A socio-organizational approach to information systems security management in the context of internet banking

This thesis takes a social and organizational point of view for studying informationsystems security in the context of internet banking. While the internet providesopportunities for businesses to extend their public network infrastructure, reducetransaction costs, and sell a wide range of products and services worldwide, securitythreats impede the business. Although, a number of valuable information systemssecurity approaches have been developed through the years they tend to offer narrow,technically oriented solutions and they ignore the social aspects of risks and theinformal structures of organizations. To this end, there is an emphasis in the literature to adopt a socio-organizational approach to information systems security (ISs)management. This thesis is based on the assumption that information systems securityin the context of internet banking can be efficiently investigated and understood through a systematic and comprehensive study of various social organizational aspects in the goal setting context. To this end, the thesis presents a novel approach to the management of information systems security based on the use of the performancepyramid model. Using previous research in the social organizational literature this work examines the interrelationship of trust, culture, and risk communication and their possible effect on the level of goal setting within the context of information systems security management with a focus on internet banking. It explores and discusses the process of goal setting in the context of risk management. Based on the proposed performance pyramid model this research identifies the determinants of trust, culture, and risk communication as well as the determinants of goal commitment at macro level. The thesis contributes to interpretive information systems research with the in-depth analysis and study of the social organizational concepts in a security management context and its grounding within an interpretive epistemology. It emphasises the importance and interrelationship between different socio-organizational aspects of goal setting theory and demonstrates the values of each aspect in the information systems security domain thus contributing to a rich insight in the particular empirical research context.