Skip to main content
SpringerLink
Log in

Perceived information security of internal users in Indian IT services industry

  • Published:
Information Technology and Management Aims and scope Submit manuscript

Abstract

Information security governance dominates the senior management’s agenda in overall organizational informance technology (IT) governance. The globalization trends encompassing all businesses, and risks of information leakage forces organizations to institute mechanisms to protect it. In order to achieve adequate level of protection, organizations implement information security management systems (ISMS). The effectiveness of ISMS depends on the implementation strength of security controls. Several studies have detailed out the qualitative nature of information security measurements and quantitative studies have always remained a challenge. This empirical study focuses on the information security perceptions of internal users of the organization on the security controls, customer influence and the support provided by the top management. The perception of internal users referred as perceived information security is measured based on the degree of confidence expressed by the internal users towards the security objectives namely, confidentiality, integrity, availability, accountability and reliability. In an attempt to align the interest of researchers and practitioners, the study surveys major developments in the field of ISMS and proposes a construct for a holistic comprehension of ‘Perceived Information Security’. The survey based research methodology focuses on the perceptions of the internal users such as Security program Implementers, Business Users and Senior Management. The findings of the study in the context of Indian IT services industry have been presented. The contributions of the research paper include providing insights into perceived information security of internal users of the organization, an empirical approach for studying perceived information security and a holistic framework for information security in Indian IT organizations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Gonzalez R, Gasco J, Llopis J (2005) Information systems outsourcing risks: a study of large firms. Ind Manage Data Syst 105(1):45–62

    Article  Google Scholar 

  2. Foster B, Mcclain G, Shastri T (2010) Impact on pre-and post-sarbanes oxley users’ perceptions by incorporating the auditor’s fraud detection responsibility into the auditor’s internal control report. Res Acc Regul 22:107–113

    Google Scholar 

  3. Maurizio A, Girolami L, Jones PJ (2007) EAI and SOA: factors and methods influencing the integration of multiple ERP systems (in a SAP environment) to comply with the Sarbanes-Oxley Act. J Enterp Inf Manage 20(1):14–31

    Google Scholar 

  4. The National Archives (1998) Data Protection Act 1998. Retrieved May 24, 2012, from http://www.legislation.gov.uk

  5. Wiant TL (2005) Information security policy’s impact on information security incidents. Comput Secur 24:448–459

    Article  Google Scholar 

  6. Ward P, Smith CL (2002) The development of access control policies for information technology systems. Comput Secur 21(4):356–371

    Article  Google Scholar 

  7. Vroom C, von Solms R (2004) Towards information security behavioural compliance. Comput Secur 23(33):191–198

    Article  Google Scholar 

  8. ISO/IEC 27001:2005 (2005) Information technology-security techniques-information security management systems-requirements. International Standards Organization, Geneva

    Google Scholar 

  9. Kankanhalli A, Teo H-H, Tan BC et al (2003) An integrative study of information systems security effectiveness. Int J Inf Manage 23:139–154

    Article  Google Scholar 

  10. Kotulic AG, Clark JG (2004) Why there aren’t more information security research studies. Inf Manage 41:597–607

    Article  Google Scholar 

  11. Poore RS (2000) Valuing information assets for security risk management. Inf Syst Secur 9(4):17–23

    Google Scholar 

  12. Nyanchama M (2005) Enterprise vulnerability management and its role in information security management. Inf Secur Manage 14(3):29–56

    Article  Google Scholar 

  13. Kwon S, Jang S, Lee J et al (2007) Common defects in information security management system of Korean companies. J Syst Softw 80:1631–1638

    Article  Google Scholar 

  14. Chellappa RK, Pavlou PA (2002) Perceived information security, financial liability and consumer trust in electronic commerce transactions. Logist Inf Manage 15(5/6):358–368

    Article  Google Scholar 

  15. Fung AR-W, Farn K-J, Lin AC (2003) Paper: a study on the certification of the information security management systems. Comput Stand Interfaces 25:447–461

    Article  Google Scholar 

  16. Ma Q, Pearson MJ (2005) ISO 17799: “BEST PRACTICES” IN INFORMATION SECURITY MANAGEMENT ? Commun Assoc Inf Syst 15:577–591

    Google Scholar 

  17. ISMS International User Group (2011) Title of subordinate document: international register of ISMS certificates. http://www.iso27001certificates.com of subordinate document. Accessed 20 Jul 2011

  18. Knapp KJ, Marshall TE, Rainer KR et al (2006) Information security: management’s effect on culture and policy. Inf Manage Comput Secur 14(1):24–36

    Article  Google Scholar 

  19. Ma Q, Johnston AC, Pearson MJ (2008) Information security management objectives and practices: a parsimonious framework. Inf Manage Comput Secur 16(3):251–270

    Article  Google Scholar 

  20. ISO/IEC 17799:2005 (E) (2005) Information technology-security techniques-code of practice for information security management. International Standards Organization, Geneva

    Google Scholar 

  21. Humphreys E (2008) Information security management standards: compliance, governance and risk management. Inf Secur Tech Report 13:247–255

    Article  Google Scholar 

  22. Saleh MS, Alrabiah A, Bakry SH (2007) A STOPE model for the investigation of compliance with ISO 17799–2005. Inf Manage Comput Secur 15(4):283–294

    Article  Google Scholar 

  23. Karyda M, Kiountouzis E, Kokolakis S (2005) Information systems security policies: a contextual perspective. Comput Secur 24:246–260

    Article  Google Scholar 

  24. Chang HH, Chen SW (2009) Consumer perception of interface quality, security, and loyalty in electronic commerce. Inf Manage 46:411–417

    Article  Google Scholar 

  25. Gerber M, von Solms R (2008) Information security requirements—interpreting the legal aspects. Comput Secur 27:124–135

    Article  Google Scholar 

  26. Herbane B, Elliott D, Swartz EM (2004) Business continuity management: time for a strategic role? Long Range Plan 37:435–457

    Article  Google Scholar 

  27. Da Veiga A, Eloff J (2007) An information security governance framework. Inf Syst Manage 24:361–372

    Article  Google Scholar 

  28. Knapp KJ, Morris FR, Marshall TE et al (2009) Information security policy: an organizational-level process model. Comput Secur 28:493–508

    Article  Google Scholar 

  29. Thong J, Yap YL, Raman KS (1996) Top Management support, external expertise and information systems implementation in small business. Inf Syst Res 7(2):248–267

    Article  Google Scholar 

  30. Han BS, Chen SK, Ebrahimpour M (2007) The impact of ISO 9000 on TQM and business performance. J Bus Econ Stud 13(2):1–24

    Google Scholar 

  31. Chang SE, Lin C-S (2007) Exploring organizational culture for information security management. Ind Manage Data Syst 107(3):438–445

    Article  Google Scholar 

  32. SSE-CMM (2003) Systems security engineering capability maturity model 3.0. Carnegie Mellon University. Retrieved from http://all.net/books/standards/ssecmmv3final.pdf

  33. ISO/IEC 9001:2008 (2008) Quality management systems—requirements. International Standards Organization, Geneva

    Google Scholar 

  34. Parasuraman A, Zeithaml VA, Berry LL (1985) A conceptual model of service quality and its implications for future research. J Mark 49:41–50

    Article  Google Scholar 

  35. Parasuraman A, Zeithaml VA, Berry LL (1988) SERVQUAL: a multiple-item scale for measuring consumer perceptions of service quality. J Retail 64(1):12–40

    Google Scholar 

  36. Flavian C, Guinaliu M (2006) Consumer trust, perceived security and privacy policy. Ind Manage Data Syst 106(5):601–620

    Article  Google Scholar 

  37. Kim DJ, Ferrin D, Rao RH (2008) A trust-based consumer decision-making model in electronic commerce: the role of trust, perceived risk, and their antecedents. Decis Support Syst 44:544–564

    Article  Google Scholar 

  38. Mouratidis H, Jahankhani H, Nkhoma MZ (2008) Management versus security specialists: an empirical study on security related perceptions. Inf Manage Comput Secur 16(2):187–205

    Article  Google Scholar 

  39. Hong K-S, Chi Y-P, Chao LR, Tang J-H (2006) An empirical study of information security policy on information security elevation in Taiwan. Inf Manage Comput Secur 14(2):104–115

    Article  Google Scholar 

  40. DSCI-KPMG Survey (2009) State of data security and privacy in the Indian Industry. Retrieved Oct 1, 2012, from http://www.dsci.in/sites/default/files/data_security_survey_2009_report_final_30th_dec_2009.pdf

  41. DSCI-KPMG Survey (2010) State of data security and privacy in the Indian BPO Industry. Retrieved Oct 1, 2012, from http://www.dsci.in/taxonomypage/296

  42. Chang AJ-T, Yeh Q-J (2006) On security preparations against possible IS threats across industries. Inf Manage Comput Secur 14(4):343–360

    Article  Google Scholar 

  43. ISO/IEC 13335–1:2004 (2004) Information technology-security techniques—management of information and communication technology security—part 1: concepts for information and communications technology security management. International Standards Organization, Geneva

    Google Scholar 

  44. Yeh Q-J, Chang AJ-T (2007) Threats and countermeasures for information system security: a cross-industry study. Inf Manage 44:480–491

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Management Studies, Indian Institute of Technology Madras, Chennai, 600036, India

    N. R. Mukundan & L. Prakash Sai

Authors
  1. N. R. Mukundan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. L. Prakash Sai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to N. R. Mukundan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mukundan, N.R., Prakash Sai, L. Perceived information security of internal users in Indian IT services industry. Inf Technol Manag 15, 1–8 (2014). https://doi.org/10.1007/s10799-013-0156-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10799-013-0156-y

Keywords

Search

Navigation