Information Security Program Effectiveness in Organizations: The Moderating Role of Task Interdependence

Information Security Program Effectiveness in Organizations: The Moderating Role of Task Interdependence

Kenneth J. Knapp (University of Tampa, USA) and Claudia J. Ferrante (United States Air Force Academy, USA)
DOI: 10.4018/978-1-4666-8111-8.ch035


This research investigates the moderating role of task interdependence on factors influencing information security effectiveness in organizations. Drawing on the literature, the authors develop a theoretical model depicting top management support and awareness & training support as predictors of information security program effectiveness. Further, the model shows security culture as a partial mediator between the predictor and criterion variables. The authors then apply task interdependence as a moderator to the model. Results from a survey given to a sample of 371 certified information security professionals find support for the model while showing certain paths to be significant only under high task interdependence while others only under low task interdependence. In high task interdependence environments, security culture did not mediate the relationships between the predictor and criterion variables suggesting that managers focus on providing greater structural support to maximize security effectiveness. However, in low task interdependence, security culture fully mediated the relationships between the predictor and criterion variables suggesting that the role of culture is amplified and central in those environments.
Chapter Preview


Implementing a network firewall may appear like a straightforward technical challenge rather than one requiring the cooperation of several business functions and outside entities. After all, a critical function of a firewall is to protect networks from electronic threats originating from the Internet. However, implementing devices like firewalls can be a highly interdependent organizational task involving teamwork and collaboration. This often requires close working relationships among system administrators, technology architects, product vendors, cloud providers (Moyle, 2011) and even civil engineers for power and cooling issues. Yet, information security concerns today go far beyond the need for firewalls and technology solutions. Because sensitive information is routinely automated in organizations, security now is a necessity requiring extensive cooperation. Readers may be familiar with the maxim that security is everybody’s business implying that all employees must pay attention to security. Likewise, it is critical for security effectiveness that employees collaborate and behave in a manner consistent with secure practices (Huang, Rau, & Salvendy, 2010). Collaborative work environments where the output of one task is highly dependent upon another may require significant levels of mutuality or, as we analyze in this paper, task interdependence.

In this study, we explore the moderating effects of task interdependence on factors influencing the effectiveness of information security programs in organizations. First, we study the impact of top management support, awareness & training, and security culture on information security program effectiveness. We then investigate task interdependence as a moderating variable on the study’s theoretical model. Task interdependence is the extent to which individuals depend upon other persons and resources to perform a job (Van der Vegt, Van de Vliert, & Oosterhof, 2003) reflecting interrelated roles, technology requirements, and work constraints in organizations (Nielsen, Bachrach, Sundstrom, & Halfhill, 2012). Task interdependence has been called one of the most critical structural variables that influences team performance and often indirectly impacts it by moderating the effects of other variables on performance (Langfred, 2005). In the information systems literature, the task interdependence construct has received research attention (Andres & Zmud, 2003; Sharma & Yetton, 2007; Staples & Webster, 2008); however, to our knowledge no published research has applied task interdependence as a moderator in an information security study. Our study addresses this gap in the literature.

This research seeks to understand how high and low task interdependence environments moderate key relationships influencing information security program effectiveness in organizations. In this effort, we employ the notion of collaborative task knowledge as well as human agency theory to the results of our study. Collaborative task knowledge refers to the interdependent relationship among user work routines thus allowing users to understand the collective consequences of their individual ways (Kang & Santhanam, 2003-4). In previous information systems (IS) research, the effect of collaborative task knowledge on systems implementation success was contingent on task interdependence (Sharma & Yetton, 2007). We also apply human agency theory positing that executive leadership works as the primary human agents adapting external institutional factors into specific actions such as amending organizational structures and determining information security policies (Liang, Saraf, Hu, & Xue, 2007). Here, institutional forces emanating from consultants or industry standard practices influence and persuade top management’s actions on their own firms. We will apply a contingent view of this approach positing that under high task interdependence, management adopts an agency approach to standardizing organizational structures where under low task interdependence, management focuses on nurturing a security friendly culture in the organization.

Complete Chapter List

Search this Book: