ABSTRACT

The United States higher education is facing a unique challenge in information security management due to its distinctive characteristics, such as decentralised structure, academic freedom, and shared governance. These characteristics sharply distinguish higher education from traditional corporations. Gradually, this is beginning to pose a challenge for higher education institutions to adopt the appropriate information technology governance framework, which, for traditional corporations, mostly addresses security governance and leadership in a top-down manner. To address this issue, we examine the effect of perceived information security management approaches on perceived security practices. Our results show that the perceived flexible-oriented approach of information security management is more effective to use in implementing security controls in high education institutions. This seems to contradict most of the findings in the literature that suggest that a control-oriented approach is more effective in enforcing information security policies. Research contributions and implications are discussed, accordingly.

摘要

美国高等教育由于其分散的结构、学术自由和共享治理等鲜明的特点，在信息安全管理方面面临着独特的挑战。这些特征将高等教育与传统企业明显区分开来。逐渐地，这开始对高等教育机构采用适当的信息技术治理框架构成挑战，对于传统公司而言，该框架主要以自上而下的方式解决安全治理和领导问题。为了解决这个问题，我们研究了感知信息安全管理方法对感知安全实践的影响。我们的结果表明，信息安全管理的感知灵活导向方法更有效地用于实施高等教育机构的安全控制。这似乎与文献中的大多数发现相矛盾，这些发现表明以控制为导向的方法在执行信息安全策略方面更有效。相应地讨论了研究贡献和影响。