Information Security Program Effectiveness in Organizations: The Moderating Role of Task Interdependence

Information Security Program Effectiveness in Organizations: The Moderating Role of Task Interdependence

Kenneth J. Knapp (University of Tampa, Tampa, FL, USA) and Claudia J. Ferrante (USAF, United States Air Force Academy, Colorado Springs, CO, USA)
Copyright: © 2014 |Pages: 20
DOI: 10.4018/joeuc.2014010102


This research investigates the moderating role of task interdependence on factors influencing information security effectiveness in organizations. Drawing on the literature, the authors develop a theoretical model depicting top management support and awareness & training support as predictors of information security program effectiveness. Further, the model shows security culture as a partial mediator between the predictor and criterion variables. The authors then apply task interdependence as a moderator to the model. Results from a survey given to a sample of 371 certified information security professionals find support for the model while showing certain paths to be significant only under high task interdependence while others only under low task interdependence. In high task interdependence environments, security culture did not mediate the relationships between the predictor and criterion variables suggesting that managers focus on providing greater structural support to maximize security effectiveness. However, in low task interdependence, security culture fully mediated the relationships between the predictor and criterion variables suggesting that the role of culture is amplified and central in those environments.
Article Preview


Implementing a network firewall may appear like a straightforward technical challenge rather than one requiring the cooperation of several business functions and outside entities. After all, a critical function of a firewall is to protect networks from electronic threats originating from the Internet. However, implementing devices like firewalls can be a highly interdependent organizational task involving teamwork and collaboration. This often requires close working relationships among system administrators, technology architects, product vendors, cloud providers (Moyle, 2011) and even civil engineers for power and cooling issues. Yet, information security concerns today go far beyond the need for firewalls and technology solutions. Because sensitive information is routinely automated in organizations, security now is a necessity requiring extensive cooperation. Readers may be familiar with the maxim that security is everybody’s business implying that all employees must pay attention to security. Likewise, it is critical for security effectiveness that employees collaborate and behave in a manner consistent with secure practices (Huang, Rau, & Salvendy, 2010). Collaborative work environments where the output of one task is highly dependent upon another may require significant levels of mutuality or, as we analyze in this paper, task interdependence.

In this study, we explore the moderating effects of task interdependence on factors influencing the effectiveness of information security programs in organizations. First, we study the impact of top management support, awareness & training, and security culture on information security program effectiveness. We then investigate task interdependence as a moderating variable on the study’s theoretical model. Task interdependence is the extent to which individuals depend upon other persons and resources to perform a job (Van der Vegt, Van de Vliert, & Oosterhof, 2003) reflecting interrelated roles, technology requirements, and work constraints in organizations (Nielsen, Bachrach, Sundstrom, & Halfhill, 2012). Task interdependence has been called one of the most critical structural variables that influences team performance and often indirectly impacts it by moderating the effects of other variables on performance (Langfred, 2005). In the information systems literature, the task interdependence construct has received research attention (Andres & Zmud, 2003; Sharma & Yetton, 2007; Staples & Webster, 2008); however, to our knowledge no published research has applied task interdependence as a moderator in an information security study. Our study addresses this gap in the literature.

This research seeks to understand how high and low task interdependence environments moderate key relationships influencing information security program effectiveness in organizations. In this effort, we employ the notion of collaborative task knowledge as well as human agency theory to the results of our study. Collaborative task knowledge refers to the interdependent relationship among user work routines thus allowing users to understand the collective consequences of their individual ways (Kang & Santhanam, 2003-4). In previous information systems (IS) research, the effect of collaborative task knowledge on systems implementation success was contingent on task interdependence (Sharma & Yetton, 2007). We also apply human agency theory positing that executive leadership works as the primary human agents adapting external institutional factors into specific actions such as amending organizational structures and determining information security policies (Liang, Saraf, Hu, & Xue, 2007). Here, institutional forces emanating from consultants or industry standard practices influence and persuade top management’s actions on their own firms. We will apply a contingent view of this approach positing that under high task interdependence, management adopts an agency approach to standardizing organizational structures where under low task interdependence, management focuses on nurturing a security friendly culture in the organization.

Complete Article List

Search this Journal:
Open Access Articles
Volume 32: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 31: 4 Issues (2019): 1 Released, 3 Forthcoming
Volume 30: 4 Issues (2018)
Volume 29: 4 Issues (2017)
Volume 28: 4 Issues (2016)
Volume 27: 4 Issues (2015)
Volume 26: 4 Issues (2014)
Volume 25: 4 Issues (2013)
Volume 24: 4 Issues (2012)
Volume 23: 4 Issues (2011)
Volume 22: 4 Issues (2010)
Volume 21: 4 Issues (2009)
Volume 20: 4 Issues (2008)
Volume 19: 4 Issues (2007)
Volume 18: 4 Issues (2006)
Volume 17: 4 Issues (2005)
Volume 16: 4 Issues (2004)
Volume 15: 4 Issues (2003)
Volume 14: 4 Issues (2002)
Volume 13: 4 Issues (2001)
Volume 12: 4 Issues (2000)
Volume 11: 4 Issues (1999)
Volume 10: 4 Issues (1998)
Volume 9: 4 Issues (1997)
Volume 8: 4 Issues (1996)
Volume 7: 4 Issues (1995)
Volume 6: 4 Issues (1994)
Volume 5: 4 Issues (1993)
Volume 4: 4 Issues (1992)
Volume 3: 4 Issues (1991)
Volume 2: 4 Issues (1990)
Volume 1: 3 Issues (1989)
View Complete Journal Contents Listing