Volume 4, Issue 3, September 2019, Page: 99-108
Effects of Information Security Management Systems on Firm Performance
Harold Nguegang Tewamba, FSSG, Catholic University of Central Africa, Yaounde, Cameroon
Jean Robert Kala Kamdjoug, FSSG, Catholic University of Central Africa, Yaounde, Cameroon
Georges Bell Bitjoka, Department of Telecommunications, National Advanced School of Engineering of the University of Yde1, Yaoundé, Cameroon
Samuel Fosso Wamba, Department of Information, Operations and Decision Sciences, Toulouse Business School, Toulouse, France
Nicolas Nkondock Mi Bahanag, Department of Computer Science, University of Yaounde I, Yaounde, Cameroun
Received: Aug. 10, 2019;       Accepted: Sep. 18, 2019;       Published: Sep. 29, 2019
DOI: 10.11648/j.ajomis.20190403.15      View  24      Downloads  7
Abstract
The purpose of this paper is to determine the aspects of the information security management system (ISMS) on which decision-makers must act to achieve the performance targets. Information assets as core of any Information systems (IS) should be taken seriously by a custom security. In this research, we conduct a case study specially using the Delone and McLean’s IS success model. The hypotheses were tested by PLS-SEM of theSmartPLS software using survey data collected among 136 IS and IT professionals. We found that the ISMS (system, service and information qualities, maturity level of information security risk management process) and performance are directly related on one hand, and indirectly by the IT capabilities of the company in the other hand. This shows that mastering security information management risks process is crucial for an enterprise because it greatly contributes to organizational performance, improve the IS’ support such as IT management, IT personal skills and IT infrastructure. This work has explored the feasibility of using the IS success model on ISMS, a key world know element, where Africa is both the target of the informational mobility, hackers and especially in the global economy. We consider the IS success model with 4 dependent variables including maturity level of process.
Keywords
IS Success Model, ISMS, Maturity Level, IT Capability, Firm Performance
To cite this article
Harold Nguegang Tewamba, Jean Robert Kala Kamdjoug, Georges Bell Bitjoka, Samuel Fosso Wamba, Nicolas Nkondock Mi Bahanag, Effects of Information Security Management Systems on Firm Performance, American Journal of Operations Management and Information Systems. Vol. 4, No. 3, 2019, pp. 99-108. doi: 10.11648/j.ajomis.20190403.15
Copyright
Copyright © 2019 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Reference
[1]
Calder, A. and Watkins, S. G. (2007), Risk Assessment for Asset Owners, IT Governance Publishing, available at: http://www.jstor.org/stable/j.ctt5hh5xt.
[2]
ISO/IEC. (2013), ISO 27001 Information Technology — Security Techniques — Information Security Management Systems — Requirements.
[3]
Calder, A. and Watkins, S. G. (2010), Information Security Risk Management for ISO27001/ISO27002, IT Governance Publishing, available at: http://www.jstor.org/stable/j.ctt5hh7jd.
[4]
Delone, W. H. and McLean, E. R. (1992), “Information Systems Success: The Quest for the Dependent Variable”, Info. Sys. Research, Vol. 3 No. 1, pp. 60–95.
[5]
Pitt, L. F., Watson, R. T. and Kavan, C. B. (1995), “Service Quality: A Measure of Information Systems Effectiveness”, MIS Quarterly, Vol. 19 No. 2, pp. 173–187.
[6]
Parasuraman, A., Zeithaml, V. and Berry, L. (1988), “SERVQUAL: A Multiple-Item Scale for Measuring Consumer Perceptions of Service Quality”, Journal of Retailing, Vol. 64 No. 1, pp. 12–40.
[7]
Wade, M. and Hulland, J. (2004), “Review: The Resource-Based View and Information Systems Research: Review, Extension, and Suggestions for Future Research”, MIS Quarterly, Vol. 28 No. 1, pp. 107–142.
[8]
Bharadwaj, A. S. (2000), “A Resource-Based Perspective on Information Technology Capability and Firm Performance: An Empirical Investigation”, MIS Quarterly, Vol. 24 No. 1, pp. 169–196.
[9]
Akter, S., FossoWamba, S., Gunasekaran, A., Dubey, R. and Childe, S. J. (2016), “How to improve firm performance using big data analytics capability?”, International Journal of Production Economics.
[10]
Teece, D. J., Pisano, G. and Shuen, A. (1997), “Dynamic capabilities and strategic management”, Strategic Management Journal, Vol. 18 No. 7, pp. 509–533.
[11]
IS Theory. (2016), “Dynamic capabilities”, Http://is.theorizeit.org/, available at: http://is.theorizeit.org/wiki/Dynamic_capabilities (accessed 20 April 2016).
[12]
Urbach, N. and Müller, B. (2012), “The Updated DeLone and McLean Model of Information Systems Success”.
[13]
Gorla, N., Somers, T. M. and Wong, B. (2010), “Organizational impact of system quality, information quality, and service quality”, J. Strateg. Inf. Syst., Vol. 19 No. 3, pp. 207–228.
[14]
Ali, B. M. and Younes, B. (2013), The Impact of Information Systems on User Performance: An Exploratory Study.
[15]
Lin, H.-Y., Hsu, P.-Y. and Ting, P.-H. (2006), “ERP Systems Success: An Integration of IS Success Model and Balanced Scorecard.”, Journal of Research and Practice in Information Technology, Vol. 38 No. 3, pp. 215–228.
[16]
Marina Trkman and Peter Trkman. (2009), “A wiki as intranet: a critical analysis using the Delone and McLean model”, Online Information Review, Vol. 33 No. 6, pp. 1087–1102.
[17]
Sedera, D., Tan, F. and Dey, S. (2007), “Identifying and Evaluating the Importance of Multiple Stakeholders Perspective in Measuring ES-Success”, European Conference on Information Systems, Association of Information Systems - AIS, Gothenburg Sweden, available at: http://eprints.qut.edu.au/10288/.
[18]
Bharati, P. and Chaudhary, A. (2006), “Product Customization on the Web: An Empirical Study of Factors Impacting Choiceboard User Satisfaction”, Inf. Resour. Manage. J., Vol. 19 No. 2, pp. 69–81.
[19]
Kulkarni, U. R., Ravindran, S. and Freeze, R. (2006), “A Knowledge Management Success Model: Theoretical Development and Empirical Validation”, Journal of Management Information Systems, Vol. 23 No. 3, pp. 309–347.
[20]
Bradley, R. V., Pridmore, J. L. and Byrd, T. A. (2006), “Information Systems Success in the Context of Different Corporate Cultural Types: An Empirical Investigation”, Journal of Management Information Systems, Vol. 23 No. 2, pp. 267–294.
[21]
Arsanjani, A., Bharade, N., Borgenstrand, M., Schume, P., Wood, J. K. and Zheltonogov, V. (2015), Business Process Management Design Guide Using IBM Business Process Manager, edited by (Firm), S. B. O. and Organization, I. B. M. C. I. T. S., First edition., IBM Corporation, International Technical Support Organization, Poughkeepsie, NY, available at: https://briagg.rbc.edu/login?url=http://proquest.safaribooksonline.com/?uiCode=cwm&xmlId=9780738440590.
[22]
Ray, D., Haon, C. and Gotteland, D. (2001), “Effets médiateurs et modérateurs au sein de la relation satisfaction - fidélité : vers une meilleure compréhension du rôle de l’image”.
[23]
Faris, S., Iguer, H., Medromi, H. and Sayouti, A. (2013), “Conception d’une Plateforme de gestion des risques basée sur les systèmes multi-agents et ISO 27005”.
[24]
Anand, A. (2013), The Effect of IT Capabilities on Firm Performance - Evidence from Healtcare Industry, Master of Information Systems and Technology - Research thesis, School of Information Systems & Technology, University of Wollongong.
[25]
Mithas, S., Ramasubbu, N., Krishnan, M. S. and Sambamurthy, V. (2004), “Information Technology Infrastructure Capability and Firm Performance: An Empirical Analysis”.
[26]
Yin, R. (2011), “Case study research: Design and methods (4th Ed.)”, SAGE Publication.
[27]
Hair, joseph, Hult, T., Ringle, C. and Sarstedt, M. (2014), A Primer on Partial Least Squares Structural Equation Modeling (Pls-Sem).
[28]
Henseler, J., Ringle, C. and Sarstedt, M. (2014), “A new criterion for assessing discriminant validity in variance-based structural equation modeling”, Springerlink.com.
[29]
Nunnaly and Bernstein. (1994), “Psychometric Theory, 3th edition”, McGraw-Hil, New York.
[30]
Baron, R. M. and Kenny, D. A. (1986), “The Moderator-Mediator variable distinction in Social Psychological research: Conceptual, strategic, and statistical considerations”, Journal of Personality and Social Psychology.
[31]
Nitzl, C., Roldan, J. and Carrion, G. C. (2016), “Mediation Analysis in Partial Least Squares Path Modeling: Helping Researchers Discuss More Sophisticated Models”, Social Science Research Network, available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2789370.
[32]
Preacher, K. J. and Hayes, A. F. (2008), “Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models”, Behavior Research Methods, Vol. 40 No. 3, pp. 879–891.
[33]
Sobel, M. E. (1982), “Asymptotic Confidence Intervals for Indirect Effects in Structural Equation Models”, Sociological Methodology, Vol. 13, pp. 290–312.
[34]
Bhattacherjee, A. (2012), “Social Science Research: Principles, Methods, and Practices”, Textbooks Collection, Book 3.
[35]
Addas, S. and Pinsonneault, A. (2007), “IT capabilities and firm performance: A resource-based, alliance perspective”, Desautels Faculty of Management. McGill University.
[36]
Iansiti, M. and Favaloro, G. (2006), Enterprise IT Capabilities and Business Performance. Harvard Business School, Keystone Strategy Inc.
[37]
Lazic, M. (2011), “IT Governance and Business Performance - A Resource Based Analysis”, PACIS 2011 Proceedings. Paper 103, available at: http://aisel.aisnet.org/pacis2011/103.
[38]
Ashenden, D. (2008), “Information Security management: A human challenge?” Information Security Technical Report, Vol. 13 No. 4, pp. 195–201.
[39]
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M. and Baskerville, R. (2013), “Future directions for behavioral information security research”, Computers & Security, Vol. 32, pp. 90–101.
[40]
Software Engineering Institute. (2010), CMMI® for Development, Version 1.3, available at: http://www.sei.cmu.edu.
[41]
Bender, O. (2008), Introduction À La Fidélisation En Entreprise.
Browse journals by subject