Article Preview
TopIntroduction
Implementing a network firewall may appear like a straightforward technical challenge rather than one requiring the cooperation of several business functions and outside entities. After all, a critical function of a firewall is to protect networks from electronic threats originating from the Internet. However, implementing devices like firewalls can be a highly interdependent organizational task involving teamwork and collaboration. This often requires close working relationships among system administrators, technology architects, product vendors, cloud providers (Moyle, 2011) and even civil engineers for power and cooling issues. Yet, information security concerns today go far beyond the need for firewalls and technology solutions. Because sensitive information is routinely automated in organizations, security now is a necessity requiring extensive cooperation. Readers may be familiar with the maxim that security is everybody’s business implying that all employees must pay attention to security. Likewise, it is critical for security effectiveness that employees collaborate and behave in a manner consistent with secure practices (Huang, Rau, & Salvendy, 2010). Collaborative work environments where the output of one task is highly dependent upon another may require significant levels of mutuality or, as we analyze in this paper, task interdependence.
In this study, we explore the moderating effects of task interdependence on factors influencing the effectiveness of information security programs in organizations. First, we study the impact of top management support, awareness & training, and security culture on information security program effectiveness. We then investigate task interdependence as a moderating variable on the study’s theoretical model. Task interdependence is the extent to which individuals depend upon other persons and resources to perform a job (Van der Vegt, Van de Vliert, & Oosterhof, 2003) reflecting interrelated roles, technology requirements, and work constraints in organizations (Nielsen, Bachrach, Sundstrom, & Halfhill, 2012). Task interdependence has been called one of the most critical structural variables that influences team performance and often indirectly impacts it by moderating the effects of other variables on performance (Langfred, 2005). In the information systems literature, the task interdependence construct has received research attention (Andres & Zmud, 2003; Sharma & Yetton, 2007; Staples & Webster, 2008); however, to our knowledge no published research has applied task interdependence as a moderator in an information security study. Our study addresses this gap in the literature.
This research seeks to understand how high and low task interdependence environments moderate key relationships influencing information security program effectiveness in organizations. In this effort, we employ the notion of collaborative task knowledge as well as human agency theory to the results of our study. Collaborative task knowledge refers to the interdependent relationship among user work routines thus allowing users to understand the collective consequences of their individual ways (Kang & Santhanam, 2003-4). In previous information systems (IS) research, the effect of collaborative task knowledge on systems implementation success was contingent on task interdependence (Sharma & Yetton, 2007). We also apply human agency theory positing that executive leadership works as the primary human agents adapting external institutional factors into specific actions such as amending organizational structures and determining information security policies (Liang, Saraf, Hu, & Xue, 2007). Here, institutional forces emanating from consultants or industry standard practices influence and persuade top management’s actions on their own firms. We will apply a contingent view of this approach positing that under high task interdependence, management adopts an agency approach to standardizing organizational structures where under low task interdependence, management focuses on nurturing a security friendly culture in the organization.