Abstract
This article investigates the effect of organizational characteristics on information security practices in Trinidad and Tobago. As a theoretical lens, this study relies on a hypothesized model derived from Chang and Wang (2010) to test 24 hypotheses relating to information security practices. The data was collected using online surveys and was analyzed using factor analysis and structured equation modeling (SEM). Upon final analysis, 8 of the 24 hypotheses were confirmed.
TopLiterature Review
Peltier (2005) states that information security “encompasses the use of physical and logical data access controls to ensure the proper use of data and to prohibit unauthorized or accidental modification, destruction, disclosure, or loss of access.”
Information security rests on the concepts of confidentiality, integrity and availability. Wang (2005) posits that confidentiality, integrity, and availability are “the most important properties for information systems in terms of security” and Bishop (2003) stated that “computer security rests on confidentiality, integrity and availability.”
Protecting confidentiality is based mainly on defining and enforcing appropriate access levels and permissions for information, i.e. ensuring that those who are supposed to have access to information do, and those who are not supposed to have access, do not. Confidentiality is essentially protecting information from unauthorized access (Schultz et al., 2001).
Key Terms in this Chapter
Information Security Management Architecture: The 'soft' or non-technical element of the information security infrastructure. It is composed of initiatives and managerial policies meant to ensure the confidentiality, integrity and availability of information. Examples include user awareness and training and executive support of information security programmes and policies.
Information Technology Management Skills: The ability to harness IT solutions for organizational growth and problem solving.
Information Security Technical Architecture: The technical element of the information security infrastructure. It is composed of technical solutions meant to ensure the confidentiality, integrity and availability of information. Examples include firewalls, Unified Threat Management (UTM) devices and anti-virus software.
Information Technology Resources: The collection of technical skills and knowledge possessed by the firm.
Information Technology Technical Skills: The specialized IT technical skills and experience a firm possesses which is leverageable in performing specific IT-related tasks such as software engineering or networking.
Relationship Resources: The goodwill earned over time by an organization through interactions and relationship-building with internal and external parties.
Information Security Infrastructure: The established information security framework which is comprised of technical and managerial controls.