Information security is a complex issue, which is very critical for success of modern businesses. It can be implemented with the help of well-tested global standards and best practices. However, it has been studied that the human aspects of information security compliance pose significant challenge to its practitioners. There has been significant interest in the recent past on how human compliance to information security policy can be achieved in an organization. Various models have been proposed by these researchers. However, there are very few models that have tried to link human commitment attributes with information security governance of an organization. The research problem of this study was to identify the security controls and mechanisms to govern information security effectively. The proposed model was based on agency theory and comprises a relationship between human commitment variables (ethics, integrity and trust) with security governance variables (structural, relational and process) referred as systemic variables in the research. The resulting correlation is further related with governance objectives (goal congruence and reducing information asymmetry) to hypothesize an effective information security in an organization. The research model proposed was tested employing confirmatory factor analysis (CFA) and structural equation modeling (SEM). There were four models tested in this research. The first model (initial measurement model) comprised human variables linked with relational and the systemic variables linked with goal congruence and information asymmetry. This model could not get through the CFA tests. A modified model comprising human and systemic attributes related with goal congruence and information asymmetry, separately, was taken forward to SEM. This model returned low model fitment scores and hence two alternate models were tested. In the first alternative, the human attributes were related with goal congruence and systemic attributes were linked with information asymmetry. In the second alternative, the relationships of the first alternatives were retained and two alternate relationships were introduced - integrity was linked with information asymmetry and structural was linked with goal congruence. Both models are very close to good model fitment scores. However, the second alternative returned better results and hence, was chosen as the final outcome of the research. The model reflects that human attributes and systemic attributes are fairly independent in an effective information security framework, and drive goal congruence and information asymmetry, respectively. However, integrity is an important human commitment for ensuring information asymmetry and the right organizational structure and roles are important for ensuring goal congruence.
|Advisor:||Tejay, Gurvirender P.|
|Commitee:||Ackerman, Eric S., Wang, Ling|
|School:||Nova Southeastern University|
|Department:||Information Systems (DISS)|
|School Location:||United States -- Florida|
|Source:||DAI-B 75/04(E), Dissertation Abstracts International|
|Keywords:||Ethics, Governance, Information security, Integrity, Process mechanism, Relational mechanism, Structural mechanism, Trust|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be