Exploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
Subject Areas : International Journal of Information, Security and Systems ManagementAlireza Pour Ebrahimi 1 , Payvand Fartash Naini 2
1 -
2 -
Keywords: Information security, Information System, Information security management, Organizational Culture,
Abstract :
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims to examine the relationship between Information Security Management and Organizational Culture. Based on a literature review, a model of the relationship between organizational culture and ISM was formulated, and both organizational culture characteristics and ISM effectiveness were measured empirically to investigate how various organizational culture traits have correlation with information security management by administrating questionnaires (based on five-point Likert scale) to respondents with significant use of information systems in TAM Iran Khodro CO. The collected data were given to SPSS for analysis, and the Pearson correlation coefficient was used to test the hypotheses. Results of testing the hypothesis indicate that the flexibility-oriented organizational culture traits, cooperative and innovative, have a significant relationship with information security management, whilst the stability-oriented organizational culture traits, consistent and goal-oriented, are not significantly associated with information security management. The research results can be used not only to identify key organizational culture traits related to ISM implementation, but also to derive guidelines and best practices for enterprise managers and decision makers to devise the correct tactics for achieving their goals of ISM practice.