Developing a theory-based information security management framework for human service organizations

This paper aims to identify organizations’ information security issues and to explore dynamic, organizational culture and contingency theories to develop an implementable framework for information security systems in human service organizations (HSOs) based soundly in theory and practice.

The paper includes a critical review of global information security management issues for HSOs and relevant multi-disciplinary organizational theories to address them.

Effective information security management can be particularly challenging to HSO because of their use of volunteer staff in a borderless electronic environment. Organizations’ lack of recognition of the need for staff awareness of information security threats and for training in secure work practices, particularly in terms of maintaining clients’ privacy and confidentiality, is a major issue. The dynamic theory of organizational knowledge creation, organizational culture theory and contingency theory were identified as the most suitable theoretical perspectives to address this issue and underpin an effective information security management framework for HSOs.

The theory-based framework presented here has not been tested in practice. Such testing will be carried out in further research.

Currently, there is no framework for information security systems in HSOs. The framework developed here provides a foundation on which HSO can build information security systems specific to their needs.