Access the full text.
Sign up today, get DeepDyve free for 14 days.
Kenneth Knapp, T. Marshall, R. Rainer, F. Ford (2006)
Information security: management's effect on culture and policyInf. Manag. Comput. Secur., 14
K. Eisenhardt, Jeffrey Martin (2000)
DYNAMIC CAPABILITIES, WHAT ARE THEY?Strategic Management Journal, 21
Saugatuck Technology
Enterprise information management for competitive advantage
D. Alberts, Richard Hayes (2003)
Power to the Edge: Command, Control in the Information Age
“ PWC global state of information security survey 2008 – improving security : an action plan ”
R. Schumacker, R. Lomax (2004)
A beginner's guide to structural equation modeling, 2nd ed.
E. Anderson, J. Choobineh (2008)
Enterprise information security strategiesComput. Secur., 27
Per Capita, E. Dawson, Myfan Jordan (1995)
About the authorsMachine Vision and Applications, 1
R. Warner (2013)
Applied statistics: From bivariate through multivariate techniques, 2nd ed.
D.J. Collis
How valuable are organizational capabilities?
D. Teece, G. Pisano, A. Shuen (1997)
DYNAMIC CAPABILITIES AND STRATEGIC MANAGEMENTStrategic Management Journal, 18
G. Stalk, P. Evans, L. Shulman (1992)
Competing on capabilities: the new rules of corporate strategy.Harvard business review, 70 2
(2008)
Draft NIST Special Publication 800-39, Information Security – Managing Risk from Information Systems: An Organizational Perspective, available at: http://csrc.nist.gov/ publications/drafts
James Anderson, D. Gerbing (1988)
STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACHPsychological Bulletin, 103
E. Schultz (2006)
The changing winds of information securityComput. Secur., 25
Elspeth McFadzean, J. Ezingeard, D. Birchall (2007)
Perception of risk and the strategic impact of existing IT on information security strategy at board levelOnline Inf. Rev., 31
P. Bowen, E. Chew, Joan Hash (2007)
Information Security Guide for Government Executives
D. Straub (1990)
Effective IS Security: An Empirical StudyInf. Syst. Res., 1
N. Smallwood, M. Panowyk
Building capabilities
Richard Caralli, Julia Allen, James Stevens, B. Willke, W. Wilson (2004)
Managing for Enterprise Security
Debbie Opstal (2009)
The Resilient Economy: Integrating Competitiveness and Security
Ernst & Young
Ernst & Young 2007's global information security survey
L. Bourque, E. Fielder (1995)
How to Conduct Self-Administered and Mail Surveys
T. Katsaounis (2004)
Analyzing Multivariate DataTechnometrics, 46
(2006)
Information Security Booklet, available at: www.ffiec.gov/ffiecinfobase/booklets/ information_security/information_security
I. Cockburn, R. Henderson, Scott Stern (2011)
Untangling the origins of competitive advantage
D.W. Straub, I.S. Effective
Security: an empirical study
C. Prahalad, G. Hamel (1990)
The core competence of the corporation’, Harvard Business Review, Vol. pp. ., 68
B. Byrne (2010)
Structural equation modeling with AMOS
To purchase reprints of this article please e-mail: reprints@emeraldinsight.com Or visit our web site for further details: www.emeraldinsight.com/reprints
M. Nyanchama (2005)
Enterprise Vulnerability Management and Its Role in Information Security ManagementInformation Systems Security, 14
(2008)
“ Gaining momentum : the 2008 energy & resources global security survey ”
R.G. Rathnam, J. Johnsen, H.J. Wen
Alignment of business strategy and it strategy: a case study of a Fortune 500
R. Mcdonald, M. Ho (2002)
Principles and practice in reporting structural equation analyses.Psychological methods, 7 1
(1965)
Corporate Strategy, Penguin Books
C.C. Wood
Achieving competitive advantage with information security
Jill Bennett (2000)
Mediator and moderator variables in nursing research: conceptual and statistical differences.Research in nursing & health, 23 5
J. Barney, E. Zajac (1994)
Competitive Organizational Behavior: Toward an Organizationally‐Based Theory of Competitive AdvantageSouthern Medical Journal, 15
John Reinard (2006)
Communication research statistics
J. Ezingeard, Elspeth McFadzean, D. Birchall (2005)
A Model of Information Assurance BenefitsInformation Systems Management, 22
(2009)
2009 strategic security survey
(1993)
Achieving competitive advantage with information security Further reading
C. Prahalad, G. Hamel (1990)
The Core Competence of the CorporationHarvard Business Review, 68
D. Alberts, John Garstka, Richard Hayes, David Signori (2001)
Understanding Information Age Warfare
K.A. Bollen
Structural Equations with Latent Variables
NIST
Draft NIST Special Publication 800‐39, Information Security – Managing Risk from Information Systems: An Organizational Perspective
J.B. Barney, E.J. Zajac
Competitive organizational behavior: of competitive advantage
B. Byrne (2000)
Structural equation modeling with EQS : basic concepts, applications, and programming
Paul Tallon, K. Kraemer, V. Gurbaxani (2000)
Executives’ Perceptions of the Business Value of Information Technology: A Process-Oriented ApproachJournal of Management Information Systems, 16
D. Ulrich, D. Lake (1991)
Organizational capability: creating competitive advantageAcademy of Management Perspectives, 5
P. Wethyavivorn, C. Charoenngam, Wasan Teerajetgul (2009)
Strategic Assets Driving Organizational Capabilities of Thai Construction FirmsJournal of Construction Engineering and Management-asce, 135
Dennis Turner, Stephen Entwisle, Oliver Friedrichs, David Ahmad, D. Hanson, Marc Fossi, Sarah Gordon, Szor Peter, Eric Chien, David Cowings, Dylan Morss, Brad Bradley (2005)
Symantec Internet Security Threat Report Trends for July 04-December 04
Sangseo Park, T. Ruighaver (2008)
Strategic Approach to Information Security in Organizations2008 International Conference on Information Science and Security (ICISS 2008)
D. Ulrich, N. Smallwood (2004)
Capitalizing on capabilities.Harvard business review, 82 6
R. Warner (2007)
Applied Statistics: From Bivariate through Multivariate Techniques [with CD-ROM].
R. Kaplan, D. Norton (1996)
Using the balanced scorecard as a strategic management systemHarvard Business Review, 74
Li-tze Hu, P. Bentler (1999)
Cutoff criteria for fit indexes in covariance structure analysis : Conventional criteria versus new alternativesStructural Equation Modeling, 6
B. Wernerfelt (1984)
A Resource-Based View of the FirmSouthern Medical Journal, 5
(2007)
Ernst & Young 2007's global information security survey " , available at: www2.eycom.ch/publications/items
A. Rangone (1999)
A Resource-Based Approach to Strategy Analysis in Small-Medium Sized EnterprisesSmall Business Economics, 12
R.M. Grant
The resource‐based theory of competitive advantage: implications for strategy formulation
S. Chang, C. Ho (2006)
Organizational factors to the effectiveness of implementing information security managementInd. Manag. Data Syst., 106
Symantec
Symantec internet security threat report trends for 2008
S. Solms (2006)
Information Security - The Fourth WaveComput. Secur., 25
A. Kankanhalli, H. Teo, B. Tan, K. Wei (2003)
An integrative study of information systems security effectivenessInt. J. Inf. Manag., 23
André Gold, A. Malhotra, A. Segars (2001)
Knowledge Management: An Organizational Capabilities PerspectiveJournal of Management Information Systems, 18
X. Qu (2007)
Multivariate Data AnalysisTechnometrics, 49
(2009)
“ Nineteenth annual survey of federal chief information officers ”
(2010)
Moderating roles of organizational capabilities in information security”, paper presented at the 5th International Conference on i-Warfare & Security (ICIW
Tracy Amaio (2009)
Exploring and examining the business value of information security: Corporate executives' perceptions
(2004)
Does security set the right goals?
David Collis (1994)
Research Note: How Valuable are Organizational Capabilities?Southern Medical Journal, 15
K. Kusunoki, I. Nonaka, A. Nagata (1998)
Organizational Capabilities in Product Development of Japanese Firms: a Conceptual Framework and Empirical FindingsOrganization Science, 9
D. Finkelstein (2005)
A Beginner's Guide to Structural Equation ModelingTechnometrics, 47
D. Kelly, T. Amburgey (1991)
Organizational Inertia and Momentum: A Dynamic Model Of Strategic ChangeAcademy of Management Journal, 34
D. van Opstal, Council on Competitiveness
The resilient economy: integrating competitiveness and security, council on competitiveness
A. Klein (2007)
Building an Identity Management Infrastructure for Today…and TomorrowInformation Systems Security, 16
C. Fornell, D. Larcker (1981)
Evaluating structural equation models with unobservable variables and measurement error.Journal of Marketing Research, 18
R. Kline (1998)
Principles and Practice of Structural Equation Modeling
R. Rathnam, J. Johnsen, H. Wen (2005)
Alignment of Business Strategy and it Strategy: A Case Study of A Fortune 50 Financial Services CompanyJournal of Computer Information Systems, 45
D. Medlin (2008)
Information Age Transformation: Getting to a 21st Century Military, 22
C. Huang, Qing Hu (2007)
Achieving IT-Business Strategic Alignment via Enterprise-Wide Implementation of Balanced ScorecardsInformation Systems Management, 24
M. Porter (1985)
Competitive Advantage: Creating and Sustaining Superior Performance
I. Ansoff
Corporate Strategy
J. Barney (1991)
Firm Resources and Sustained Competitive AdvantageJournal of Management, 17
FFIEC
Information Security Booklet
D. Kelly, T.L. Amburgey
Organizational inertia and momentum
Julia Allen (2005)
Governing for Enterprise Security
P. Green, J. Carroll (1978)
Analyzing multivariate data
S. Slater, Eric Olson (2001)
Marketing's contribution to the implementation of business strategy: an empirical analysisSouthern Medical Journal, 22
R. Werlinger, K. Hawkey, K. Beznosov (2009)
An integrated view of human, organizational, and technological challenges of IT security managementInf. Manag. Comput. Secur., 17
R. Kline (2005)
Principles and practice of structural equation modeling, 2nd ed.
ISACA
An introduction to the business model for information security
Purpose – This research aims to examine the relationship between information security strategy and organization performance, with organizational capabilities as important factors influencing successful implementation of information security strategy and organization performance. Design/methodology/approach – Based on existing literature in strategic management and information security, a theoretical model was proposed and validated. A self‐administered survey instrument was developed to collect empirical data. Structural equation modeling was used to test hypotheses and to fit the theoretical model. Findings – Evidence suggests that organizational capabilities, encompassing the ability to develop high‐quality situational awareness of the current and future threat environment, the ability to possess appropriate means, and the ability to orchestrate the means to respond to information security threats, are positively associated with effective implementation of information security strategy, which in turn positively affects organization performance. However, there is no significant relationship between decision making and information security strategy implementation success. Research limitations/implications – The study provides a starting point for further research on the role of decision‐making in information security. Practical implications – Findings are expected to yield practical value for business leaders in understanding the viable predisposition of organizational capabilities in the context of information security, thus enabling firms to focus on acquiring the ones indispensable for improving organization performance. Originality/value – This study provides the body of knowledge with an empirical analysis of organization's information security capabilities as an aggregation of sense making, decision‐making, asset availability, and operations management constructs.
Information Management & Computer Security – Emerald Publishing
Published: Jul 19, 2011
Keywords: Information security; Organizational performance; Organizational capabilities; Strategy implementation success; Structural equation modeling; Strategic management
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.