Push and pull effects of homeland information security incentives

The purpose of this study is to find out whether efforts to improve the information security of government agencies and homeland information security have paid off and also different incentives (internal/external) impact s on the improvement of information security of the government agencies?

This study examines the information security status of 24 federal agencies in the USA over the period 2002 through 2007 using latent growth modeling. The information security status of these agencies was tracked with the grades revealed in the Federal Computer Security Report Cards. In addition, the number of employees (internal threat incentives) and budgets incentives of federal agencies were gathered from the agencies and other governmental websites for the same period of time.

Results indicated that high critical‐information agencies even though they have an overall low performance in information security, they are performing better than the low critical‐information agencies regarding solving external threats. Results also revealed that whereas agencies have generally paid more attention to information security over the years, their performances are more pertinent to change in budget incentives than other incentives.

The outcomes reported are confined to the data presented by the Federal Computer Security Report Cards. Another limitation is the number of employees that counts the total number of employees in the agencies whether they are related to the systems of the agencies or not. Finally, using a time‐lag analysis of budget to predict the current security score would be more straightforward, but this could not be applied in this study due to the insufficient sample size, as “the House Committee on Oversight and Government Reform” no longer released the report cards after 2007.

The results should be of interest for the federal agencies that are included in this study, as well as for the organizations that are responsible for the information security of government agencies at different levels. Policy makers, IT managers, software developers and security specialists can also use the outcomes reported in this study for the better decision making that can enhance the information security in the public sector. The theoretical and methodological framework used in this study may also contribute to the current literature of homeland information security incentives and be helpful for future studies on its critical success factors.

This study examines fundamental issues that have not yet to be established. To our knowledge, this is the first study that assesses different incentives that have an effect on the Federal agencies' information security performance because of the lack of data in this domain. Also, the statistical techniques used to test the research propositions fit the objective of the study. Not only this, but the results found in this research assure the importance of one of the incentives that has been identified in the literature as a crucial element that affects the information security performance of the organizations.