Peering Through the Lens of High-Reliability Theory: A Competencies Driven Security Culture Model of High-Reliability Organisations

Hassandoust, Farkhondeh
Johnston, Allen C
Item type
Journal Article
Degree name
Journal Title
Journal ISSN
Volume Title

To improve organisational safety and enhance security efficiency, organisations seek to establish a culture of security that provides a foundation for how employees should approach security. There are several frameworks and models that provide a set of requirements for forming security cultures; however, for many organisations, the requirements of the frameworks are difficult to meet, if not impossible. In this research, we take a different perspective and focus on the core underlying competencies that high-reliability organisations (HROs) have shown to be effective in achieving levels of risk tolerance consistent with the goals of a security culture. In doing so we draw on high-reliability theory to develop a Security Culture Model that explains how a firm's supportive and practical competencies form its organisational security culture. To refine and test the model, we conducted a developmental mixed-method study using interviews and survey data with professional managers involved in the information security (InfoSec) programs within their respective HROs. Our findings emphasise the importance of an organisation's supportive and practical competencies for developing a culture of security. Our results suggest that organisations' security cultures are a product of their InfoSec practices and that organisational mindfulness, top management involvement and organisational structure are key to the development of those practices.

46 Information and Computing Sciences , 3505 Human Resources and Industrial Relations , 35 Commerce, Management, Tourism and Services , 3507 Strategy, Management and Organisational Behaviour , 0806 Information Systems , 1503 Business and Management , Information Systems , 3503 Business systems in context , 4609 Information systems
Information Systems Journal, ISSN: 1350-1917 (Print); 1365-2575 (Online), Wiley, 33(5), 1212-1238. doi: 10.1111/isj.12441
Rights statement
© 2023 The Authors. Information Systems Journal published by John Wiley & Sons Ltd. This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.