The Establishment of Information Security Knowledge Sharing in Organizations: Antecedents and Consequences

Hassandoust, F
Subasinghage, MN
Johnston, AC
Item type
Conference Contribution
Degree name
Journal Title
Journal ISSN
Volume Title
Association for Information Systems (AIS)

Drawing on the extant literature on information security and neo-institutional theory, we develop and test a theoretical model to investigate the antecedents and consequences of the establishment of information security knowledge sharing (ISKS) in organizations. The model was tested using survey data from 403 top managers, who are aware of information security policies of their organizations. Our results suggest that external information security knowledge resources find their way into the organization by normative, mimetic, and coercive means, but much of their influence on ISKS practices are mediated by ISKS beliefs held by top management. Results highlight that firms face uncertainty in their ISKS practices and find themselves simply mirroring the practices of their peers without a real understanding of how that approach fits their organization’s capacity for ISKS. Our findings emphasize the importance of ISKS practices for ensuring security compliance and the establishment and proliferation of an effective security culture.

Information security knowledge sharing; Neo-institutional theory; Security compliance; Security culture
PACIS 2020 Proceedings. 244.
Rights statement
Authors retain copyright for material published as part of AIS conference proceedings.