Institutionalization of Information Security: Case of the Indonesian Banking Sector

Autor/in	Nasution, Muhamad Faisal Fariduddin Attar
Titel	Institutionalization of Information Security: Case of the Indonesian Banking Sector
Quelle	(2012), (305 Seiten) PDF als Volltext Verfügbarkeit Ph.D. Dissertation, Virginia Commonwealth University
Sprache	englisch
Dokumenttyp	gedruckt; online; Monographie
ISBN	978-1-2675-7467-1
Schlagwörter	Hochschulschrift; Dissertation; Foreign Countries; Information Security; Banking; Governance; Methods; Case Studies; Industrial Psychology; Indonesia + Suchen Sie Ihr Suchwort? Thesis; Dissertations; Academic thesis; Ausland; Bankgeschäft; Education; Educational policy; Financing; Steuerung; Bildung; Erziehung; Bildungspolitik; Finanzierung; Method; Methode; Case study; Fallstudie; Case Study; Betriebspsychologie; Industriepsychologie; Indonesien
Abstract	This study focuses on the institutionalization of information security in the banking sector. This study is important to pursue since it explicates the internalization of information security governance and practices and how such internalization develops an organizational resistance towards security breach. The study argues that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. The objective is to develop an understanding of how information security governance and practices in the Indonesian banking sector become institutionalized. Such objective is built on an argument that information security governance and practices become institutionalized through social integration of routines and system integration of relevant technologies. Pursuing this study is necessary to conceptualize the incorporation of security governance and practices as routines, the impact of security breaches on such routines, and the effects of a central governing body on such routines altogether. Accordingly, the concept of institutionalization is developed using Barley and Tolbert's (1997) combination of institutional theory and structuration theory to explain the internalization of security governance and practices at an organizational level. Scott's (2008) multilevel institutional processes based on institutional theory is needed to elaborate security governance and practices in an organization-to-organization context. The research design incorporates the interpretive case-study method to capture communicative interactions among respondents. Doing so provides answers to the following research questions: (1) how institutions internalize information security governance and practices, (2) how an external governing body affects the institutionalization of information security governance and practices in institutions, and (3) how security breaches re-institutionalize information security governance and practices in institutions. Several important findings include the habitualized security routines, information stewardship, and institutional relationship in information-security context. This study provides contributions to the body of literature, such as depicting how information security becomes internalized in an organization and the interaction among organizations engaged in implementing information security. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.] (As Provided).
Anmerkungen	ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com/en-US/products/dissertations/individuals.shtml
Erfasst von	ERIC (Education Resources Information Center), Washington, DC
Update	2017/4/10