Information Security Program Effectiveness in Organizations

This research investigates the moderating role of task interdependence on factors influencing information security effectiveness in organizations. Drawing on the literature, the authors develop a theoretical model depicting top management support and awareness & training support as predictors of information security program effectiveness. Further, the model shows security culture as a partial mediator between the predictor and criterion variables. The authors then apply task interdependence as a moderator to the model. Results from a survey given to a sample of 371 certified information security professionals find support for the model while showing certain paths to be significant only under high task interdependence while others only under low task interdependence. In high task interdependence environments, security culture did not mediate the relationships between the predictor and criterion variables suggesting that managers focus on providing greater structural support to maximize security effectiveness. However, in low task interdependence, security culture fully mediated the relationships between the predictor and criterion variables suggesting that the role of culture is amplified and central in those environments.