INFORMATION SECURITY MANAGEMENT MATURITY: A STUDY OF SELECT ORGANIZATIONS

Similar documents
Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and

A Study of Job Satisfaction and Employee Productivity in Selected Organisations With Special Reference to SIDCUL, Udham Singh Nagar.

STRATEGIC LEADERSHIP COMPETENCIES: A COMPARATIVE STUDY

CONSUMER BUYING BEHAVIOUR FOR PASSENGER CARS IN INDIA

A STUDY OF SELECT DIMENSIONS OF DEVELOPMENT OF THE SME SECTOR OF SRI LANKA

ELECTROSPINNING OF POLYACRYLONITRILE NANOFIBERS. by Sandip Basu

Contents Contents... ii List of Tables... vi List of Figures... viii List of Acronyms... ix Abstract... x Chapter 1: Introduction...

A STUDY ON PESTICIDE MOBILITY AND PERSISTENCE FOR GEO-ENVIRONMENTAL POLLUTION MANIKAGUPTA. Deparbnent of Civil Engineering.

THE MICRO-FOUNDATIONS OF DYNAMIC CAPABILITIES, MARKET TRANSFORMATION AND FIRM PERFORMANCE. Tung-Shan Liao

Factors that influence the decision to adopt software upgrades in Australian small and medium sized businesses. A dissertation submitted by

DISSEMINATING ENERGY-EFFICIENT ILLUMINATION TECHNOLOGIES: A STUDY OF CFLS IN INDIA ARUN KUMAR CENTRE FOR ENERGY STUDIES

COMPUTED PHASE EQUILIBRIA IN IRON-BASE TERNARY ALLOYS

Business Excellence Model in Indian Context: A Select Study

Destination segmentation: A recommended two-step approach

The Effects of Proactive Entrepreneurship and Social. Adaptability on Innovation: A Study of Taiwanese. SMEs Operating in China

STUDIES ON DISPERSION COMPENSATING FIBERS AND ERBIUM DOPED FIBER AMPLIFIERS PARTHASARATHI PALAI

Information technology adoption by companies in Thailand: a study of enterprise resource planning system usage

An Investigation of the Impact Factors to Increase Citizens Engagement in E-participation on E- government in Saudi Arabia

A STUDY OF INDIVIDUAL CONSUMER LEVEL CULTURE IN B2C E-COMMERCE THROUGH A MULTI-PERSPECTIVE itrust MODEL

Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and

IMPACT OF MONETARY AND NON-MONETARY REWARDS TOWARDS EMPLOYEE MOTIVATION : CASE STUDY OF GARMENT INDUSTRY IN SRI LANKA

THREE DIMENSIONAL DYNAMIC ANALYSIS OF TALL BUILDINGS DUE TO WIND FORCES

STRATEGIC FRAMEWORK FOR PERFORMANCE MEASUREMENT AND MANAGEMENT: A STUDY OF SELECT INDUSTRIES

DIMENSIONS OF ORGANISATIONAL KNOWLEDGE MANAGEMENT (OKM)

EFFECTS OF ONLINE SOCIAL NETWORKING ON EMPLOYEES IN SRI LANKAN INFORMATION TECHNOLOGY ORGANIZATIONS

The development of a multi-criteria approach for the measurement of sustainable performance for built projects and facilities

Critical Success Factors for Accounting Information Systems Data Quality

Uncovering the Two Faces: Drivers, Contexts, and Outcomes. of Corporate Social Inconsistency

Investigating the Recognition and Adoption of the Qualifications Framework in the Hong Kong Logistics Industry

CAPITAL STRUCTURE DECISIONS UNDER MULTIPLE OBJECTIVES: A STUDY OF INDIAN CORPORATES. YAMINI AGARWAL Department of Management Studies

FORMABILITY OF TAILOR-WELDED BLANKS OF LOW-CARBON STEELS IN STRETCH FORMING. Sushanta Kumar Panda

STUDY OF SELECT ISSUES IN AGILITY AND INTEGRATION OF SUPPLY CHAINS

JEAN WANJIKU KAHORA. November 2012

THE BEHAVIOUR OF BRICK MASONRY UNDER CYCLIC COMPRESSIVE LOADINGS

FORMULATION AND DEMONSTRATION OF A TECHNIQUE TO QUANTIFY LEACHATE POLLUTION POTENTIAL OF MUNICIPAL LANDFILLS

A framework to assist in the assessment and tailoring of agile software development methods. Asif Qumer. Doctor of Philosophy in Computing Sciences

THE EFFECT OF SERVICE INNOVATION AND CUSTOMER CHOICES ON CUSTOMER VALUE IN THE HOSPITALITY INDUSTRY IN MALAYSIA BHUVANES VEERAKUMARAN CGD

DYNAMIC CHANGE PROCESS: HOW DO COGNITIVE READINESS DRIVERS INFORM CHANGE AGENTS ON EMPLOYEE BEHAVIOURAL CHANGE INTENTION.

IMPROVING ACCOUNTING INFORMATION SYSTEM PERFORMANCE AND ACHIEVING COMPETITIVE ADVANTAGE THROUGH EFFECTIVE IT GOVERNANCE

EMPLOYEE ATTRIBUTES, ORGANISATIONAL FACTORS, TIME MANAGEMENT TENDENCIES, AND EMPLOYEE PERFORMANCE IN CHARTERED UNIVERSITIES IN KENYA

<Project Title> A MAJOR PROJECT. Submitted in partial fulfillment of the requirements for the award of the degree of. Master of Computer Applications

A THESIS SUBMITTED IN FULFILMENT OF THE REQUIREMENTS FOR THE AWARD OF THE DEGREE OF DOCTOR OF PHILOSOPHY. Abdullah Alammari

The Influence of Human Resource Management Practices on the Retention of Core Employees of Australian Organisations: An Empirical Study

Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and

University of Wollongong. Research Online

The Application of Strategic Human Resource Management in Improving Attraction and Retention of Teachers

Essays on the Economic Impacts of Climate Change on. Agriculture and Adaptation

CORPORATE SOCIAL RESPONSIBILITY DISCLOSURE AND ORGANISATIONAL PERFORMANCE: THE CASE OF LIBYA, A MIXED METHODS STUDY

STRATEGIC SOCIAL MARKETING, OPERATING ENVIRONMENT AND PERFORMANCE OF COMMUNITY BASED HIV AND AIDS ORGANIZATIONS IN NAIROBI COUNTY, KENYA

MANAGEMENT CONTROL SYSTEMS IN ORGANIZATIONAL AND SOCIAL CONTEXTS: A CASE STUDY OF THE CEYLON

ASSESSING THE IMPACT OF SERVICE BENEFITS ON EMPLOYEE PERFORMANCE IN GAUTENG DEPARTMENT OF EDUCATION. TJ Poopa MASTER OF ARTS. in the.

Chapter 7. Summary and Conclusion

STUDIES ON BROMINATION OF ATACTIC POLYPROPYLENE

IMPACT OF THE AGILE SOFTWARE DEVELOPMENT METHODOLOGY ON EMPLOYEE MOTIVATION

FRAMEWORK FOR SUCCESSFUL ERP IMPLEMENTATION MASTER OF BUSINESS ADMINSTRATION IN INFORMATION TECHNOLOGY

AN INVESTIGATION INTO THE RISKS OF OUTSOURCING OF KNOWLEDGE RICH, SUPPLY CRITICAL ELEMENTS WITHIN SUPPLY NETWORKS: A SRI LANKAN CONTEXT

OF AIR POLLUTANTS FROM BIOMASS GASIFIER BASED SYSTEMS R. UMA DOCTOR OF PHILOSOPHY

EVALUATION OF PUBLIC HOUSING IN OGUN STATE, NIGERIA. A PhD Thesis. IBEM, Eziyi Offia MAT NO: CUGP/05/146

MATHEMATICAL MODELLING AND OPTIMIZATION OF HEAT RATE OF A THERMAL POWER PLANT

PHD THESIS - summary

DETERMINANTS OF EMPLOYEE RETENTION IN PRIVATE UNIVERSITIES IN KENYA; A CASE OF DA YST AR UNIVERSITY. PIUS KITHUKA MUlA

THE CHALLENGE OF STICKINESS IN KNOWLEDGE TRANSFER AMONG INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) FIRMS IN MALAYSIAN TECHNOLOGY PARKS

Institute of Economics & Finance, Bundelkhand University, Jhansi

Corporate Governance Regulation: Assessing the Effectiveness of Soft Law in relation to the Contemporary Role of the Board of Directors

DECLARATION ... Lahiru Weerasiri

Coping Strategies of Project Managers in Stressful Situations

WHAT HAPPENS AFTER ERP IMPLEMENTATION: UNDERSTANDING THE IMPACT OF IS SOPHISTICATION, INTERDEPENDENCE AND DIFFERENTIATION ON PLANT-LEVEL OUTCOMES

Table of ContentsPages

Standardization and Adaptation of Knowledge Processes in International Businesses

Major Accounting Sarjana Ekonomi Thesis Semester Even Year 2007

Department of Civil Engineering Indian Institute of Technology, Delhi June 1976

Causal Relationship between Lean Supply Chain Management Practices, Green Supply Chain Management Practices and Organisational Performance

THE INFULENCE OF COMPLEXITIES OF ERP FOR EFFECTIVE IMPLEMENTATION AT MEDIUM SIZED COMPANIES IN SRI LANKA. Lakshmi Subashinie Ratnayake (10/8364)

Evaluation of Computerized Maintenance Management System in Egyptian Industry

AN EMPIRICAL ANALYSIS OF THE IMPACT OF TRADE ON PRODUCTIVITY IN SOUTH AFRICA S MANUFACTURING SECTOR CHARLES AUGUSTINE ABUKA.

EVAPORATIVE COOLING FOR THERMAL COMFORT IN BUILDINGS

THE STUDY OF EMPLOYEES PERSONALITY AND ITS RELATIONSHIP WITH ABSENTEEISM IN TERTIARY EDUCATION

A Study of National Telecommunication Operators from Small and

A RISK ASSESSMENT STUDY ON ELECTRONIC VOTING SYSTEM FAISAL ABDULLAH SAKHAR AL AMRY MASTER OF TECHNOLOGY MANAGEMENT UNIVERSITI MALAYSIA PAHANG

INDIVIDUAL CONSULTANT PROCUREMENT NOTICE

Efficiency and productivity in Botswana's financial institutions

ACKNOWLEDGEMENT. Finally, our particular thanks are also to our family and best friends whose patient love motivated us to complete this work.

Implementation of Environmental Taxation in Ghana

PRICING STRATEGY AUDITING FOR GARMENT MANUFACTURING COMPANIES IN SRI LANKA

Load distribution factors of straight and curved steel concrete composite box and I girder bridges

ASSESSMENT OF EARLY SUPPLIER INVOLVEMENT IN PRODUCT DEVELOPMENT IN MALAYSIA FOOD INDUSTRY YAP JESSICA

Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and

The application of structural. contingency theory to supply chain. management developing a strategic. model for prefabricated timber.

Responsibility Revolution: An International Investigation of Corporate Social Responsibility in Professional Sport.

ORGANIZATIONAL STRUCTURE IMPACTS ON PROJECT PERFORMANCE AMONG WORKER AT OIL AND GAS INDUSTRY

Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and

TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO. ABSTRACT LIST OF TABLES LIST OF FIGURES LIST OF SYMBOLS AND ABBREVIATIONS

A CONSTRUCTION INFORMATION MANAGEMENT ASSESSMENT MODEL. Ferzon Aziz

GPS-Android based Location Tracking System for Public Transportation (TrackIT) R.R.Vithanage B

THE ROLE AND IMPACT OF INFORMATION TECHNOLOGY TOWARDS THE UNEMPLOYMENT RATE OF HUMAN RESOURCE MANAGEMENT

EFFECTS OF HUMAN RESOURCE MANAGEMENT (HRM) PRACTICES ON PROJECT PERFORMANCE IN CONSTRUCTION INDUSTRY

The role of oil exports in the economic development of Iran

FORECASTING TECHNIQUES, OPERATING ENVIRONMENT AND ACCURACY OF PERFORMANCE FORECASTING FOR LARGE MANUFACTURING COMPANIES IN KENYA

ACKNOWLEDGEMENT. hope this thesis will contribute to any parties that need information about shopping. online in Indonesia. Jakarta, March 2003

Competitive Advantage through Big Data Analytics

Transcription:

INFORMATION SECURITY MANAGEMENT MATURITY: A STUDY OF SELECT ORGANIZATIONS ABHISHEK NARAIN SINGH DEPARTMENT OF MANAGEMENT STUDIES INDIAN INSTITUTE OF TECHNOLOGY DELHI MARCH, 2014

Indian Institute of Technology Delhi (IITD), New Delhi, 2014

INFORMATION SECURITY MANAGEMENT MATURITY: A STUDY OF SELECT ORGANIZATIONS By ABHISHEK NARAIN SINGH Department of Management Studies Submitted In fulfillment of the requirements of the degree of Doctor of Philosophy to the Indian Institute of Technology Delhi March, 2014

CERTIFICATE This is to certify that the thesis entitled Information Security Management Maturity: A Study of Select Organizations being submitted by Abhishek Narain Singh to the Department of Management Studies, Indian Institute of Technology Delhi for the award of the degree of Doctor of Philosophy (Ph.D.), is a record of bonafide research work carried out by him. He has worked under our guidance and supervision and fulfilled the requirements for the submission of the thesis, which has attained the standard required for a Ph.D. degree of the institute. The results presented in this thesis have not been submitted elsewhere for the award of any degree or diploma. (Prof. M. P. Gupta) Research Supervisor Department of Management Studies Indian Institute of Technology Delhi New Delhi 110016, India (Dr. Amitabh Ojha) Research Supervisor Research Design and Standards Organization Ministry of Railway, Government of India Lucknow 226011, India

ACKNOWLEDGEMENT I express my deepest gratitude to my guides, Prof. M. P. Gupta and Dr. Amitabh Ojha, whose continuous support and guidance on every step helped me understand the research problem, issues, and finally in writing the thesis. I am indebted for their personal support and professional guidance in the area of data analysis, its interpretation, and presentation of the facts in a structured format. They also provided me a valuable learning environment that helped in evolving and familiarizing the information security management concepts for this research study. I am grateful to Prof. Sushil for his rich scholarly inputs that facilitated my research work. I also sincerely thank to Prof. S. K. Gupta and Prof. S. K. Jain for their support and encouragement while pursuing my research work. I am very much thankful to the academicians, reviewers and editors for their valuable comments on my papers submitted for conferences/journal publications. I am very much thankful to the Deutscher Akademischer Austausch Dienst (German Academic Exchange Service) for providing me the opportunity and financial support to work in the Institute for Information, Organization, and Management - Munich School of Management at Ludwig- Maximilians-University Munich in Germany as a visiting scholar. I am grateful to Prof. Dr. Dres. h.c. Arnold Picot and Prof. Dr. Johann Kranz, with whom I worked during my stay in Germany, for their valuable suggestions and inputs to my research study. It will be unfair to forget my fellow research colleagues including Dr. M. M. Chaturvedi, Dr. Sreejith, Mr. Amit Srivastava, Mr. Krishnendu Shaw, Ms. Priyanka Jaiswal, Mr. Sumant Biswas,

and Felix Haeussinger who provided their personal support and valuable inputs throughout my doctoral work. I am also grateful to Mr. Vijay Devnath and Mr. Vineet Sehgal who were very kind and supported me a lot on the task of data collection. I am thankful to the respondents to my study, for their time and support for this study. I also thank the office staff of Department of Management Studies for their assistance and cooperation. Nevertheless, for the grace of God and good wishes of my family members and friends, it would not have been possible to complete the work. New Delhi (Abhishek Narain Singh)

Abstract In this research, study of information security practices of select organizations has been carried out with the aim to derive useful lessons. This is relevant as in present era of borderless and highly connected modern organizations, the use of IT/ICT mediums for conducting various business processes have become inevitable. The organizations have become, and becoming, more and more dependent on their information systems day-by-day. Depending upon the nature of work, it is nearly impossible for many organizations to conduct day-to-day operations without proper functioning of their information systems. In such a scenario, securing business information and information assets from unauthorized access, loss, and misuse have become a challenge for organizations. In past, managing information security in organizations has largely been a technical challenge. Therefore, the focus of the discipline has been more on the technological aspects of information security. With maturity of the information security literature, the discipline has evolved over the period in many waves, such as, management, organizational and institutional. The evolution has witnessed the introduction of various management, human, organizational, behavioral, legal, and other aspects along with the technical side of the discipline. In the course of literature review for the present research study, multiple dimensions of information security highlighted by previous researchers were studied, and various information security management (ISM) frameworks were examined. As highlighted by scholars, there is a gap of a comprehensive ISM framework which focuses on the management aspects of information security in organizations. Taken this in account, this research applies mixed method approach to investigate various management factors related to information security in organizations across all levels. In the exploratory phase of the research, comprehensive literature review on the subject was done. Keyword analysis was applied to identify various dimensions/factors of organizational ISM. To supplement the findings of literature review, participation in various conferences, workshops and seminars on the subject was made. This helped to understand and explore key challenges of organizational ISM and current issues in this field. In addition, views of experts i

from industry, academia and government were solicited to confirm the organizational ISM factors and various linkages among them. This enabled to develop an empirical organizational ISM framework for the study. The framework presents ISM as a management phenomenon for organizations. In a holistic approach, framework integrates ISM activities from all the three levels; strategic, tactical and operational in an organization. The Conceptual framework, in the form of an input-processoutput model, considers ISM as a dynamic, repeatable and self-improvement exercise for organizations. Input dimension consist ten ISM factors from various strategic, tactical, operational and performance level factors of organizational ISM. The process dimension refers Plan-Do-Check-Act (PDCA) cycle that shows ISM as a continuous and self-improvement exercise for organizations. However, output is measured in terms of organizational ISM maturity. As the extant literature on ISM suggests, information security maturity is the current status of ISM practices of an organization. Scholars draw attention towards a gap for a mechanism to measure the information security practices, and thus the evaluation of ISM maturity of organizations. To fulfill this gap, the present study develops an ISM maturity assessment instrument with the help of literature review and experts' opinion. The instrument evaluates the current ISM practices of organizations on a five level maturity scale. Next, in the empirical phase of the research, a questionnaire based survey was conducted for respondents across the hierarchy and functions in organizations from multiple industries (IT, telecommunication, banking, transportation and others) to test the empirical organizational ISM framework. A questionnaire tool was developed, pilot tested and checked for its validity and reliability. Various statistical tests were performed on the received responses to examine and validate the linkages among various organizational ISM factors, as identified from the exploratory study. Further, suitable statistical analyses (such as correlation, step-wise linear regression, structural equation modeling, etc.) were conducted to verify the structural relationships among various strategic, tactical, operational, and performance factors of organizational ISM. ii

In the third phase of the research, six case studies were conducted using qualitative research approach to examine the ISM practices of select organizations and to access their current ISM maturity levels. In a multi case study design, six medium and large size organizations from ITdevelopment and services, telecommunication infrastructure services, and, IT and business consulting industries were selected. Out of six, three organizations are from India and other three are from Germany. In total 42 semi-structured interviews were conducted from employees across the hierarchy in organizations. An interview questionnaire template was used for this purpose. All the interviews were conducted face-to-face, in the regular settings of respondents and were audio recorded. Each interview lasted approximately 45 to 50 minutes and their transcript was made for further analysis of the interview data. Key observations from the interviews were presented using descriptive analysis methodology. Further, SAP-LAP (Situation, Actor, Process Learning, Action, Performance) method of inquiry was used to analyze the cases. In addition to this, ISM maturity evaluation of the case organizations was done using the ISM maturity assessment instrument developed for the research study. Finally, a synthesis exercise was done to derive the learnings from various phases of the research. Implications are derived from the findings of exploratory, empirical and case studies for practitioners as well as for research. Limited response rate for questionnaire based survey and case studies from few select industries are the limitations of present research study. Key contributions of the research include the proposed organizational ISM framework and the ISM maturity assessment instrument for organizations. This study also opens avenues for future research as; the framework suggested in this research can be applied and tested in varying contexts (e.g. industries, sectors, etc.), and further research can be conducted focusing separately on various strategic, tactical, operational and performance factors of organizational ISM. iii

Table of Contents Abstract Table of Contents List of figures List of tables List of abbreviations Page No. i iv ix xi xiv Chapter 1: Introduction 1.1 Background 1 1.2 What is information security? 2 1.3 What is information security management? 3 1.4 Motivation for research 5 1.5 Outline of the study 6 1.6 Organization of the thesis 8 1.7 Concluding remarks 11 Chapter 2: Literature Review 2.1 Introduction 13 2.2 Evolution of information security discipline 14 2.3 Keyword analysis 16 2.4 Dimensions of information security management 17 2.5 Information security management system 26 2.5.1 Information security management frameworks 27 2.6 Information security management maturity 32 2.6.1 Information security management maturity frameworks 33 2.7 Organizational challenges of information security management 36 2.8 Research gaps 38 2.9 Concluding remarks 41 iv

Chapter 3: Research Design 3.1 Introduction 43 3.2 Research questions 43 3.3 Research objectives 44 3.4 Scope of the study 44 3.5 Framework of organizational information security management 44 3.5.1 Input dimension 46 3.5.2 Process dimension 47 3.5.3 Output dimension 49 3.6 Research methodology 50 3.6.1 Justification for mixed method 51 3.6.2 Questionnaire design and administration 52 3.6.2.1 Design of the questionnaire 53 3.6.2.2 Pilot testing and administration of questionnaire 55 3.6.3 Instrument for assessing organizational ISM maturity 55 3.6.4 Case studies 58 3.6.4.1 Justification for case selections 63 3.7 Concluding remarks 64 Chapter 4: Exploratory Study: Identifying Linkages among Organizational ISM Factors 4.1 Introduction 67 4.2 Brainstorming sessions 68 4.3 Experts opinion 69 4.4 Linkages among organizational ISM factors: empirical framework 74 4.5 Discussion 80 4.6 Concluding remarks 83 Chapter 5: Empirical Study: Verify the Relationships among Organizational ISM Factors 5.1 Introduction 85 v

5.2 Exploratory factor analysis 85 5.3 Validity and reliability of the survey instrument 88 5.4 Sample characteristics 90 5.5 Hypothesis of association 91 5.5.1 Hypothesis of association strategic factors 93 5.5.2 Hypothesis of association tactical factors 96 5.5.3 Hypothesis of association operational factors 100 5.5.4 Hypothesis of association strategic, tactical and operational factors 104 5.6 Structural relationships among ISM factors: path analysis 108 5.7 Discussion 111 5.8 Concluding remarks 113 Chapter 6: Information Security Management Practices: Select Case Studies from Organizations in India 6.1 Introduction 115 6.2 Case 1: Company-A 117 6.2.1 Case background 117 6.2.2 Key observations 118 6.2.3 Case analysis 125 6.2.4 ISM maturity assessment 126 6.3 Case 2: Company-B 127 6.3.1 Case background 127 6.3.2 Key observations 128 6.3.3 Case analysis 137 6.3.4 ISM maturity assessment 138 6.4 Case 3: Company-C 139 6.4.1 Case background 139 6.4.2 Key observations 140 6.4.3 Case analysis 148 6.4.4 ISM maturity assessment 150 vi

6.5 Discussion 151 6.6 Concluding remarks 154 Chapter 7: Information Security Management Practices: Select Case Studies from Organizations in Germany 7.1 Introduction 155 7.2 Case 4: Company-D 156 7.2.1 Case background 156 7.2.2 Key observations 156 7.2.3 Case analysis 163 7.2.4 ISM maturity assessment 165 7.3 Case 5: Company-E 167 7.3.1 Case background 167 7.3.2 Key observations 168 7.3.3 Case analysis 174 7.3.4 ISM maturity assessment 175 7.4 Case 6: Company-F 176 7.4.1 Case background 176 7.4.2 Key observations 177 7.4.3 Case analysis 184 7.4.4 ISM maturity assessment 186 7.5 Discussion 187 7.6 Concluding remarks 191 Chapter 8: Conclusion 8.1 Introduction 193 8.2 Summary of the research 193 8.3 Revisiting research questions and objectives 197 8.3.1 Research questions revisited 197 8.3.2 Research objectives revisited 199 8.4 Major findings 202 vii

8.4.1 Key findings from exploratory study 202 8.4.2 Key findings from empirical study 203 8.4.3 Key findings from case studies 204 8.5 Synthesis of the research 206 8.6 Significant research contribution 208 8.7 Implications of the study 210 8.7.1 Implications for research 210 8.7.2 Implications for practice 211 8.8 Limitations of the study 214 8.9 Future scope of research 215 8.10 Concluding remarks 216 References 217-227 Appendix Appendix I Information Security Management Questionnaire A1 - A5 Appendix II ISM Maturity Assessment Instrument A7 - A14 Appendix III ISM Interview Questionnaire Template A15 - A17 Appendix IV Structural Equation Modeling - Model Fit Summary A19 - A21 Curriculum Vitae A23 - A24 viii

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback