Search results

This paper aims to explore the impact of organizational culture on information governance (IG) effectiveness at higher education institutions (HEIs). IT professionals, such as chef information officers, chief technology officers, chief information security officers and IT directors at HEIs were surveyed and interviewed to learn about whether organizational culture influences IG effectiveness. Several IG activities (processes) were identified, including information security, the function of an IG council, the presence of a Record Information Management department, the role of a compliance officer and information stewards and the use of an automated system or software to identify and maintain information life-cycle management.

This study was conducted using Cameron and Quinn’s (Cameron and Quinn, 2011) competing value framework. To evaluate organizational culture, using the competing value framework, four types of organizational culture profiles were used: collaboration, creation/innovation, controlling/hierarchy, and competition/result-oriented. The methodology included quantitative and qualitative techniques through the use of content analysis of data collected from participants. IT professionals, such as chef information officers, chief technology officers, chief information security officers and IT directors at HEIs were surveyed and interviewed to learn about whether organizational culture influences IG effectiveness.

Findings revealed organizational culture may influence IG effectiveness positively, especially from cultures of competition/result-oriented and control/hierarchy. Qualitatively, it also emerged that competition/result-oriented and control characteristics of organizational culture were perceived by IG professionals to produce more accurate information. One of the characteristics of organizational culture that became evident in the current study, coming from more than one subject, was the challenge in IG due to the presence of information silos. Trust, on the other hand, has been highlighted as the glue which can enable and drive governance processes in an organization.

The current study was conducted based on HEIs. While the current study serves as a baseline for studying IG in other institutions, its results cannot be generalized for other type of institutions. The results cannot be generalized for other types of not-for-profit or for-profit organizations. Many of the characteristics of the sample data were specific to HEIs. For instance, financial, manufacturing and health-care institutions present challenges inherent in those institutions.

Trust has been highlighted as the glue which can enable and drive governance processes in an organization. Respondents of current study have indicated that trust serving several different factors toward IG effectiveness, including freedom to speak freely in the meeting about impact of organizational culture on IG, wiliness of executives of administration, particularly the CIO, to communicate IG matters to institution, sharing information and being transparent, entrusting help desk staff and technical supervisors so users can communicate with them and share their concerns and perceiving “feeling of trust” in the organization, which would benefit the institution, allowing stakeholders to collaborate and work together to overcome issues when facing IG challenges.

This study aims to increase the understanding of the connection between effective leadership behaviours and information culture in the higher education institution (HEI).

A qualitative case study was conducted at one department of an HEI in Estonia. This study used semi-structured interviews and document analysis for data collection. The hypothesis-generating technique applying grounded theory analysis was used for data analysis.

The information culture of the department was a multiple culture with mixed attributes from the relationship-based culture and the risk-taking culture. Six main effective leadership behaviours within the department were identified, namely, communicating well about the direction the department is going, having a clear sense of direction and strategic vision, providing resources for and adjusting workloads to stimulate scholarship and research, making academic appointments that enhance department’s reputation, allowing the opportunity to participate in key decisions and encouraging open communication and creating a positive and collegial work atmosphere. The main hypotheses that illustrate the influence of effective leadership behaviours on information culture were generated.

The findings of this study can inform the training of future leaders in HEIs.

There is a lack of research in higher education that focuses on the relationship between leadership and information culture, and this research fills this gap.

Drawing upon the theory of information culture from information science and prior research on Chinese information practices. The purpose of this paper is to posit that instead of over-relying on Hofstede’s national cultural values, the IS field should develop theories on national information culture to bridge the theoretical gaps found in explaining the differences in individuals’ IT perceptions and behaviors across cultures.

To achieve the objectives of this study, two quantitative studies were conducted. The first study is exploratory in nature and focuses on the development and calibration of an instrument to measure the Chinese information culture (CIC). The second study takes a confirmatory approach to investigate the impact of the CIC on IT perceptions of manager.

The study develops and validates an instrument for measuring the CIC that comprises information source and format preference, information ownership and analysis style, and centralized decision-making and information control. The CIC is found to influence IT perceptions of managers including perceived performance improvement resulted from IT use, attitude toward using work technologies and attitude on the value of IT in general.

This study is one of the first studies to theorize national information culture to understand IT perceptions at the individual level. The development of the CIC measure provides the much needed methodological support for contextualizing cross-cultural research.

Information and communications technology (ICT) offers enormous opportunities for individuals, businesses and society. The application of ICT is equally important to economic and non-economic activities. Researchers have increasingly focused on the adoption and use of ICT by small and medium enterprises (SMEs) as the economic development of a country is largely dependent on them. Following the success of ICT utilisation in SMEs in developed countries, many developing countries are looking to utilise the potential of the technology to develop SMEs. Past studies have shown that the contribution of ICT to the performance of SMEs is not clear and certain. Thus, it is crucial to determine the effectiveness of ICT in generating firm performance since this has implications for SMEs’ expenditure on the technology. This research examines the diffusion of ICT among SMEs with respect to the typical stages from innovation adoption to post-adoption, by analysing the actual usage of ICT and value creation. The mediating effects of integration and utilisation on SME performance are also studied. Grounded in the innovation diffusion literature, institutional theory and resource-based theory, this study has developed a comprehensive integrated research model focused on the research objectives. Following a positivist research paradigm, this study employs a mixed-method research approach. A preliminary conceptual framework is developed through an extensive literature review and is refined by results from an in-depth field study. During the field study, a total of 11 SME owners or decision-makers were interviewed. The recorded interviews were transcribed and analysed using NVivo 10 to refine the model to develop the research hypotheses. The final research model is composed of 30 first-order and five higher-order constructs which involve both reflective and formative measures. Partial least squares-based structural equation modelling (PLS-SEM) is employed to test the theoretical model with a cross-sectional data set of 282 SMEs in Bangladesh. Survey data were collected using a structured questionnaire issued to SMEs selected by applying a stratified random sampling technique. The structural equation modelling utilises a two-step procedure of data analysis. Prior to estimating the structural model, the measurement model is examined for construct validity of the study variables (i.e. convergent and discriminant validity).

The estimates show cognitive evaluation as an important antecedent for expectation which is shaped primarily by the entrepreneurs’ beliefs (perception) and also influenced by the owners’ innovativeness and culture. Culture further influences expectation. The study finds that facilitating condition, environmental pressure and country readiness are important antecedents of expectation and ICT use. The results also reveal that integration and the degree of ICT utilisation significantly affect SMEs’ performance. Surprisingly, the findings do not reveal any significant impact of ICT usage on performance which apparently suggests the possibility of the ICT productivity paradox. However, the analysis finally proves the non-existence of the paradox by demonstrating the mediating role of ICT integration and degree of utilisation explain the influence of information technology (IT) usage on firm performance which is consistent with the resource-based theory. The results suggest that the use of ICT can enhance SMEs’ performance if the technology is integrated and properly utilised. SME owners or managers, interested stakeholders and policy makers may follow the study’s outcomes and focus on ICT integration and degree of utilisation with a view to attaining superior organisational performance.

This study urges concerned business enterprises and government to look at the environmental and cultural factors with a view to achieving ICT usage success in terms of enhanced firm performance. In particular, improving organisational practices and procedures by eliminating the traditional power distance inside organisations and implementing necessary rules and regulations are important actions for managing environmental and cultural uncertainties. The application of a Bengali user interface may help to ensure the productivity of ICT use by SMEs in Bangladesh. Establishing a favourable national technology infrastructure and legal environment may contribute positively to improving the overall situation. This study also suggests some changes and modifications in the country’s existing policies and strategies. The government and policy makers should undertake mass promotional programs to disseminate information about the various uses of computers and their contribution in developing better organisational performance. Organising specialised training programs for SME capacity building may succeed in attaining the motivation for SMEs to use ICT. Ensuring easy access to the technology by providing loans, grants and subsidies is important. Various stakeholders, partners and related organisations should come forward to support government policies and priorities in order to ensure the productive use of ICT among SMEs which finally will help to foster Bangladesh’s economic development.

The purpose of this preliminary empirical research study is to understand how environmental disruption such as brought on by the COVID-19 pandemic induces shifts in organisational culture, information security culture and subsequently employee information security compliance behaviour.

A single-organisation case study was used to develop understanding from direct experiences of organisational life. Both quantitative and qualitative data were collected using a sequential mixed methods approach, with the qualitative phase following the quantitative to achieve complementarity and completeness in analysis. For the quantitative phase, 48 useful responses were received after a questionnaire was sent to all 150–200 employees. For the qualitative phase, eight semi-structured interviews were conducted. Statistical software was used to analyse the quantitative data and NVivo software was used to analyse the qualitative data.

The pandemic-induced environmental disruption manifested as a sudden shift to work-from-home for employees, and relatedly an increase in cybercrime. The organisational response to this gave rise to shifts in both organisational and information security culture towards greater control (rule and goal orientations) and greater flexibility (support and innovation orientations), most significantly with information security culture flexibility. The net effect was an increase in employee information security compliance.

The vast literature on organisational culture and information security culture was drawn on to theoretically anchor and develop parsimonious measures of information security culture. Environmental disruptions such as those caused by the pandemic are unpredictable and their effects uncertain, hence, the study provides insight into the consequences of such disruption on information security in organisations.

The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about.

Results are based on a literature review of information security culture research published between 2000 and 2013 (December).

This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature.

Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research.

Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated.

Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.

This paper aims to examine the individual and combined effects of organisational and behavioural factors on employees’ attitudes and intentions to establish an information security policy compliance culture (ISPCC) in organisations.

Based on factors derived from the organisational culture theory, social bond theory and accountability theory, a testable research model was developed and evaluated in an online survey that involves the use of a questionnaire to collect quantitative data from 313 employees, from ten different organisations in Ghana. The data collected were analysed using the partial least squares-structural equation modelling approach, involving the measurement and structural model tests.

The study reveals that the individual measures of accountability – identifiability (2.4%), expectations of evaluation (38.8%), awareness of monitoring (55.7%) and social presence (−41.2%) – had weak to moderate effects on employees’ attitudes towards information security policy compliance. However, the combined effect showed a significant influence. In addition, organisational factors – supportive organisational culture (15%), security compliance leadership (2%) and user involvement (63%) – showed positive effects on employees’ attitudes. Further, employees’ attitudes had a substantial influence (65%), while behavioural intentions demonstrated a weak effect (24%) on the establishment of an ISPCC in the organisation. The combined effect also had a substantial statistical influence on the establishment of an ISPCC in the organisation.

Given the findings of the study, information security practitioners should implement organisational and behavioural factors that will have an impact on compliance, in tandem, with the organisational effort to build a culture of compliance for information security policies.

The study provides new insights on how to address the problem of non-compliance with regard to the information security policy in organisations through the combined application of organisational and behavioural factors to establish an information security policy compliance culture, which has not been considered in any past research.

This paper focuses on the links between information culture and the perception of the information overload on the example of higher education institutions in Estonia. The aim of this study is to understand how different types of information culture affect coping with information overload.

Two focus-group interviews with 14 participants and 17 semi-structured interviews with representatives of four HEIs were conducted. First, the questions on the values, norms and assumptions as well as information related practices were discussed to assess the dominant components of the information culture. Second, the perception of information overload was explored. Further, the strategies for coping with information overload were examined. Constant comparative analysis was used to analyse the interview data.

The results of the study suggest that the construct of information culture is valuable in understanding information environments and their relation to the perception of information overload. The participants representing the open information culture prefer informal information sharing and are more vulnerable to perceive information overload than the participants representing the integrated information culture. Organisational information management is the key to effective coping with information overload.

The current study sheds light on the perception of information overload in connection with information culture.

To examine the impact of culture on customer service expectations, specifically, how individualists and collectivists use internal and external sources of information to formulate their service expectations.

The context was the airline industry and the subject pool consisted of experienced consumers. A survey was employed to measure individualism/collectivism, various internal/external information sources, and the functional and technical dimensions of “should” and “will” service expectations. Hypothesized relationships were tested using a structural equations modeling approach.

Both individualists and collectivists relied more on external information sources in formulating their service expectations, gave variable weight to the functional and technical components, and used more realistic “will” expectations to judge service offerings. Internal (external) information sources were relatively more important in forming expectations for collectivists (individualists) than for individualists (collectivists), and “will” (“should”) expectations were more diagnostic for collectivists (individualists) than for individualists (collectivists).

Generalizability of the findings is limited due to the specific industry under study (airlines), the sample (two geographically‐proximate sub‐cultures), and the scope of the cultural variables considered (individualism/collectivism).

Whether managers should leverage the functional and/or technical components of services depends in part on the cultural orientation of their customers. Managers should also recognize that customers’ usage of various information sources in forming service expectations is also, in part, culturally determined.

In this era of globalization, researchers and managers alike need to consider the subtle influences of culture on marketing theories and the formulation of service expectations respectively.

Organisational culture plays an important role in influencing employee compliance with information security policies. Creating a subculture of information security can assist in facilitating compliance. The purpose of this paper is to explain the nature of the combined influence of organisational culture and information security culture on employee information security compliance. This study also aims to explain the influence of organisational culture on information security culture.

A theoretical model was developed showing the relationships between organisational culture, information security culture and employee compliance. Using an online survey, data was collected from a sample of individuals who work in organisations having information security policies. The data was analysed with Partial Least Square Structural Equation Modelling (PLS-SEM) to test the model.

Organisational culture and information security culture have significant, yet similar influences on employee compliance. In addition, organisational culture has a strong causal influence on information security culture.

Control-oriented organisational cultures are conducive to information security compliant behaviour. For an information security subculture to be effectively embedded in an organisation's culture, the dominant organisational culture would have to be considered first.

This research provides empirical evidence that information security subculture is influenced by organisational culture. Compliance is best explained by their joint influence.