Keywords: trust, culture, risk communication, IS security, goal setting, goal commitment, information systems, Greece
A socio-organisational approach to information systems security risks
The investigation in this paper takes a socio-organisational approach to information systems security management and proposes a framework which illustrates three important issues in the process of security goal setting. These are: trust, culture and risk communication. Three case studies show evidence that there is a chain reaction among these issues with a subsequent effect on the level of security goal setting. Ultimately, the paper identifies the determinants of group commitment within the IT departments of three financial institutions in Greece. This paper also provides a discussion regarding the research methods that were used to obtain the results.