A Review on Organizational Factors Affecting the Effectiveness of Information Security Management Systems in IT Sector Organizations in Sri Lanka

Abstract

In an era where data is essential in the context of a business, and access to information has become way too easier and faster with distributing computing, information security has become a crucial concern for almost every business. Hence In Sri Lanka also as a legal necessity, most public and commercial businesses have focused on obtaining an information security compliance certification. To successfully manage their information assets, businesses must utilize an Information Security Management System (ISMS) as it enhances the resistance against cyber assaults and lowers the information security expenses. Organizational factors are crucial among all key factors since no system or technology will be properly applied if the human aspect of the context is ignored. Conducting research on organizational and human factor aspects is important for any system's operations to become a success. Although there are studies done on how the ISMS implementation is affected by internal and external factors there is less focus on out of all success factors how the organizational factors matter for ISMS success. Moreover, there is a gap in research done since no previous study has been undertaken in terms of organizations operating in Sri Lanka. Additionally, the IT sector plays a key role when it comes to information security aspects. Hence there is a need to develop research is aimed at identifying the organizational factors on the effectiveness of ISMS in IT sector organizations in Sri Lanka. This study used a qualitative approach by analyzing the selected previous studies that were focusing on the ISMS implementation or any related Information Security system/process using the critical success factors method. Twenty (20) papers were selected because those papers detail numerous Critical Success Factors that have an impact on the efficacy and success of ISMS and they are all published in recent years. A conceptual model is developed based on the 6 constructs namely Management support, Employee Acceptance and readiness, Security awareness, Employee knowledge & training, Organizational culture & Information security standard compliance, developed on identified organizational factors from previous. This research has only followed the qualitative approach to build a conceptual model to identify Organizational factors affecting the effectiveness of ISMS in IT sector organizations operate in Sri Lanka. But further studies should be carried on with a quantitative approach with some survey results which may be able to support or evaluate the validity of the results of this research. The findings of this research will help the IT sector organizations as recommendations to improve the effectiveness of the ISMS and adding to that, this study results can be useful for some other countries as well creating a more academic value for this study. As a result, this research has attempted to identify these elements and their significance in the effectiveness of ISMS. Understanding the major impact of organizational variables will aid businesses in developing more effective information security strategic planning and creating information security awareness deployment suited for all employees, from the top down to the bottom up.