Goal Setting and Trust in a Security Management Context

摘要

Information security can be viewed as the efficient control of uncertainty arising from malicious acts intended to exploit valuable assets and in the context of information systems the valuable assets under consideration are data. A large part of information security approaches is technical in nature with less consideration on people and organizational issues. The research presented in this paper adopts a broader perspective and presents an understanding of information security in terms of a socio-organizational perspective. In doing so, it uses the goal-setting approach to identify any possible weaknesses in security management procedures in relation to trust among the members of information technology groups in communicating efficiently security risk messages. Data for the research were collected through in-depth interviews within three case studies. Interview results suggest that goal setting and trust are interrelated in managing information security. The research contributes to interpretive information systems with the study of goal setting and trust in a security management context.