Institutional Influences on Information Systems Security Innovations

Published Online:https://doi.org/10.1287/isre.1110.0393

References

  • Ajzen I., Fishbein M.Understanding Attitudes and Predicting Behavior (1980) (Prentice Hall, Englewood Cliffs, NJ) Google Scholar
  • Ang S., Cummings L. Strategic response to institutional influences on information systems outsourcing. Organ. Sci. (1997) 8(3):235–256LinkGoogle Scholar
  • Ba S., Stallaert J., Whinston A. B. Research commentary: Introducing a third dimension in the information systems design—The case for incentive alignment. Inform. Systems Res. (2001) 12(3):225–239LinkGoogle Scholar
  • Backhouse J., Hsu C., Silva L. Circuits of power in creating de jure standards: Shaping an international information systems security standard. MIS Quart. (2006) 30(Special issue):413–438CrossrefGoogle Scholar
  • Bae J. Beyond seniority-based systems: A paradigm shift in Korean HRM? Asia Pacific Bus. Rev. (1997) 3(4):82–110CrossrefGoogle Scholar
  • Bae J., Lawler J. J. Organizational and HRM strategies in Korea: Impact on firm performance in an emerging economy. Acad. Management J. (2000) 43(3):502–517CrossrefGoogle Scholar
  • Bantel K., Jackson S. Top management and innovations in banking: Does the composition of the top team make a difference? Strategic Management J. (1989) 10(1):107–124CrossrefGoogle Scholar
  • Baskerville R. Risk analysis: An interpretive feasibility tool in justifying information systems security. Eur. J. Inform. Systems (1991) 1(2):121–130CrossrefGoogle Scholar
  • Baskerville R., Dhillon G., Straub D., Goodman S., Baskerville R. Information systems security strategy: A process view. Information Security Policies, Processes and Practices (2008) (M. E. Sharpe, Armonk, NY) 15–45Google Scholar
  • Bharadwaj A. S. A resource-based perspective on information technology capability and firm performance: An empirical investigation. MIS Quart. (2000) 24(1):169–196CrossrefGoogle Scholar
  • Blasi A. D., Puig F. V. Conditions for successful automation in industrial applications: A point of view. IFAC 15th Triennial World Congress Proc. (2002) . http://www.nt.ntnu.no/users/skoge/prost/proceedings/ifac2002/data/content/05002/5002.pdfGoogle Scholar
  • Butler T. An institutional perspective on developing and implementing Intranet- and Internet-based information systems. Inform. Systems J. (2003) 13(3):209–231CrossrefGoogle Scholar
  • Chang S., Ho C. Organizational factors to the effectiveness of implementing security management. Indust. Management Data Systems (2006) 106(3):345–361CrossrefGoogle Scholar
  • Chatterjee D., Grewal R., Sambamurthy V. Shaping up for e-commerce: Institutional enablers of the organizational assimilation web technologies. MIS Quart. (2002) 26(2):65–89CrossrefGoogle Scholar
  • Cheong J. H., Park M. C. Mobile Internet acceptance in Korea. Internet Res (2005) 15(2):125–140CrossrefGoogle Scholar
  • Chiang T. J., Chang R. I., Kouh J. S., Hsu K. P. An information security education maturity model. (2008) . Working paper, National Taiwan University, Taipei, Taiwan. http://cnte2008.cs.nhcue.edu.tw/pdf/135.pdfGoogle Scholar
  • Cavusoglu H., Mishra B., Raghunathan S. A model for evaluating IT security investments. Comm. ACM (2004) 47(7):87–92CrossrefGoogle Scholar
  • Cavusoglu H., Mishra B., Raghunathan S. The value of intrusion detection systems in information technology security architecture. Inform. Systems Res. (2005) 16(1):28–56LinkGoogle Scholar
  • Chin W. W., Marcoulides G. A. The partial least squares approach to structural equation modeling. Modern Methods for Business Research (1998) (Lawrence Erlbaum Associates, Mahwah, NJ) 295–336Google Scholar
  • Chin W. W., Marcolin B. L., Newsted P. R. A partial least squares latent variable approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Inform. Systems Res. (2003) 14(2):189–217LinkGoogle Scholar
  • Chou D. C., Yen D. C., Lin B., Cheng P. H. Cyber security management. Indust. Management Data Systems (1999) 99(8):353–361CrossrefGoogle Scholar
  • Choung J. Y. Patterns of innovation in Korea and Taiwan. IEEE Trans. Engrg. Management (1998) 45(4):357–365CrossrefGoogle Scholar
  • Cohen J.Statistical Power Analysis for the Behavioral Sciences (1988) 2nd ed.(Lawrence Erlbaum Associates, Hillsdale, NJ) Google Scholar
  • Cook T. D., Campbell D. T.Quasi-Experimentation: Design and Analysis Issues for Field Settings (1979) (Houghton Mifflin, Chicago) Google Scholar
  • Cooper R. B., Zmud R. W. Information technology implementation research: A technological diffusion approach. Management Sci. (1990) 36(2):123–139LinkGoogle Scholar
  • Damanpour F. Organizational innovation: A meta-analysis of effects of determinants and moderators. Acad. Management J (1991) 34(3):555–590CrossrefGoogle Scholar
  • D'Archy J., Hovav A., Galletta D. User awareness of security countermeasures and its impact on information security misuse: A deterrence approach. Inform. Systems Res. (2009) 20(1):79–98LinkGoogle Scholar
  • Dhillon G., Backhouse J. Current directions in IS security research: Towards socio-organizational perspectives. Inform. Systems J. (2001) 11(2):127–153CrossrefGoogle Scholar
  • Dillman D. A. The design and administration of mail surveys. Annual Rev. Sociol. (1991) 17:225–249CrossrefGoogle Scholar
  • DiMaggio P. J., Powell W. W., DiMaggio P. J., Powell W. W. The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. The New Institutionalism in Organizational Analysis (1991) (University of Chicago Press, Chicago) 63–82Google Scholar
  • Duncan R. B. Characteristics of organizational environments and perceived environmental uncertainty. Admin. Sci. Quart. (1972) 17(3):313–327CrossrefGoogle Scholar
  • Fichman R. G., Kemerer C. F. The assimilation of software process innovation: An organizational learning perspective. Management Sci. (1997) 43(10):1345–1363LinkGoogle Scholar
  • Fichman R. G., Kemerer C. F. The illusory diffusion of innovation: An examination of assimilation gaps. Inform. Systems Res. (1999) 10(3):255–275LinkGoogle Scholar
  • Fornell C., Bookstein F. L. Two structural equation models: LISREL and PLS applied to customer exit-voice theory. J. Marketing Res. (1982) 19(4):440–452CrossrefGoogle Scholar
  • Gallivan M. J. Organizational adoption and assimilation of complex technological innovation: Development and application of a new framework. DATA BASE Adv. Inform. Systems (2001) 32(3):51–85CrossrefGoogle Scholar
  • Gill T. G. High-tech hidebound: Case studies of information technologies that inhibited organizational learning. Accounting, Management Inform. Tech. (1995) 5(1):41–60CrossrefGoogle Scholar
  • Goodhue D. L., Straub D. Security concerns of system users: A study of perceptions of the adequacy of security measures. Inform. Management (1991) 20(1):13–27CrossrefGoogle Scholar
  • Gordon L., Loeb M. Using information security as a response to competitor analysis systems. Comm. ACM (2001) 44(9):70–75CrossrefGoogle Scholar
  • Gordon L., Loeb M. The economics of information security investment. ACM Trans. Inform. System Security (2002) 5(4):438–457CrossrefGoogle Scholar
  • Gosain S. Enterprise information systems as objects and carriers of institutional forces: The new iron cage? J. Assoc. Inform. Systems (2004) 5(4):151–182Google Scholar
  • Guler I., Guillen M., Macpherson J. Global competition institutions, and the diffusion of organizational practices: The international spread of ISO 9000 quality certificates. Admin. Sci. Quart. (2002) 47(2):207–223CrossrefGoogle Scholar
  • Hair J. F., Anderson R. E., Tatham R. L., Black W. C.Multivariate Data Analysis with Readings (1995) 4th ed.(Prentice Hall, Englewood Cliffs, NJ) Google Scholar
  • Haunschild P., Minner A. Modes of interorganizational imitation: The effects of outcome salience and uncertainty. Admin. Sci. Quart. (1997) 42(3):472–500CrossrefGoogle Scholar
  • Hirt S. G., Swanson E. B. Emergent maintenance of ERP: New roles and relationships. J. Software Maintenance: Res. Practice (2001) 13(6):373–397CrossrefGoogle Scholar
  • Hofstede G.Culture's Consequence: International Differences in Work Related Values (1980) (Sage Publications, London) Google Scholar
  • Hsu C. Frame misalignment: Interpreting the implementation of information systems security certification in an organization. Eur. J. Inform. Systems (2009) 18(2):140–150CrossrefGoogle Scholar
  • Hu Q., Hart P., Cooke D. The role of external influences on organizational information security practices: An institutional perspective. 39th Hawaii Internat. Conf. System Sci. (2006) (IEEE Computer Society Press, Los Alamitos, CA) 1–10Google Scholar
  • Hu Q., Hart P., Cooke D. The role of external influences on organizational information security practices: An institutional perspective. J. Strategic Inform. Systems. (2007) 16(2):153–172CrossrefGoogle Scholar
  • Huck S. W., Cormier W. H., Bounds W. G.Reading Statistics and Research (1974) (Harper-Collins, New York) Google Scholar
  • Iacono C., Benbasat I., Dexter A. Electronic data interchange and small organizations: Adoption and impact of technology. MIS Quart. (1995) 19(4):465–485CrossrefGoogle Scholar
  • Junarkar B. Leveraging collective intellect by building organizational capabilities. Expert Systems Appl. (1997) 13(1):29–40CrossrefGoogle Scholar
  • Jung B., Han I., Lee S. Security threats to Internet: A Korean multi-industry investigation. Inform. Management (2001) 38(8):487–498CrossrefGoogle Scholar
  • Kaluzny A., McLaughlin C., Jaeger B. TQM and a managerial innovation: Research issues and implications. Health Services Management Rev. (1993) 6(2):78–88CrossrefGoogle Scholar
  • Kankanhalli A., Teo H. H., Wei K. K. An integrative study of information systems security effectiveness. Internat. J. Inform. Management (2003) 23(2):139–154CrossrefGoogle Scholar
  • Kotulic A. G. Why there are not more information security research studies. Inform. Management (2004) 41(5):597–607CrossrefGoogle Scholar
  • Lau T. Y., Kim S. W., Atkin D. An examination of factors contributing to South Korea's global leadership in broadband adoption. Telematics Informatics (2005) 22(4):349–359CrossrefGoogle Scholar
  • Liang H., Saraf N., Hu Q., Xue Y. Assimilation of enterprise systems: The effect of institutional pressures and the mediating role of top management. MIS Quart. (2007) 31(1):59–87CrossrefGoogle Scholar
  • Mignerat M., Rivard S. Positioning the institutional perspective in information systems research. J. Inform. Tech. (2009) 24(4):369–391CrossrefGoogle Scholar
  • Miles M. B., Huberman A. M.Qualitative Data Analysis (1994) (Sage Publications, Thousand Oaks, CA) Google Scholar
  • Milliken F. J. Three types of perceived uncertainty about the environment: State, effect, and response uncertainty. Acad. Management Rev. (1987) 12(1):133–143CrossrefGoogle Scholar
  • Miranda S. M., Kim Y. M. Professional versus political contexts: Institutional mitigation and the transaction cost heuristic in information systems outsourcing. MIS Quart. (2006) 30(3):725–753CrossrefGoogle Scholar
  • Moore G., Benbasat I. Development of an instrument to measure the perceptions of adopting an information technology innovation. Inform. Systems. Res. (1991) 2(3):192–222LinkGoogle Scholar
  • Oliver C. Strategic response to institutional processes. Acad. Management Rev. (1991) 16(1):145–179CrossrefGoogle Scholar
  • Park C., Yang H.-D., Yoo Y., Lee J.-N., Rowley C. Mobile business in Korea. Trends in Mobile Technology and Business in the Asia-Pacific Region (2008) (Chandos Publishing, Oxford, UK) 109–126CrossrefGoogle Scholar
  • Perrow C. Review essay: Overboard with myth and symbols. Amer. J. Sociol. (1985) 91(1):51–55CrossrefGoogle Scholar
  • Pfeffer J.Organization and Organizational Theory (1982) (Pitman, Boston) Google Scholar
  • Pfeffer J., Salancik G.The External Control of Organizations: A Resource Dependence Perspective (1978) (Harper & Row, New York) Google Scholar
  • Ramachandran S., Rao S. Security cultures in organizations: A theoretical model. Americas Conf. Inform. Systems (2006) Acapulco, MexicoGoogle Scholar
  • Ransbotham S., Mitra S. Choice and chance: A conceptual model of paths to information security compromise. Inform. Systems. Res. (2009) 20(1):121–139LinkGoogle Scholar
  • Richardson R.CSI Computer Crime and Security Survey: U.S. (2008) (Computer Security Institute, New York) Google Scholar
  • Rosner M. Economic determinants of organizational innovation. Admin. Sci. Quart. (1968) 12(4):614–625CrossrefGoogle Scholar
  • Ryan M. J., Bonfield E. H. The Fishbein extended model and consumer behavior. J. Consumer Res. (1975) 2(2):118–136CrossrefGoogle Scholar
  • Scott W. R.Institutions and Organizations (1995) (Sage Publications, London) Google Scholar
  • Shin H. Is it possible to force firms to have CISOs? (2009) . CIO Biz (September 27), http://www.ciobiz.co.kr/news/articleView.html?idxno=1114. [In Korean.]Google Scholar
  • Siponen M. An analysis of the traditional IS security approaches: Implications for research and practice. Eur. J. Inform. Systems (2005) 14(3):303–315CrossrefGoogle Scholar
  • Siponen M., Iivari J. Six design theories for IS security policies and guidelines. J. Assoc. Inform. Systems (2006) 7(7):445–472Google Scholar
  • Siponen M., Willison R. A critical assessment of IS security research between 1990–2004. Proc. 15th Eur. Conf. Inform. Systems (2007) St. Gallen, Switzerland:1551–1559Google Scholar
  • Sivo S., Saunders C., Chang Q., Jiang J. How low should you go? Low response rates and the validity of inference in IS survey research. J. Assoc. Inform. Systems (2006) 7(6):351–411Google Scholar
  • Son J. Y., Benbasat I. Organizational buyers' adoption and use of B2B electronic marketplaces: Efficiency—And legitimacy-oriented perspectives. J. Management Inform. Systems (2007) 24(1):55–99CrossrefGoogle Scholar
  • Straub D., Welke R. J. Coping with systems risk: Security planning models for management decision-making. MIS Quart. (1998) 22(4):441–469CrossrefGoogle Scholar
  • Straub D., Goodman S., Baskerville R., Straub D., Goodman S., Baskerville R. Framing of information security and practices. Information Security Policies, Processes and Practices (2008) (M. E. Sharpe, Armonk, NY) 5–12Google Scholar
  • Teece D. J. The diffusion of an administrative innovation. Management Sci. (1980) 26(5):464–470LinkGoogle Scholar
  • Teo H. H., Wei K. K., Benbasat I. Predicting intention to adopt interorganizational linkage: An institutional perspective. MIS Quart. (2003) 27(1):19–49CrossrefGoogle Scholar
  • Terlaak A., King A. The effect of certification with the ISO 9000 quality management standard: A singaling approach. J. Econom. Behav. Organ. (2006) 60(4):579–602CrossrefGoogle Scholar
  • Tingling P., Parent M. Mimetic isomorphism and technology evaluation: Does limitation transcend judgment? J. Assoc. Inform. Systems (2002) 3(5):113–143Google Scholar
  • Venkatesh V., Davis F. D. A theoretical extension of the technology acceptance model: Four longitudinal field studies. Management Sci. (2000) 46(2):186–205LinkGoogle Scholar
  • Venkatraman N., Loh L., Koh J. The adoption of corporate governance mechanism: A test of competing diffusion models. Management Sci. (1994) 40(4):496–507LinkGoogle Scholar
  • Wang P. Assimilation it innovation: The longitudinal effects of institutionalization and resource dependence. Proc. Internat. Conf. Inform. Systems (2008) ParisGoogle Scholar
  • Weerakkody V., Dwivedi Y., Irani Z. The diffusion and use of institutional theory: A cross-disciplinary longitudinal literature survey. J. Inform. Tech. (2009) 24(4):1–15CrossrefGoogle Scholar
  • Westphal J., Gulati R., Shortell S. Customization or conformity? An institutional and network perspective on the content and consequences of TQM adoption. Admin. Sci. Quart. (1997) 42(2):366–394CrossrefGoogle Scholar
  • Whitman M. E. In defences of the realm: Understanding the threats to information security. Internat. J. Inform. Management (2004) 24(1):43–47CrossrefGoogle Scholar
  • Wood C. C. Using information security to achieve competitive advantage. Comput. Security (1991) 10(5):399–404CrossrefGoogle Scholar
  • Zaltman G., Duncan R., Holbek J.Innovations and Organizations (1973) (John Wiley & Sons, New York) Google Scholar
  • Zhu K., Kraemer K., Xu S. The process of innovation assimilation by firms in different countries: A technology diffusion perspective on e-business. Management Sci. (2006) 52(10):1557–1576LinkGoogle Scholar
  • Zingales L., Glauber R., Litan R., Ferrell A., Kuritzkes A. Interim report of the committee on capital markets regulation. (2006) . Report, Committee on Capital Markets Regulation, Washington, DCGoogle Scholar
  • Zinn J., Weech R., Brannon D. Resource dependence and institutional elements in nursing home TQM adoption. HSR: Health Services Res. (1998) 33(2):261–273Google Scholar
  • Zmud R. Diffusion of modern software practices: Influence of centralization and formalization. Management Sci. (1982) 28(12):1421–1431LinkGoogle Scholar
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.