol. 271(C).
    4. Basole, Rahul C. & Nowak, Maciek, 2018. "Assimilation of tracking technology in the supply chain," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 114(C), pages 350-370.
    5. Donbesuur, Francis & Zahoor, Nadia & Al-Tabbaa, Omar & Adomako, Samuel & Tarba, Shlomo Y., 2023. "On the performance of platform-based international new ventures: The roles of non-market strategies and managerial competencies," Journal of International Management, Elsevier, vol. 29(2).
    6. Hameeda A. AlMalki & Christopher M. Durugbo, 2023. "Systematic review of institutional innovation literature: towards a multi-level management model," Management Review Quarterly, Springer, vol. 73(2), pages 731-785, June.
    7. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    8. Nikhil Malik & Manmohan Aseri & Param Vir Singh & Kannan Srinivasan, 2022. "Why Bitcoin Will Fail to Scale?," Management Science, INFORMS, vol. 68(10), pages 7323-7349, October.
    9. Peng, Zeyu & Sun, Yongqiang & Guo, Xitong, 2018. "Antecedents of employees’ extended use of enterprise systems: An integrative view of person, environment, and technology," International Journal of Information Management, Elsevier, vol. 39(C), pages 104-120.
    10. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    11. Berlilana & Tim Noparumpa & Athapol Ruangkanjanases & Taqwa Hariguna & Sarmini, 2021. "Organization Benefit as an Outcome of Organizational Security Adoption: The Role of Cyber Security Readiness and Technology Readiness," Sustainability, MDPI, vol. 13(24), pages 1-20, December.
    12. Al-Momani, Ala'a M. & Ramayah, T. & Al-Sharafi, Mohammed A., 2024. "Exploring the impact of cybersecurity on using electronic health records and their performance among healthcare professionals: A multi-analytical SEM-ANN approach," Technology in Society, Elsevier, vol. 77(C).
    13. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    14. V. S. Prakash Attili & Saji K. Mathew & Vijayan Sugumaran, 2022. "Information Privacy Assimilation in IT Organizations," Information Systems Frontiers, Springer, vol. 24(5), pages 1497-1513, October.
    15. Tahereh Hasani & Norman O’Reilly & Ali Dehghantanha & Davar Rezania & Nadège Levallet, 2023. "Evaluating the adoption of cybersecurity and its influence on organizational performance," SN Business & Economics, Springer, vol. 3(5), pages 1-38, May.
    16. Hou, Ye & Gao, Ping & Nicholson, Brian, 2018. "Understanding organisational responses to regulative pressures in information security management: The case of a Chinese hospital," Technological Forecasting and Social Change, Elsevier, vol. 126(C), pages 64-75.
    17. Pigola, Angélica & Da Costa, Priscila Rezende & Ferasso, Marcos & Cavalcanti da Silva, Luís Fabio, 2024. "Enhancing cybersecurity capability investments: Evidence from an experiment," Technology in Society, Elsevier, vol. 76(C).
    18. Myeonggil Choi & Jungwoo Lee & Kumju Hwang, 2018. "Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism," Sustainability, MDPI, vol. 10(5), pages 1-25, May.
    19. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    20. Syed Emad Azhar Ali & Fong-Woon Lai & Rohail Hassan & Muhammad Kashif Shad, 2021. "The Long-Run Impact of Information Security Breach Announcements on Investors’ Confidence: The Context of Efficient Market Hypothesis," Sustainability, MDPI, vol. 13(3), pages 1-27, January.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Peng, Zeyu & Sun, Yongqiang & Guo, Xitong, 2018. "Antecedents of employees’ extended use of enterprise systems: An integrative view of person, environment, and technology," International Journal of Information Management, Elsevier, vol. 39(C), pages 104-120.
    2. Sabyasachi Mitra & Sam Ransbotham, 2015. "Information Disclosure and the Diffusion of Information Security Attacks," Information Systems Research, INFORMS, vol. 26(3), pages 565-584, September.
    3. Wu, Ing-Long & Chen, Jian-Liang, 2014. "A stage-based diffusion of IT innovation and the BSC performance impact: A moderator of technology–organization–environment," Technological Forecasting and Social Change, Elsevier, vol. 88(C), pages 76-90.
    4. Rajiv D. Banker & Robert J. Kauffman, 2004. "50th Anniversary Article: The Evolution of Research on Information Systems: A Fiftieth-Year Survey of the Literature in Management Science," Management Science, INFORMS, vol. 50(3), pages 281-298, March.
    5. Jaklič, Jurij & Grublješič, Tanja & Popovič, Aleš, 2018. "The role of compatibility in predicting business intelligence and analytics use intentions," International Journal of Information Management, Elsevier, vol. 43(C), pages 305-318.
    6. Johnson, Devon S., 2008. "Beyond trial: Consumer assimilation of electronic channels," Journal of Interactive Marketing, Elsevier, vol. 22(2), pages 28-44.
    7. Seung Hyun Kim & Juhee Kwon, 2019. "How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information?," Information Systems Research, INFORMS, vol. 30(4), pages 1184-1202, December.
    8. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    9. Sharath Sasidharan & Radhika Santhanam & Daniel J. Brass & Vallabh Sambamurthy, 2012. "The Effects of Social Network Structure on Enterprise Systems Success: A Longitudinal Multilevel Analysis," Information Systems Research, INFORMS, vol. 23(3-part-1), pages 658-678, September.
    10. Dan J. Kim & Donald L. Ferrin & H. Raghav Rao, 2009. "Trust and Satisfaction, Two Stepping Stones for Successful E-Commerce Relationships: A Longitudinal Exploration," Information Systems Research, INFORMS, vol. 20(2), pages 237-257, June.
    11. Shirazi, Farid & Hajli, Nick & Sims, Julian & Lemke, Fred, 2022. "The role of social factors in purchase journey in the social commerce era," Technological Forecasting and Social Change, Elsevier, vol. 183(C).
    12. repec:dau:papers:123456789/13000 is not listed on IDEAS
    13. Jui-Che Tu & Chi-Ling Hu, 2018. "A Study on the Factors Affecting Consumers’ Willingness to Accept Clothing Rentals," Sustainability, MDPI, vol. 10(11), pages 1-30, November.
    14. Mahdi Omidi & Qingfei Min & Ali Omidi, 2017. "Multi-level analysis framework for reviewing IDT-based studies," Cogent Business & Management, Taylor & Francis Journals, vol. 4(1), pages 1339338-133, January.
    15. Wenjuan Xu & Peiyu Ou & Weiguo Fan, 2017. "Antecedents of ERP assimilation and its impact on ERP value: A TOE-based model and empirical test," Information Systems Frontiers, Springer, vol. 19(1), pages 13-30, February.
    16. Jozé Braz de Araújo & Silvia Novaes Zilber, 2016. "What Factors Lead Companies to Adopt Social Media in their processes: Proposal and Test of a Measurement Model," Brazilian Business Review, Fucape Business School, vol. 13(6), pages 260-290, November.
    17. repec:dau:papers:123456789/13613 is not listed on IDEAS
    18. Yajiong Xue & Huigang Liang & Liansheng Wu, 2011. "Punishment, Justice, and Compliance in Mandatory IT Settings," Information Systems Research, INFORMS, vol. 22(2), pages 400-414, June.
    19. Haijing Hao & Rema Padman & Baohong Sun & Rahul Telang, 2018. "Quantifying the Impact of Social Influence on the Information Technology Implementation Process by Physicians: A Hierarchical Bayesian Learning Approach," Information Systems Research, INFORMS, vol. 29(1), pages 25-41, March.
    20. Paul Lowry & Clay Posey & Tom Roberts & Rebecca Bennett, 2014. "Is Your Banker Leaking Your Personal Information? The Roles of Ethics and Individual-Level Cultural Characteristics in Predicting Organizational Computer Abuse," Journal of Business Ethics, Springer, vol. 121(3), pages 385-401, May.
    21. Mehra, Aashish & Rajput, Sneha & Paul, Justin, 2022. "Determinants of adoption of latest version smartphones: Theory and evidence," Technological Forecasting and Social Change, Elsevier, vol. 175(C).
    22. Kevin Zhu & Kenneth L. Kraemer & Sean Xu, 2006. "The Process of Innovation Assimilation by Firms in Different Countries: A Technology Diffusion Perspective on E-Business," Management Science, INFORMS, vol. 52(10), pages 1557-1576, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:23:y:2012:i:3-part-2:p:918-939. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.