UNT Libraries - Browse


Defining the Information Security Posture: An Empirical Examination of Structure, Integration, and Managerial Effectiveness

Description: The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in the information security domain. An additional aim of this dissertation is to empirically examine the influence of management practices and decisions on effective use of information security strategies within the organization. The issues of centralization versus decentralization of information security activities will be evaluated along with its impact on information security posture of organizations and the effectiveness of the organization's information security strategies. Data was collected from 119 IT and information security executives. Results show that how the organization structures information security activities is not correlated with more effective utilization of information security strategies. Meanwhile, the organization's information security posture ...
Date: August 2008
Creator: Young, Randall Frederick

General Deterrence Theory: Assessing Information Systems Security Effectiveness in Large versus Small Businesses

Description: This research sought to shed light on information systems security (ISS) by conceptualizing an organization's use of countermeasures using general deterrence theory, positing a non-recursive relationship between threats and countermeasures, and by extending the ISS construct developed in prior research. Industry affiliation and organizational size are considered in terms of differences in threats that firms face, the different countermeasures in use by various firms, and ultimately, how a firm's ISS effectiveness is affected. Six information systems professionals were interviewed in order to develop the appropriate instruments necessary to assess the research model put forth; the final instrument was further refined by pilot testing with the intent of further clarifying the wording and layout of the instrument. Finally, the Association of Information Technology Professionals was surveyed using an online survey. The model was assessed using SmartPLS and a two-stage least squares analysis. Results indicate that a non-recursive relationship does indeed exist between threats and countermeasures and that countermeasures can be used to effectively frame an organization's use of countermeasures. Implications for practitioners include the ability to target the use of certain countermeasures to have desired effects on both ISS effectiveness and future threats. Additionally, the model put forth in this research can be used by practitioners to both assess their current ISS effectiveness as well as to prescriptively target desired levels of ISS effectiveness.
Date: May 2009
Creator: Schuessler, Joseph H.

Information systems success and technology acceptance within a government organization.

Description: Numerous models of IS success and technology acceptance their extensions have been proposed and applied in empirical. This study continues this tradition and extends the body of knowledge on the topic of IS success by developing a more comprehensive model for measuring IS success and technology acceptance within a government organization. The proposed model builds upon three established IS success and technology acceptance frameworks namely the DeLone and McLean (2003), Venkatesh et al.'s (2003) unified theory of acceptance and use of technology (UTAUT), and Wixom and Todd (2005). The findings from this study provide not only a comprehensive IS success assessment model but also insights into whether and how IS success models are influenced by application variables as applied within a government organization. Exploratory factor analysis and confirmatory factor analysis were performed for instrument refinement and validity test of the existing and proposed models. Using data from employees of a local government municipal, the comprehensive model explained 32 percent variance. Four of the hypothesis were fully supported five were not supported, and four were partially supported. In addition, the results suggest that behavioral intention may not be the best predictor of technology acceptance in a mandatory environment.
Date: August 2008
Creator: Thomas, Patricia

IT Offshoring Success: A Social Exchange Perspective

Description: Spending by U.S. companies in offshore IT services continues at unprecedented levels despite a high failure rate. This study fills a gap in the existing literature by examining the client-vendor offshoring relationship through the theoretical lens of social exchange theory at the organizational level of analysis from the client's perspective. Social exchange theory focuses on the exchange of activities between two parties, whether they are individuals or companies and was used as a basis for examining the client and vendor relationship. Variables were identified by a review of the literature primarily from IT outsourcing and offshoring but also from general IT, marketing, sociology and organizational science literature. Data was collected using a field survey of Fortune 500 CIOs representing a population of organizations at the forefront of the offshoring phenomenon. The survey instrument was developed based on the adaptation of previously validated scales. Hypotheses regarding the correlations between social variables such as trust, communication, dependence, power, shared values and offshoring success were tested using Spearman's rho correlation. Seven of the hypotheses were supported, four hypotheses were not supported and one hypothesis was deemed not testable due to lack of information.
Date: August 2008
Creator: St. John, Jeremy

Propensity for knowledge sharing: An organizational justice perspective.

Description: Converting individual knowledge into organizational knowledge can be difficult because individuals refuse to share knowledge for a number of different reasons. Creating an atmosphere of fairness plays an important role in the creation of a knowledge-sharing climate. This dissertation proposes that perceptions of organizational justice are crucial building blocks of that environment, leading to knowledge sharing. Data was collected using a field survey of IT managers representing a broad spectrum of the population in terms of organizational size and industry classification. The survey instrument was developed based on the adaptation of previously validated scales in addition to new items where no existing measures were found. Hypotheses regarding the influence of distributional, procedural, and interactional justice on knowledge sharing processes were tested using structural equation modeling techniques. Based on the theory of reasoned action, which states that attitudes and subjective norms are the major determinants of a person's intention, the hypotheses examining the relationship between attitude toward knowledge sharing, subjective norm and the intention to share knowledge were supported. However, results did not support the hypothesis exploring the relationship between the organizational climate and the intention to share knowledge. The results show that all three types of justice constructs are statistically significant antecedents of organizational climate and interactional justice is an antecedent of an attitude toward knowledge sharing. The study attempts to merge streams of research from sociology and organizational behavior by investigating organizational justice and knowledge management. It contributes to theory by the development of the survey instrument, comprised of seven constructs that were developed by incorporating multiple theories to address various aspects of knowledge sharing and provide application to practice and research. It is relevant to IT managers who need to know how to design information systems that are most effective in distributing knowledge throughout organizations.
Access: This item is restricted to UNT Community Members. Login required if off-campus.
Date: August 2006
Creator: Ibragimova, Bashorat

A social capital perspective on IT professionals' work behavior and attitude.

Description: Abstract Attracting and developing information technology (IT) professionals is one of the top concerns for companies. Although much research has been conducted about the job behavior and attitudes of IT professionals over the last three decades, findings are inconclusive and contradictory. This suggests that something may be missing in how we examine this phenomenon. Most of this research is drawn from theories of motivation, very little examines the effect of social relationships on IT professionals' behavior and attitude. Yet, social capital theory suggests that job behavior and attitude may be greatly influenced by these relationships. This suggests that IT professionals' social capital warrants empirical examination. The primary research question that this dissertation addresses is how social capital affects IT professionals' work attitude and behavior including job satisfaction, organizational citizenship behavior, job performance and turnover intention. The research model in this dissertation examines the influence of three aspects of social capital on IT professionals' job attitude and work behavior: tie strength, the number of ties and the structural holes. Data were collected from 129 IT professionals from a range of jobs, organizations and industries. Results indicate that tie strength in the organization of an IT professional is positively related to job satisfaction. The number of ties outside an organization an IT professional has is also positively related to job performance. However, hypotheses about organizational citizenship behavior and turnover intention are not supported. Several implications for organizational executives and managers are offered based on findings.
Access: This item is restricted to UNT Community Members. Login required if off-campus.
Date: August 2006
Creator: Zhang, Lixuan

A Study of the Intent to Fully Utilize Electronic Personal Health Records in the Context of Privacy and Trust

Description: Government initiatives called for electronic health records for each individual healthcare consumer by 2014. the purpose of the initiatives is to provide for the common exchange of clinical information between healthcare consumers, healthcare providers, third-party payers and public healthcare officials.This exchange of healthcare information will impact the healthcare industry and enable more effective and efficient application of healthcare so that there may be a decrease in medical errors, increase in access to quality of care tools, and enhancement of decision making abilities by healthcare consumers, healthcare providers and government health agencies. an electronic personal health record (ePHR) created, managed and accessed by healthcare consumers may be the answer to fulfilling the national initiative. However, since healthcare consumers potentially are in control of their own ePHR, the healthcare consumer’s concern for privacy may be a barrier for the effective implementation of a nationwide network of ePHR. a technology acceptance model, an information boundary theory model and a trust model were integrated to analyze usage intentions of healthcare consumers of ePHR. Results indicate that healthcare consumers feel there is a perceived usefulness of ePHR; however they may not see ePHR as easy to use. Results also indicate that the perceived usefulness of utilizing ePHR does not overcome the low perceived ease of use to the extent that healthcare consumers intend to utilize ePHR. in addition, healthcare consumers may not understand the different components of usage: access, management, sharing and facilitating third-party ePHR. Also, demographics, computer self-efficacy, personal innovativeness, healthcare need and healthcare literacy impact a healthcare consumer’s privacy concerns and trusting intentions in the context of ePHR and intent to utilize ePHR. Finally, this research indicates that healthcare consumers may need a better understanding of the Health Insurance and Portability and Accountability Act of 1996 (HIPAA) regulations of ePHR as well as ...
Date: May 2012
Creator: Richards, Rhonda J.