Article Preview
TopIntroduction
As more organizations of every type become increasingly reliant on their information systems (IS) and concomitant information assets, the need to protect those information assets has expanded. In response to this need, a plethora of studies have emerged proposing programs designed to secure different areas of interest. However, while organizations continue to strive to fully secure their information systems and information assets, and as threats to that security become increasingly sophisticated and invasive, no clear understanding of IS security success and its underlying dimensions have emerged. Further, the current research is based on the assumption that measurement of the success of an IS security program may be impossible without a clear understanding and operationalization of those dimensions.
While the value of information assets continues to increase, many firms only begin to realize the importance of securing those assets after experiencing the negative repercussions associated with a security breach (Cavusoglu, Mishra, & Raghunathan, 2004). However, even as organizations have begun to recognize the importance of security, assessing the real benefits provided to the organization has proved to be challenging. Identifying the keys to IS security success within an organization will ultimately allow organizations to better utilize their resources (Zviran & Haga, 1999). In fact, successful IS security involves a “well-informed sense of assurance that information risks and controls is in balance” (Anderson, 2003, p. 310). However, in spite of the wealth of research, IS security and success have been treated generally as separate entities; a great deal of research has been conducted on the “means to the end”, while limited research has been aimed at developing and understanding the core dimensions of IS security success. This study argues that without understanding the true meaning of IS success within an organizational context, attempts to measure this success will be difficult, as the goal is inadequately defined, poorly understood, or may even be non-existent.
The intention of this research is to provide a starting point for a better understanding of the elements that comprise information systems security success within an organization. To that end, we will first review IS security literature to determine the elements constituting IS security success. Next, we will operationalize these elements as core dimensions of security success and propose a model that can be tested empirically. Finally, we will evaluate the IS security success model in the context of e-Government and discuss appropriate implications for research and industry.