Article: Technology-push and need-pull roles in information system security diffusion Journal: International Journal of Technology Management (IJTM) 2011 Vol.54 No.2/3 pp.321 - 343 Abstract: Research of information system security (ISS) usually conceives of security models on the basis of positive, strategic benefits, such as planning or developing a security baseline. However, ISS works only when it enables an organisation to protect against attacks, so managers seldom adopt positively based new security measures. By theorising ISS as a technology cluster that consists of distinguishable but interrelated countermeasures, this study analyses managers| security concerns on the basis of two forces – technology-push (TP) and need-pull (NP) – traditionally applied to technology diffusion. Both TP, which entails managers| perceived security threats, and NP, or requirements associated with the industry, organisational readiness, and security incidents, forces may prompt organisational ISS diffusion. The empirical findings suggest this conceptualisation effectively explains organisational ISS diffusion, though NP forces appear dominant. In general, organisations are less likely to adopt new security measures unless compelled to do so by industry or security gaps or if they are large enough and technically prepared for security innovations. Therefore, organisations should adjust their security plans to align with the threats facing their industries. Inderscience Publishers - linking academia, business and industry through research

Title: Technology-push and need-pull roles in information system security diffusion

Authors: Quey-Jen Yeh, Arthur Jung-Ting Chang

Addresses: Department of Business Administration, National Cheng-Kung University, No. 1, University Rd., Tainan 701, Taiwan. ' Department of Business Administration, Tunghai University, Taichung, No. 181, Sec. 3, Taichung Harbor Rd., Taichung 40704, Taiwan

Abstract: Research of information system security (ISS) usually conceives of security models on the basis of positive, strategic benefits, such as planning or developing a security baseline. However, ISS works only when it enables an organisation to protect against attacks, so managers seldom adopt positively based new security measures. By theorising ISS as a technology cluster that consists of distinguishable but interrelated countermeasures, this study analyses managers| security concerns on the basis of two forces – technology-push (TP) and need-pull (NP) – traditionally applied to technology diffusion. Both TP, which entails managers| perceived security threats, and NP, or requirements associated with the industry, organisational readiness, and security incidents, forces may prompt organisational ISS diffusion. The empirical findings suggest this conceptualisation effectively explains organisational ISS diffusion, though NP forces appear dominant. In general, organisations are less likely to adopt new security measures unless compelled to do so by industry or security gaps or if they are large enough and technically prepared for security innovations. Therefore, organisations should adjust their security plans to align with the threats facing their industries.

Keywords: information system security; ISS; technology clusters; technology-push; need-pull; information systems; IS security diffusion; ISS diffusion; technology management; information security; security threats; security policy.

DOI: 10.1504/IJTM.2011.039318

International Journal of Technology Management, 2011 Vol.54 No.2/3, pp.321 - 343

Published online: 06 Apr 2013 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Technology-push and need-pull roles in information system security diffusion

Keep up-to-date