Organizational factors to the effectiveness of implementing information security management

Purpose - This paper aims to examine the influence of organization factors on the effectiveness of implementing BS7799, an information security management (ISM) standard. Design/methodology/approach - Based on literature review, a research model was formulated by extracting the antecedents of ISM, and an empirical study was conducted to show how the organizational factors influence organizations in carrying out BS7799. Findings - The study result revealed that there were significant impacts of organizational factors, including IT competence of business managers, environment uncertainty, industry type, and organization size, on the effectiveness of implementing ISM. Research limitations/implications - The sample is limited to the organizational factors m Taiwan. It is suggested to replicate this study in other countries to reconfirm the result before adopting its general implications. Owing to the highly intrusive nature of ISM surveys, a cautious approach with rapport and trust is a key success factor in conducting empirical studies on ISM. Practical implications - IT competence is conducive to ISM implementation through subjective norms, leadership, belief, and behavior of ISM activities. Environmental uncertainty positively influences the need for greater innovation, which increases the dependence on IT, and therefore makes the effectiveness of ISM more desirable. Companies in an industry sensitive to security threats should pay more attentions to ISM practice. Corporate executives should also realize the size difference for adopting appropriate ISM strategies. Originality/value - A research model was proposed to study the impacts of organizational factors on ISM, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by enterprise managers and decision makers to make favorable tactics for achieving their goals of ISM.