ORGANIZATIONAL ANTECEDENTS FOR INFORMATION SECURITY KNOWLEDGE TRANSFER
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
The importance of information Security Knowledge Transfer in general, and specifically information security awareness training for overall security in organizations, makes factors benefitting information security knowledge transfer processes in the organization an important area for study. This has previously been explored in case studies but not tested in a quantitative way. This thesis investigates how Security Knowledge Transfer is affected by the factors of Organizational Structure, Business-based Information Security and Information Security Processes. After initial analysis, the Information Security Processes construct was divided into three different constructs: Performance Monitoring, Risk Assessment and Holistic Structure of Information Security. Holistic Structure of Information Security is a state in which structures with the purpose of coordinating information security across the organization exist. Both Holistic Structure of Information Security and Performance Monitoring were shown to have positive effects on Security Knowledge Transfer, however, Holistic Structure of Information Security had a relatively large effect, while Performance Monitoring had a relatively small effect. The effect of Holistic Structure of Information Security is due to that knowledge transfer in general is enabled by organizational structures. Performance Monitoring’s effect can be attributed to its property as a way to signal the importance of information security from top management to the rest of the organization and therefore act to motivate Security Knowledge Transfer among organizational members. That two hypotheses were not supported means that two of the constructs have no direct effect on Security Knowledge Transfer. This is probably due to that one or more of the constructs that were shown to directly affect Security Knowledge Transfer mediates the effect of these constructs. To test this is left for further research.
Place, publisher, year, edition, pages
2013. , 30 p.
EES Examensarbete / Master Thesis, XR-EE-ICS 2013:014
Business-based Information Security, Security Knowledge Transfer, Organizational Structure, Information Security Processes, IT Governance
Electrical Engineering, Electronic Engineering, Information Engineering
IdentifiersURN: urn:nbn:se:kth:diva-138620OAI: oai:DiVA.org:kth-138620DiVA: diva2:681663
Master of Science in Engineering - Computer Science and Technology
Ekstedt Lövehagen, Mathias, Universitetslektor