Peering through the lens of high-reliability theory: A competencies driven security culture model of high-reliability organisations

IF 6.5 2区管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE

Information Systems Journal Pub Date : 2023-05-17 DOI:10.1111/isj.12441

Farkhondeh Hassandoust, Allen C. Johnston

{"title":"Peering through the lens of high-reliability theory: A competencies driven security culture model of high-reliability organisations","authors":"Farkhondeh Hassandoust, Allen C. Johnston","doi":"10.1111/isj.12441","DOIUrl":null,"url":null,"abstract":"<p>To improve organisational safety and enhance security efficiency, organisations seek to establish a culture of security that provides a foundation for how employees should approach security. There are several frameworks and models that provide a set of requirements for forming security cultures; however, for many organisations, the requirements of the frameworks are difficult to meet, if not impossible. In this research, we take a different perspective and focus on the core underlying competencies that high-reliability organisations (HROs) have shown to be effective in achieving levels of risk tolerance consistent with the goals of a security culture. In doing so we draw on high-reliability theory to develop a Security Culture Model that explains how a firm's supportive and practical competencies form its organisational security culture. To refine and test the model, we conducted a developmental mixed-method study using interviews and survey data with professional managers involved in the information security (InfoSec) programs within their respective HROs. Our findings emphasise the importance of an organisation's supportive and practical competencies for developing a culture of security. Our results suggest that organisations' security cultures are a product of their InfoSec practices and that organisational mindfulness, top management involvement and organisational structure are key to the development of those practices.</p>","PeriodicalId":48049,"journal":{"name":"Information Systems Journal","volume":null,"pages":null},"PeriodicalIF":6.5000,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1111/isj.12441","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Journal","FirstCategoryId":"91","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/isj.12441","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}

引用次数: 2

Abstract

To improve organisational safety and enhance security efficiency, organisations seek to establish a culture of security that provides a foundation for how employees should approach security. There are several frameworks and models that provide a set of requirements for forming security cultures; however, for many organisations, the requirements of the frameworks are difficult to meet, if not impossible. In this research, we take a different perspective and focus on the core underlying competencies that high-reliability organisations (HROs) have shown to be effective in achieving levels of risk tolerance consistent with the goals of a security culture. In doing so we draw on high-reliability theory to develop a Security Culture Model that explains how a firm's supportive and practical competencies form its organisational security culture. To refine and test the model, we conducted a developmental mixed-method study using interviews and survey data with professional managers involved in the information security (InfoSec) programs within their respective HROs. Our findings emphasise the importance of an organisation's supportive and practical competencies for developing a culture of security. Our results suggest that organisations' security cultures are a product of their InfoSec practices and that organisational mindfulness, top management involvement and organisational structure are key to the development of those practices.

Abstract Image

查看原文本刊更多论文

透过高可靠性理论的镜头窥视:高可靠性组织的能力驱动的安全文化模型

为改善组织安全及提高保安效率，各组织须建立保安文化，为员工如何处理保安提供基础。有几个框架和模型为形成安全文化提供了一组需求;然而，对于许多组织来说，框架的要求很难满足，如果不是不可能的话。在本研究中，我们采取了不同的视角，并将重点放在高可靠性组织(hro)的核心潜在能力上，这些能力在实现与安全文化目标一致的风险承受水平方面是有效的。在此过程中，我们利用高可靠性理论开发了一个安全文化模型，该模型解释了公司的支持性和实践性能力如何形成其组织安全文化。为了完善和测试该模型，我们对参与信息安全(InfoSec)项目的职业经理人进行了一项发展混合方法研究，并对他们各自的人力资源办公室进行了访谈和调查。我们的研究结果强调了组织的支持性和实践能力对发展安全文化的重要性。我们的研究结果表明，组织的安全文化是其信息安全实践的产物，而组织的意识、高层管理的参与和组织结构是这些实践发展的关键。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Systems Journal INFORMATION SCIENCE & LIBRARY SCIENCE-

CiteScore

14.60

自引率

7.80%

发文量

期刊介绍： The Information Systems Journal (ISJ) is an international journal promoting the study of, and interest in, information systems. Articles are welcome on research, practice, experience, current issues and debates. The ISJ encourages submissions that reflect the wide and interdisciplinary nature of the subject and articles that integrate technological disciplines with social, contextual and management issues, based on research using appropriate research methods.The ISJ has particularly built its reputation by publishing qualitative research and it continues to welcome such papers. Quantitative research papers are also welcome but they need to emphasise the context of the research and the theoretical and practical implications of their findings.The ISJ does not publish purely technical papers.