Information security knowledge sharing (ISKS) among an organization's employees is vital to the organization's ability to protect itself from any number of prevalent threats, yet for many organizations, their ability to establish ISKS practices is hampered by a lack of understanding of where and how the key drivers of these practices will emerge. Based on neoinstitutional theory and a multi-study field survey of 834 professional managers in the USA, we develop and test a model that explains the establishment of ISKS practices in an organization as a product of the institutional forces abut to the organization providing normative, mimetic, and coercive influences on top management beliefs and participations in ISKS. Our findings also emphasize the importance of establishing ISKS practices for ensuring employee compliance with information security policies and an effective culture of security. Prior research has shown the importance of institutional forces on organizational processes as well as the importance of ISKS to organizational security efforts. However, this study is one of the early studies to provide insight into the manner, in which institutional forces hold sway over the people responsible for establishing the ISKS practices of a firm; insight that it is essential for firms that have yet to establish such practices or have struggled in their attempts to do so.

组织员工之间的信息安全知识共享 (ISKS) 对于组织保护自己免受任何流行威胁的能力至关重要，但对于许多组织而言，他们建立 ISKS 实践的能力因缺乏对信息安全知识共享的位置和方式的了解而受到阻碍。这些做法的关键驱动因素将会出现。基于新制度理论和对美国 834 名职业经理人的多项研究实地调查，我们开发并测试了一个模型，该模型解释了 ISKS 实践在组织中的建立是制度力量的产物，该组织提供规范的、模仿的，以及对高层管理人员信念和参与 ISKS 的强制性影响。我们的调查结果还强调了建立 ISKS 实践以确保员工遵守信息安全政策和有效的安全文化的重要性。先前的研究表明制度力量对组织过程的重要性以及 ISKS 对组织安全工作的重要性。然而，这项研究是早期研究之一，旨在深入了解制度力量对负责建立公司 ISKS 实践的人员的控制方式；洞察力对于尚未建立此类实践或在尝试这样做时遇到困难的公司至关重要。先前的研究表明制度力量对组织过程的重要性以及 ISKS 对组织安全工作的重要性。然而，这项研究是早期研究之一，旨在深入了解制度力量对负责建立公司 ISKS 实践的人员的控制方式；洞察力对于尚未建立此类实践或在尝试这样做时遇到困难的公司至关重要。先前的研究表明制度力量对组织过程的重要性以及 ISKS 对组织安全工作的重要性。然而，这项研究是早期研究之一，旨在深入了解制度力量对负责建立公司 ISKS 实践的人员的控制方式；洞察力对于尚未建立此类实践或在尝试这样做时遇到困难的公司至关重要。