透过高可靠性理论的镜头窥视:高可靠性组织的能力驱动的安全文化模型

IF 6.5 2区 管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE Information Systems Journal Pub Date : 2023-05-17 DOI:10.1111/isj.12441
Farkhondeh Hassandoust, Allen C. Johnston
{"title":"透过高可靠性理论的镜头窥视:高可靠性组织的能力驱动的安全文化模型","authors":"Farkhondeh Hassandoust,&nbsp;Allen C. Johnston","doi":"10.1111/isj.12441","DOIUrl":null,"url":null,"abstract":"<p>To improve organisational safety and enhance security efficiency, organisations seek to establish a culture of security that provides a foundation for how employees should approach security. There are several frameworks and models that provide a set of requirements for forming security cultures; however, for many organisations, the requirements of the frameworks are difficult to meet, if not impossible. In this research, we take a different perspective and focus on the core underlying competencies that high-reliability organisations (HROs) have shown to be effective in achieving levels of risk tolerance consistent with the goals of a security culture. In doing so we draw on high-reliability theory to develop a Security Culture Model that explains how a firm's supportive and practical competencies form its organisational security culture. To refine and test the model, we conducted a developmental mixed-method study using interviews and survey data with professional managers involved in the information security (InfoSec) programs within their respective HROs. Our findings emphasise the importance of an organisation's supportive and practical competencies for developing a culture of security. Our results suggest that organisations' security cultures are a product of their InfoSec practices and that organisational mindfulness, top management involvement and organisational structure are key to the development of those practices.</p>","PeriodicalId":48049,"journal":{"name":"Information Systems Journal","volume":"33 5","pages":"1212-1238"},"PeriodicalIF":6.5000,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1111/isj.12441","citationCount":"2","resultStr":"{\"title\":\"Peering through the lens of high-reliability theory: A competencies driven security culture model of high-reliability organisations\",\"authors\":\"Farkhondeh Hassandoust,&nbsp;Allen C. Johnston\",\"doi\":\"10.1111/isj.12441\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>To improve organisational safety and enhance security efficiency, organisations seek to establish a culture of security that provides a foundation for how employees should approach security. There are several frameworks and models that provide a set of requirements for forming security cultures; however, for many organisations, the requirements of the frameworks are difficult to meet, if not impossible. In this research, we take a different perspective and focus on the core underlying competencies that high-reliability organisations (HROs) have shown to be effective in achieving levels of risk tolerance consistent with the goals of a security culture. In doing so we draw on high-reliability theory to develop a Security Culture Model that explains how a firm's supportive and practical competencies form its organisational security culture. To refine and test the model, we conducted a developmental mixed-method study using interviews and survey data with professional managers involved in the information security (InfoSec) programs within their respective HROs. Our findings emphasise the importance of an organisation's supportive and practical competencies for developing a culture of security. Our results suggest that organisations' security cultures are a product of their InfoSec practices and that organisational mindfulness, top management involvement and organisational structure are key to the development of those practices.</p>\",\"PeriodicalId\":48049,\"journal\":{\"name\":\"Information Systems Journal\",\"volume\":\"33 5\",\"pages\":\"1212-1238\"},\"PeriodicalIF\":6.5000,\"publicationDate\":\"2023-05-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1111/isj.12441\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Systems Journal\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1111/isj.12441\",\"RegionNum\":2,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Journal","FirstCategoryId":"91","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/isj.12441","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 2

摘要

为改善组织安全及提高保安效率,各组织须建立保安文化,为员工如何处理保安提供基础。有几个框架和模型为形成安全文化提供了一组需求;然而,对于许多组织来说,框架的要求很难满足,如果不是不可能的话。在本研究中,我们采取了不同的视角,并将重点放在高可靠性组织(hro)的核心潜在能力上,这些能力在实现与安全文化目标一致的风险承受水平方面是有效的。在此过程中,我们利用高可靠性理论开发了一个安全文化模型,该模型解释了公司的支持性和实践性能力如何形成其组织安全文化。为了完善和测试该模型,我们对参与信息安全(InfoSec)项目的职业经理人进行了一项发展混合方法研究,并对他们各自的人力资源办公室进行了访谈和调查。我们的研究结果强调了组织的支持性和实践能力对发展安全文化的重要性。我们的研究结果表明,组织的安全文化是其信息安全实践的产物,而组织的意识、高层管理的参与和组织结构是这些实践发展的关键。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Peering through the lens of high-reliability theory: A competencies driven security culture model of high-reliability organisations

To improve organisational safety and enhance security efficiency, organisations seek to establish a culture of security that provides a foundation for how employees should approach security. There are several frameworks and models that provide a set of requirements for forming security cultures; however, for many organisations, the requirements of the frameworks are difficult to meet, if not impossible. In this research, we take a different perspective and focus on the core underlying competencies that high-reliability organisations (HROs) have shown to be effective in achieving levels of risk tolerance consistent with the goals of a security culture. In doing so we draw on high-reliability theory to develop a Security Culture Model that explains how a firm's supportive and practical competencies form its organisational security culture. To refine and test the model, we conducted a developmental mixed-method study using interviews and survey data with professional managers involved in the information security (InfoSec) programs within their respective HROs. Our findings emphasise the importance of an organisation's supportive and practical competencies for developing a culture of security. Our results suggest that organisations' security cultures are a product of their InfoSec practices and that organisational mindfulness, top management involvement and organisational structure are key to the development of those practices.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Information Systems Journal
Information Systems Journal INFORMATION SCIENCE & LIBRARY SCIENCE-
CiteScore
14.60
自引率
7.80%
发文量
44
期刊介绍: The Information Systems Journal (ISJ) is an international journal promoting the study of, and interest in, information systems. Articles are welcome on research, practice, experience, current issues and debates. The ISJ encourages submissions that reflect the wide and interdisciplinary nature of the subject and articles that integrate technological disciplines with social, contextual and management issues, based on research using appropriate research methods.The ISJ has particularly built its reputation by publishing qualitative research and it continues to welcome such papers. Quantitative research papers are also welcome but they need to emphasise the context of the research and the theoretical and practical implications of their findings.The ISJ does not publish purely technical papers.
期刊最新文献
Issue Information Issue Information Issue Information Digital transformation in Latin America: Challenges and opportunities Examining formation and alleviation of information security fatigue by using job demands–resources theory
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1