Developing a theory-based information security management framework for human service organizations
| Date | 08 August 2016 |
| Pages | 254-271 |
| Published date | 08 August 2016 |
| DOI | https://doi.org/10.1108/JICES-06-2015-0018 |
| Author | Sameera Mubarak |
| Subject Matter | Information & knowledge management,Information management & governance,Information & communications technology |
Developing a theory-based
information security
management framework for
human service organizations
Sameera Mubarak
School of Information Technology and Mathematical Sciences,
University of South Australia, Adelaide, Australia
Abstract
Purpose – This paper aims to identify organizations’ information security issues and to explore
dynamic, organizational culture and contingency theories to develop an implementable framework for
information security systems in human service organizations (HSOs) based soundly in theory and
practice.
Design/methodology/approach – The paper includes a critical review of global information
security management issues for HSOs and relevant multi-disciplinary organizational theories to
address them.
Findings – Effective information security management can be particularly challenging to HSO
because of their use of volunteer staff in a borderless electronic environment. Organizations’ lack of
recognition of the need for staff awareness of information security threats and for training in secure
work practices, particularly in terms of maintaining clients’ privacy and condentiality, is a major issue.
The dynamic theory of organizational knowledge creation, organizational culture theory and
contingency theory were identied as the most suitable theoretical perspectives to address this issue
and underpin an effective information security management framework for HSOs.
Research limitations/implications – The theory-based framework presented here has not been
tested in practice. Such testing will be carried out in further research.
Originality/value – Currently, there is no framework for information security systems in HSOs. The
framework developed here provides a foundation on which HSO can build information security systems
specic to their needs.
Keywords Information security, Human information behaviour, Computer crime,
Human service organizations, Information security management, Organizational theories
Paper type Conceptual paper
1. Introduction
Information technology (IT) is considered a lifeline for organizations irrespective of their
size and nature. Thus, information security crime is not just a concern for nations; it is a
concern for business and non-business organizations and individuals. Rapid
technological developments, the vast expansion of IT networks and the wide use of
electronic commerce present enormous security challenges for many organizations. The
scope of information security now stretches from the IT resources within an
organization to beyond the organization’s boundaries. The borderless electronic
information environment affords anonymity and concealment and provides a constant
stream of new tools for engaging in criminal activity. Wright (2008) stressed that the
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/1477-996X.htm
JICES
14,3
254
Received 15 June 2015
Revised 12 November 2015
13 January 2016
Accepted 13 January 2016
Journalof Information,
Communicationand Ethics in
Society
Vol.14 No. 3, 2016
pp.254-271
©Emerald Group Publishing Limited
1477-996X
DOI 10.1108/JICES-06-2015-0018
internet and computer networks have created new types of threats that computer
criminals can exploit for personal gain. Therefore, protecting and managing
information within organizations is essential (Von Solms and Von Solms, 2004).
Appropriate information security is needed to enhance the condentiality, integrity and
availability of data, helping to maintain the original form of information content without
risk of modication or loss. Various disciplines involved in managing organizations and
securing their information have shown intense interest in the eld of information
security management (Goo et al., 2013), effectively preventing security breaches and
using up-to-date information management strategies to meet the latest information
security standards. This paper focuses on information security management issues for
human service organizations (HSOs) and presents an information security management
framework to assist them in reducing the threat of information security breaches.
2. Information systems and human service organizations
HSOs may be governmental, non-prot and even for-prot, but their key common goal
is to transform people’s lives by ameliorating, preventing or otherwise addressing
problems such as child abuse, mental illness, substance abuse, homelessness and
poverty. Hasenfeld (2009) describes the complex nature of HSOs, stating that they are
characterized by the “extrinsic benets but intrinsic rewards that come from helping
people”, coupled with the “frustration” of dealing with paper-based documents.
Information systems’ capability of storing easily retrievable client data over a long
period of time has the capacity to reduce some of the frustration, particularly for
hospitals, social welfare organizations and HSOs. Information and communication
technology (ICT) has been advantageous for HSOs in terms of work process
improvement, facilitating shared communication and increased efciency.
Although the IT revolution has beneted HSOs, adapting technology to meet their
needs has created unforeseen problems (Gillingham, 2011). The information systems
within these organizations face many security threats from unpredictable sources
because of the sensitive nature of their data. Often, these organizations collect
condential and legally sensitive client information, for example, health reports,
psychological reports and family background and income details. Many individuals and
organizations are interested in this information, including, for example:
•The insurance industry: May be interested in gaining access to current and
prospective clients’ medical records.
•Parents: May be interested in knowing more about the personal life of their
children with addiction and other behavioural problems.
•Careers of problematic adolescents: May be interested in gaining access to
sensitive information such as psychological reports to gain legal and other
advantages.
•Spouses considering divorce: May be interested in gaining legal advantage by
obtaining personal information related to their partner’s health and/or mental
health condition. If accessed by the wrong people, data collected on sensitive
issues such as mental health can lead to potentially damaging long-term stigma
for a person with mental health problems.
•Patients who have undergone surgery: May be interested in details of their surgical
procedures when preparing their case for a lawsuit against their surgeon.
255
Information
security
management
framework
To continue reading
Request your trial