Strategic value alignment for information security management: a critical success factor analysis

Cindy Zhiling Tu (School of Computer Science and Information Systems, Northwest Missouri State University, Maryville, Missouri, USA)
Yufei Yuan (DeGroote School of Business, McMaster University, Hamilton, Ontario, Canada)
Norm Archer (DeGroote School of Business, McMaster University, Hamilton, Ontario, Canada)
Catherine E. Connelly (DeGroote School of Business, McMaster University, Hamilton, Ontario, Canada)

Information and Computer Security

ISSN: 2056-4961

Publication date: 11 June 2018

Abstract

Purpose

Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive approach to manage value conflict in information security management. Applying a critical success factor (CSF) analysis approach, this paper aims to propose a CSF model based on a strategic alignment approach and test a model of the main factors that contributes to the success of information security management.

Design/methodology/approach

A theoretical model was proposed and empirically tested with data collected from a survey of managers who were involved in decision-making regarding their companies’ information security (N = 219). The research model was validated using partial least squares structural equation modeling approach.

Findings

Overall, the model was successful in capturing the main antecedents of information security management performance. The results suggest that with business alignment, top management support and organizational awareness of security risks and controls, effective information security controls can be developed, resulting in successful information security management.

Originality/value

Findings from this study provide several important contributions to both theory and practice. The theoretical model identifies and verifies key factors that impact the success of information security management at the organizational level from a strategic management perspective. It provides practical guidelines for organizations to make more effective information security management.

Keywords

Citation

Tu, C., Yuan, Y., Archer, N. and Connelly, C. (2018), "Strategic value alignment for information security management: a critical success factor analysis", Information and Computer Security, Vol. 26 No. 2, pp. 150-170. https://doi.org/10.1108/ICS-06-2017-0042

Download as .RIS

Publisher

:

Emerald Publishing Limited

Copyright © 2018, Emerald Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.