Title: Exploring the relationships between IT capabilities and information security management

Authors: Shuchih Ernest Chang, Shiou-Yu Chen, Chun-Yen Chen

Addresses: Institute of Electronic Commerce, National Chung Hsing University, 250 Kuo Kuang Road, Taichung, 402, Taiwan. ' Department of Shipping and Transportation Management, National Taiwan Ocean University, 2 Beining Road, Keelung, 202, Taiwan. ' Institute of Electronic Commerce, National Chung Hsing University, 250 Kuo Kuang Road, Taichung, 402, Taiwan

Abstract: This study surveyed 288 organisations to explore the relationship between information technology (IT) capabilities and information security management (ISM). A review of the literature helped to not only identify the important factors of IT capabilities and ISM implementation, but also formulate a research framework. Both IT capabilities and ISM implementation were subsequently empirically measured to study how IT practice influenced the organisational implementation of ISM principles. SPSS and LISREL were used to analyse the collected data and validate the proposed framework. Subsequently, the study|s hypotheses were examined via path analyses and the analytical results revealed that IT capabilities were significantly associated with the effectiveness of ISM. The validated model and the corresponding study results can provide a reference for enterprise managers and decision makers to develop favourable tactics for achieving their goal of ISM – mitigating information security risks.

Keywords: information security management; ISM; information technology capabilities; information management; information systems; security risks.

DOI: 10.1504/IJTM.2011.039310

International Journal of Technology Management, 2011 Vol.54 No.2/3, pp.147 - 166

Published online: 06 Apr 2013 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article